[Windows] Best free encryption program — file, drive, system, folder, and partition encryption

In today’s computerized, networked world, it is very important that we protect our private and sensitive data. One way to protect your data is to use steganography; another way is to use encryption. We have already covered the best free steganography program for Windows. Now, in this article, we will explore the best free file-level, folder-level, and drive-level encryption programs for Windows.

This review is part of our Best Free Windows Software section. Check out more articles on the best free Windows programs from here.

BEFORE WE BEGIN

There is one thing I would like to clarify before we begin.

When it comes to encryption, there are two distinct types of encryption: file-level encryption and folder-level/drive-level encryption. File-level encryption is encrypting individual files while folder-level/drive-level encryption is having an encrypted container that holds as many files as you want. Both types can be used interchangeably but file-level encryption is primarily designed for people who want to encrypt a few individual files while folder-level/drive-level encryption is designed for people that want to encrypt either a bunch of files, whole folders, entire partitions (including your system/Windows partition), or whole drives (including internal hard drives, external hard drives, USB flash drives, CDs/DVDs, etc.). This review looks at both best free file-level encryption program and best free folder-level/drive-level encryption program.

That said, let’s begin…

File-Level Encryption Programs

Table of Contents [AxCrypt vs EncryptOnClick vs Cryptographic Encryptor vs 7-Zip vs GoAnywhere OpenPGP Studio]

Best Free File-Level Encryption Program

2013-04-21_204348Program Name: AxCrypt

Developer: Axantum

Download Size: 3.2 MB (installer), 461 KB (portable)

Version Reviewed: 1.7.2976.0

Supported OS: Windows 2003/XP/Vista/2008/7

Pros

  • Allows users to encrypt any file and file type using a user-selected password; encrypted files can only be decrypted/accessed with that password
  • Securely encrypts files using AES 128-bit encryption
    • Note: I know some people may be thinking “but isn’t AES 256-bit better”. Yes, AES 256-bit is technically better but AES 128-bit is secure and provides more security than the average Joe needs.
  • Allows users to pick if they want to encrypt the target file or create a copy of the target file and encrypt the copy
  • Can easily batch encrypt (or decrypt) multiple files at the same time (each file is encrypted using the same password but is encrypted separately)
  • Allows users to create self-extracting, standalone encrypted EXE files which can be decrypted without the need to install AxCrypt
  • Encrypted files can either be permanently decrypted or temporarily decrypted (which automatically re-encrypts the target file after you have closed it)
  • Allows users to optionally use key files for more secure encryption
  • Has a built-in secure file shredder that uses one pass PRN overwrite to securely delete files; this shredder is used automatically by AxCrypt in situations that it needs to shred files (such as in the case of temporary decryption) and you have the ability to manually run it, too
  • Automatically compresses encrypted files using Zlib, ensuring encrypted files are as small in size as possible
  • Is extremely easy-to-use; adds an AxCrypt entry in the right-click context menu from which you can easily encrypt/decrypt files
  • Has a portable version which does not require administrator access to run2013-04-21_204931
  • Open-source

Cons

  • Installer version comes bundled with crapware; be sure to uncheck the relevant boxes and/or decline installation of crapware when you install AxCrypt
  • Portable version of AxCrypt (AxCrypt2Go) doesn’t have all the features of the installed version; with the portable version you can encrypt/decrypt files but nothing more (e.g. you can’t create self-extracting EXEs nor can you temporarily decrypt nor can you encrypt the target file — always a copy of the target file is encrypted)
  • Temporary decryption is not available when using self-extracting EXEs
  • Installer version of AxCrypt has no main program interface; all features are accessed via the right-click context menu
  • There is no ability to automatically update AxCrypt
    • Note: Some people may consider it a security measure that an encryption program does not automatically update (because it doesn’t automatically access the Internet). However, there should at least be an option to automatically update for those of us that don’t mind it.
  • Hasn’t been updated since December 2011, so development may have stalled (although it still works perfectly)
    • Note: AxCrypt is open-source so even if the original developer stops developing it, it can easily be picked up by other developers
    • UPDATE: It looks like AxCrypt was last updated in Nov 2012 but that build is not available on AxCrypt’s Soureforge page

Discussion

2013-04-21_204848AxCrypt is a file-level encryption program that allows users to easily encrypt/decrypt files from the right-click context menu of Windows. After you install AxCrypt, an “AxCrypt” submenu is added in the right-click context menu of files and folders; from this submenu you can easily access AxCrypt features. In fact, AxCrypt’s installer version has no program interface — it must be used via the right-click context menu. To some not having a main program interface may be annoying but this is actually one of the reasons why I love AxCrypt: it is extremely convenient to be able to encrypt — or decrypt — files by simply right-click them.

To say AxCrypt allows you to securely encrypt files would be to state the obvious, so I won’t say it. Rather, I’d like to point out other features that make AxCrypt notable: its ability to create self-extracting encrypted EXE files, the ability to temporarily decrypt a file, and the option it gives users to use key files for enhanced protection. On top of that, AxCrypt has a portable version (dubbed AxCrypt2Go) which you can use if you don’t want to install AxCrypt; AxCrypt2Go doesn’t require administrator access so you can put AxCrypt2Go on a USB flash drive and take it with you to use on any computer you see fit. However, AxCrypt2Go is limited to only encrypting/decrypting files and doesn’t have all the same features as the installed version of AxCrypt, but it is still very useful for those that need encryption on the go. (Note: Axcrypy2Go does not work via the right-click context menu; it has a main program interface.)

Really the only main downside to AxCrypt is the fact that its installer version comes bundled with crapware. While installing AxCrypt you will be prompted to install bundled crapware vis-a-vis OpenCandy. You can easily opt out of this crapware by unchecking the relevant textboxes and/or declining the offer and it is understandable that a developer wants to monetize his freeware, but it is still annoying.

Overall, AxCrypt is, without a doubt, the best file-level encryption program I’ve ever had the pleasure of using. It is extremely easy-to-use, feature-filled, and secure and the downsides are few. Really, what more could you ask? If you need a file-level encryption program, AxCrypt is the way to go — look no further.

Runner Up

2013-04-21_205727Program Name: EncryptOnClick

Developer: 2BrightSparks

Download Size: 1.5 MB

Version Reviewed: 1.4.1.2

Supported OS: Windows XP/2003/Vista/Win7/Win8

Discussion

EncryptOnClick is a very simple program that allows you to easily encrypt/decrypt files using AES 256-bit encryption; batch processing is supported, so you can encrypt individual files at a time or multiple files a time with the option to easily encrypt all the files inside a folder. Unlike AxCrypt which works from the right-click context menu, EncryptOnClick has a main program interface from which you encrypt/decrypt files. In fact, EncryptOnClick doesn’t even add any entries to the right-click context menu.

EncryptOnClick doesn’t some of the features of AxCrypt, most notably lacking the ability to create self-extracting EXEs and to use key files. However, EncryptOnClick differentiates itself in one way: non-proprietary method of encryption.

You see EncryptOnClick encrypts files using AES 256-bits, yes, but it encrypts files in such as way that any archive program that supports encrypted archives can decrypt encrypted files (as long as the proper password is inputted, of course). This means you can decrypt files encrypted by EncrypOnClick using 7-Zip, WinZip, or a host of other archiver programs that support encrypted archives. Take note files encrypted with EncryptOnClick are of the .EOC format (not .ZIP) so you must manually point your archiver to extract the contents of an encrypted file (e.g. if you have 7-zip, right-click -> 7-Zip -> Extract) in order to decrypt.

Also, it should be noted EncryptOnClick can be made portable. It has no separate portable version, but after you install it you can copy + paste three files (EncryptOnClick.exe, EncryptOnClick.exe.manifest, and XceedZip.dll) onto any USB flash drive or other portable media and use EncryptOnClick on any computer without installation; no admin access is needed.

Overall, EncryptOnClick is a good, easy-to-use file-level encryption program. If you don’t like or don’t want AxCrypt, EncryptOnClick is an excellent alternative.

Honorable Mention 1

2013-04-22_203317Program Name: Cryptographic Encryptor

Note: VSEncryptor is another name for Cryptographic Encryptor

Developer: Loxibit

Download Size: 2.3-3.6 MB

Version Reviewed: 2.1.3.495

Supported OS: Windows XP/Vista/Win7/Win8

Discussion

Cryptographic Encryptor is an encryption program that allows users to perform two types of encryption: text encryption and file encryption. For both text and file encryption you are allowed to pick what type of encryption algorithm to use: AES-128, AES-192, AES-256, RC2, RC4, DES, Triple DES, Blowfish, Twofish, Serpent, Camellia, Skipjack, CAST-256, MARS, RC5, RC6, IDEA, SEED, SHACAL-2, XTEA, or GOST.

Cryptographic Encryptor has a main program interface from which you do all the encryption/decryption but it also adds an entry in the right-click context menu for easy encryption of a file, which launches the main program interface when used. And Cryptographic Encryptor comes in both installer and portable versions, and the portable version has all the features of the installer features — including the right-click context menu entry.

One of my most favorite features of Cryptographic Encryptor is the fact that you can control if you want to modify the file extension of an encrypted program or not. For example, by default Cryptographic Encryptor adds a ‘.encrypted’ extension to the end of encrypted files (e.g. test.txt.encrypted). You have the ability to change this extension to whatever you want (e.g. test.txt.dotTech) or remove it all together.

The biggest downside to Cryptographic Encryptor is the fact that it can only encrypt/decrypt one file at a time; batch encryption/decryption is not supported, which is a huge con and makes the program annoying to use if you ever want to encrypt/decrypt more than one file at a time.

Like all programs, Cryptographic Encryptor has its high points and its low points. Overall, however, Cryptographic Encryptor is a viable choice for encryption program.

Honorable Mention 2

2013-04-22_195711Program Name: 7-Zip

Developer: Igor Pavlov

Download Size: 1.5 MB

Version Reviewed: 9.20

Supported OS: Windows NT/98/Me/2000/XP/2003/Vista/Server 2008/7

Discussion

7-Zip is not an encryption program. It is an archive utility, a program that creates and extracts archives (ZIP, 7z, RAR, etc.). In fact, 7-Zip is the best free archive program for Windows. However, even though 7-Zip is not an encryption program per se, it has the ability to create encrypted ZIP and 7z archives (using AES 256-bit). So, essentially, you can use 7-Zip to encrypt your files by simply creating a password-protected and encrypted ZIP or 7z archive.

All encrypted archives created by 7-Zip can be extracted using any file archiver that supports encrypted ZIP/7z archives — you don’t necessarily need 7-Zip to extract an encrypted archive.

Because 7-Zip is not an encryption program per se, it isn’t as user-friendly as AxCrypt. For example, even though you can extract an encrypted ZIP or 7z archive using any of many different archiver programs, you still need some archiver program — it isn’t like a standalone self-extracting EXE that AxCrypt can create, the one that requires nothing but a double-click to decrypt. For example, there are no temporarily decrypts with 7-Zip, no ability to use key files, and it takes a few more clicks to encrypt something with 7-Zip than with AxCrypt. However, even with all those caveats, 7-Zip can easily be used to securely encrypt files when you don’t have or don’t want to install AxCrypt.

UPDATE: You can create self-extracting encrypted EXE files with 7-Zip by using the “Create SFX Archive” option.

(NOTE: Technically speaking, since 7-Zip creates encrypted archives and doesn’t encrypt files themselves, 7-Zip is not a file-level archiving program in the purest definition. In other words, 7-Zip does not encrypt individual files but puts all files inside on encrypted archive. However, 7-Zip is best used for encrypting a handful of files and it isn’t a good option to encrypt a whole drive or large folders, which is why we are featuring it in the file-level section.)

Honorable Mention 3

2013-04-21_213900Program Name: GoAnywhere OpenPGP Studio

Developer: Linoma Software

Download Size: 35.8 MB

Version Reviewed: 1.0.1

Supported OS: Windows XP/2003/Vista/2008/Win7/Win8

Discussion

When it comes to encryption, there are two types: symmetric encryption and asymmetric encryption. Symmetric encryption is when you must decrypt a file with the same password used to encrypt it. Symmetric encryption is very secure but a problem arises when sharing encrypted files with others; you need to somehow tell the other party the password required to decrypt the encrypted file without that password being intercepted by a third-party. Asymmetric encryption solves this issue by using a public key-private key architecture.

With Asymmetric encryption, each party involved in the exchange of an encrypted file has one public key and one private key. (These keys are long and mathematically generated; think of them as passwords, but really long and randomized passwords.) Each party shares their public key is shared with the other party while the private key is kept secret. Files encrypted with the public key can only be decrypted by the private key. So, when you want to share files, you encrypt the file using the public key of the recipient who can then decrypt the file using his/her private key; there is no need to transmit a password like with symmetric encryption.

Both programs we have discussed so far, AxCrypt, EncryptOnClick, Cryptographic Encryptor, and 7-Zip, are symmetric encryption tools. GoAnywhere OpenPGP Studio, on the other hand, is an asymmetric encryption tool.

With GoAnywhere OpenPGP Studio you create public-private-key pairs using DSS or RSA 512, 1024, 2048, or 4096 bits. You can then use those keys to encrypt and decrypt files. The idea here is simple: you share the public key you generated with OpenPGP Studio with everyone whom you routinely exchange files. They, too, must have OpenPGP Studio installed and can import your public key into their program. When they want to send you an encrypted file, they use your public key to encrypt the file, which you can then decrypt using your private key (and associated passphrase — when you setup a public-private-key you must select a passphrase). The process is the same if you want to send an encrypted file to someone else; they give you their public key, you use the public key to encrypt, and they use their private key to decrypt. (Batch processing is supported — you can encrypt/decrypt multiple files at a time.)

OpenPGP Studio also has the ability to attach digital signatures to encrypted files, to help tell the recipient who it is that sent the file.

On the face of it, it seems like a no brainier; with asymmetric encryption there is no worry about trying to figure out how to tell the recipient the password required to decrypt. However, asymmetric encryption is not for everyone.

You should only use asymmetric encryption, and therefore OpenPGP Studio, when you routinely exchange encrypted files with the same person or persons. Why? Because this process requires both parties to not only have OpenPGP Studio installed (or whatever other asymmetric program you want to use) but also to have one public-private-key pair each and share the public keys with each other. In other words, asymmetric encryption is not conducive for general encryption needs for the average Joe — symmetric encryption, a la AxCrypt or EncryptOnClick, works much better for that. Symmetric encryption is designed for use when transmission of encrypted files must take place over the Internet; if you are simply looking to protect stored files, such as on your USB drive, or might share encrypted files with people occasionally then symmetric encryption is must better (and faster).

Other Alternatives


Folder-level/Drive-level Encryption Software

All the following create encrypted “containers” which hold the files you want to protect. As such, you can use any of the following programs to encrypt many files, whole folders, entire partitions (including system/Windows partition), or whole drives (internal drive, external, USB drive, etc). Since an encrypted container is used and files are not encrypted at the individual level, you encrypt using one password and decrypt using the same password — you don’t need to have a separate password for each file.

Table of Contents [TrueCrypt vs SafeHouse Explorer vs DiskCryptor]

Best Free Folder-Level/Drive-Level Encryption Software

2013-04-22_215230Program Name: TrueCrypt

Developer: TrueCrypt Foundation

Download Size: 3.3 MB

Version Reviewed: 7.1a

Supported OS: Windows 2000/XP/Vista/Win7

Pros

  • Allows users to create three different type of encrypted volumes: encrypted containers that protect any files and folders you put in, encrypted partitions (including the system Windows partition), and encrypted drives (including internal drives, external drives, USB flash drives, CDs/DVDs, etc.)
  • You can have as many encrypted volumes as you like
  • Encrypted containers, partitions (including operating system partition), and drives can be hidden (aka plausible deniability)
  • When encrypting operating system partition, uses pre-boot authentication
  • Allows users to pick if they want to use AES 256-bit, Serpent 256-bit, Twofish 256-bit, AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES, or Twofish-Serpent encryption
  • Allows users to pick if they want to use RIJPEMD-160, SHA-512, or Whirlpool hash algorithm
  • Allows users to pick the total size of encrypted container (e.g. 200 MB) and you can put as many files inside the container that fit in the specified size; or you can create a dynamic container which automatically grows in size if the files you have inside surpass the limit you selected
  • Users are giving the option of selecting file system (FAT, NTFS, or none) and cluster size for containers
  • In addition to traditional passwords, users can optionally use keyfiles
  • Files/folders inside encrypted volumes can easily be accessed (opened, edited, deleted, renamed, moved, etc.) by mounting the encrypted volume and accessing it in Windows Explorer like it is a drive or folder (like a disc image)
    • Note: You need to dismount volumes after you are done with them to re-encrypt them
    • Note: Encrypted volumes can be mounted on any computer that has TrueCrypt installed
    • Note: You obviously cannot access encrypted volumes without the associated password (and keyfile, if applicable)
  • You can mount encrypted volumes as read-only, if you want
  • Encrypted volumes can automatically be dismounted when: user logs off, screen saver is turned off, power saving mode is enabled, and/or no data is read or written to volume for X minutes
  • Can automatically mount all device-hosted volumes upon login of Windows
  • You can mount (aka view and access) over a dozen encrypted volumes at a time, if you like
  • Mounting/dismounting and accessing files inside volumes is seamless and very fast — no need to wait a long time for encryption/decryption to happen, everything is on-the-fly
  • Can be made portable
  • Is open-source

Cons

  • Can be very confusing to use for new users, although there is quite a bit of documentation you can read and once you get the hang of it isn’t that complicated
  • You need administrator access to install TrueCrypt. For people with admin access that is no big issue but people without admin access need to have their administrator install TrueCrypt before it can be used. This also means you can only use the portable version of TrueCrypt on computers you have admin access to.
    • Note: See SafeHouse Explorer if you want to be able to encrypt/decrypt without requiring administrator access.
  • Depending on the size of the container you create or partition/drive you encrypte and the speed of your computer, it can take a while to create a new encrypted volume
  • It doesn’t happen too often but it is a known problem that sometimes TrueCrypt volumes can become corrupted and all data within the containers lost

Discussion

TrueCrypt is the best and most widely respected folder-level/drive-level encryption program.

TrueCrypt works by allowing users to create encrypted volumes that are password protected; these volumes can either be encrypted containers that hold any files/folders you put in them, encrypted partitions (including your system/Windows partition), or encrypted hard drives. Once you have an encrypted volume created, all the files/folders inside that volume are protected — no one can access them without your password first.

You put files/folders inside an encrypted volume by mounting it from within TrueCrypt, similar to how you mount an ISO file. Once mounted, a TrueCrypt volume appears in My Computer as if it were a normal drive and you interact with the volume just like a normal drive; to put files inside the volume, simply copy (or cut) files/folders from their original location and paste them inside the TrueCrypt volume. Accessing the files is done the same way; mount the volume within TrueCrypt and you can open/edit/delete/rename/move/copy/etc. all files and folders inside the volume just like you would do with a normal folder.

Once you are done accessing the files/folders inside a TrueCrypt volume, simply dismount it and the volume is re-encrypted automatically.

You can take your TrueCrypt volumes with you wherever you go and mount/dismount them on any computer that has TrueCrypt installed. Furthermore, since TrueCrypt itself can be made portable, you can even take TrueCrypt with you on-the-go, nullifying the need for TrueCrypt to be installed on any computer you want to access your encrypted files on. Do take note, however, TrueCrypt requires administrator access so you won’t be able to use TrueCrypt (i.e. you won’t be able to mount or dismount volumes) on computers that you don’t have admin access on.

The best aspect of TrueCrypt isn’t necessarily its ability to create encrypted volumes but rather its features that go beyond simple folder-level/drive-level encryption. More specifically, TrueCrypt’s ability to create hidden volumes and its ability to encrypt whole system/Windows partitions and use pre-boot authentication makes TrueCrypt stand out above the crowd. Plus its built-in features which help ensure your volumes are automatically dismounted after you are done using them are very useful.

Overall, there is no doubt in my mind that TrueCrypt is the best free folder-level/drive-level encryption program. If you need to encrypt a lot of files, entire folders, whole partitions (including your system/Windows partition), or entire hard drives, TrueCrypt is the way to go.

Runner Up

2013-04-22_220732Program Name: SafeHouse Explorer

Developer: PC Dynamics

Download Size: 3.4 MB

Version Reviewed: 3.01

Supported OS: Windows XP/Vista/Win7/Win8

Discussion

Like TrueCrypt, SafeHouse Explorer allows you to create encrypted volumes (using Twofish 256-bit) and store files/folders you want to keep safe inside those volumes. No one can access your files/folders without your password, and you must mount volumes to access the files/folders inside. Once mounted, you can access files/folders from Windows Explorer like a real folder/drive or via SafeHouse Explorer’s main program interface.

The big difference between TrueCrypt and SafeHouse Explorer is the trade-off between ease-of-use and features. All the awesome features of TrueCrypt, such as encrypting whole partitions/hard drives, creating hidden volumes and automatic dismount, are not in SafeHouse Explorer. Indeed, compared to TrueCrypt, SafeHouse Explorer is a simple encryption program that allows you to create encrypted volumes and mount/unmount the volumes (it cannot encrypt whole partitions or drives). However, the lack of features makes SafeHouse Explorer significantly easier to use than TrueCrypt; there aren’t so many options that can confuse new users. So it is up to you to decide what you value more: better security or lack of a learning curve? If you want better security, TrueCrypt is the clear winner. If you want an ease-to-use program with a small learning curve, then SafeHouse Explorer is the obvious pick.

That said, there is one important feature of SafeHouse Explorer I want to point out. As already mentioned, TrueCrypt can be made portable but you need administrator access on computers to run it. SafeHouse Explorer can also be made portable but it has two different ways of being portable. You can download a fully portable version of the program or you can convert individual  encrypted volumes into standalone, self-decrypting EXEs. In other words, you can either use SafeHouse Explorer’s portable version or you can make the encrypted volumes you created with SafeHouse Explorer portable. Once you create a standalone EXE out of an encrypted volume, you can open/decrypt that volume and access files/folders on any computer without the need to install SafeHouse Explorer… and you don’t need administrator access. These standalone EXEs allow you to open files, delete files, edit files, rename files, move files, add files, remove files, etc.

Every encrypted volume you create with SafeHouse Explorer can be turned into a standalone EXE which you can take with you and access on-the-go. Do take note, however, that SafeHouse Explorer creates a standalone EXE copy of your encrypted volume — it doesn’t convert the volume itself, so you still have the encrypted volume leftover which you may or may not want to delete afterwards.

Overall, SafeHouse Explorer is a simple encryption program compared to TrueCrypt but it offers distinct advantages that cannot be overlooked. Which program you use depends on what you want and desire. Both are excellent.

Honorable Mention 1

2013-04-22_232323Program Name: DiskCryptor

Developer: ReactOS Software

Download Size: 980 KB

Version Reviewed: 1.0.757.115

Supported OS: Windows XP/2003/Vista/2008/Win7

Discussion

DiskCryptor is an open-source encryption program specifically designed to allow you to encrypt whole partitions, including system partition thanks to pre-boot authentication, entire drives (including internal, external, and USB flash), and CDs/DVDs.

Like TrueCrypt, DiskCryptor creates encrypted volumes you must mount/unmount and allows users to pick from AES, Serpent, Twofish encryption or a mix thereof. Unlike TrueCypt, DiskCryptor cannot create hidden encrypted partitions/drives and cannot create regular encrypted containers just for files/folders — DiskCryptor is only for those that want to encrypt whole partitions/drives.

According to the developer of DiskCryptor, it is better for encrypting partitions/hard drives than TrueCrypt because DiskCryptor has been specifically designed to work with existing data. How is this? Honestly, I have no clue — I’m not a programmer and it is worth mentioning DiskCryptor actually started off as a fork of TrueCrypt that specialized in partition/drive encryption (although it has since become its own program) However, I can tell you this. DiskCryptor is easier to use than TrueCrypt; new users will find it is a lot easier to encrypt your partitions/drives with DiskCryptor than it is with TrueCrypt. So, based off that, if you want to encrypt whole partitions/drives, DiskCryptor is a worthy competitor.

Other Alternatives

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

67 comments

  1. David Roper

    Doctor Thomas, you had me believing your statements until you spelled Lose as Loose. My belief in needing Freeware encryption is to keep family members out of a folder of your taxes, or if the Laptop gets stolen by a crook at the airport or at home.

    The NSA can take my Food recipes for BBQ and my attempt short stories if they are bored to death. I am more scared of a robber looking for money to support his crack habit. He will get a .45 if I am home. Cops will come from Simplisafe if I am not home.

    These are my real fears. The NSA can KMA.

  2. DoktorThomas™

    [@Strahd] If it stored on the web (Dropbox), it is known and stored by the fed.gov; if it is known by the fed.gov then it may as well be published in the NYT. FYI: the fed.gov is not required to publish when it is breached nor when they “loose” email accidentally on purpose …. inherently untrustworthy at any level. ©2014

  3. DoktorThomas™

    [@Shawn] All US produced encryption requires an NSA back door; ergo, any code written in the States is pretty much useless for security (if the fed.gov can get in, anyone can; they can’t even run a HC web site). Excellent opportunity for the rest of the world of coders. Also, a program that takes what windows secretly writes all over one’s HDD and makes those entries virtual (gone when shut down) is an excellent potential product. I’d pay $99… times 4 billion PC users is an excellent salary…©2014

  4. DoktorThomas™

    When will the topics be “The Best Available File Encryption”, “The Best Available Folder Encryption” and “How to Make Your Own (Easy) Encryption Program” and “How to Make Your Own Uncrackable Encryption Program”?? These matter beyond the general cheap skate audience. Freeware is nice to a certain level, especially if you are Giovanni, but in the end top performance even at a cost is the preference. And the choice.
    “The right of the people to be secure in their persons, houses, papers, and effects …” Government (and by extension the actors within; that is why self-incrimination is verboten) has no right to know anything personal of The People; ergo, encryption that is uncrackable even by supercomputers is an unalienable right never to be surrendered. That that may be inconvenient to government and contrary to government oppression is of no consequence. It is neither proper nor necessary for a government to spy on its citizenry. ©2014 All rights reserved. No republishing, quoting, paraphrase, or any other use without written permission; all statutory exemptions and literary license specifically revoked by author. Opinion and for educational use only; not intended as legal, accounting or tax advice (tax avoidance is entirely legal; evasion is not). PS: “Taxes” are stealing of personal property by one entity in order that it be squandered and wasted by giving it to undeserving others. If government cannot make a legitimate profit, it should be thrown over.™

  5. theodoric delano

    [@Giovanni] I tried to use VeraCrypt to clone the hidden operating system but when I try to enter my password for the hidden operating system it keeps on saying wrong password even though I entered the correct password…any help pls……tx

  6. Giovanni

    Hey Ashraf!!

    Try a cool brand-new freeware called “VeraCrypt “.

    It gives you the ability to select the encryption algorithm according to your personal preferences, modify the hash algorithm, as well as specify the volume size you want to create before generating a password-protected partition.

    It’s based on TrueCrypt, but in fact is much stronger than it since it adds enhanced algorithms, making the resulting system and partitions encryption immune to new brute-force development attacks.

    http://veracrypt.codeplex.com

    Enjoy!!

  7. Giovanni

    First of all download this FREE GEM designed to scan any documents in your PC containing unprotected sensitive data like passport numbers, student ID numbers, credit card number, mobile phone numbers etc…

    http://code.google.com/p/coe485-101

    Then,use this superb freeware which was not mentioned in this article:

    http://www.giantmatrix.com/products/aplus-folder-locker-free-edition/features

    And for Android users:

    http://paranoiaworks.mobi/download/downloads.html

    Enjoy!!

  8. David Roper

    [@Louis] Louis, I have read on more than one occasion the unfortunate demise of MP3 files when encrypted by any program. I cannot undersstand why since “words should not matter” to an encryptor. I think the exe SFX files are flagged because of the ease with which a virus COULD be hoisted upon a system. “Click the little button and win $1000, Easy to do. Do it now!”

    Seems like “exclusive Orring” (XOR) a file’s bytes would work fine” regardless of whatever scheme was done to them afterwords if the password (or Key) didn’t exist “INSIDE” the actual file itself.

    Zipping a file with an encryption key should be good enough non TSA and IRS files. And I like Axcrypt still.

    My password key was George Orwell’s “Sandwich1984″ spelled as “5@ndw1chigBA” if you ever get my files from Edward Snowden.

  9. Louis

    [@videodope.net] Some years back, I encrypted my mp3 collection, alongside all other data, with AxCrypt.

    When I decrypted all the data again, some of the mp3 files could not be decrypted by AxCrypt, who returned an error message “Bad checksum ….” while the other mp3’s decrypted ok.

    The fact that it did recognise the files AxCrypt encrypted files, and proceeded initially to decrypt it, before returning the error message, in my opinion showed that there was a problem with the decrypting algorythm regarding those files it couldn’t decrypt (mp3’s having already been trimmed of some data by itself).

    It has to be said though that this was years ago (I actually still have those files), and a much older version of AxCrypt — although AxCrypt only have had a couple of changes made to it over the years — that version still showed the older silver and red icon for encrypted files.

    In any case, the reason may of course be something different, but it was enough of a loss to me that I’ve never since encrypted any mp3 files again, with any encryption software.

    Off the topic:

    I still do use AxCrypt, but recently started to switch to 7Zip’s builtin 256 AES encryption function that can create SFX encrypted files — however on some computers with inferior AV software, especially the free kind, but also some commercial ones like WebRoot,Trend Micro’s etc, these 7Zip SFX files are seen as false positive av files, because of it’s .exe file extension.

    I’ve not experienced that with selfextracting AxCrypt encrypted files, which as far as I know has never been flagged that way by weaker AV software, although I think they are .exe type files as well (by ‘weaker’ I mean any AV that points to a good file as being or containing a virus, is just as bad as one missing a virus).

  10. johnpaul

    I wanted a really simple file encryption program that I could just give it a file or folder, password and that’s it.

    I tried Truecrypt, knowing it was the king of all encryption software. However, it is not for the lame user like myself, it’s very complicated application. So not for everybody.

    Then I came across a small utility WinGuard Pro version 2013. I gave it a try, I was impressed. I gave it a folder to encrypt, with password and clicked Encrypt. It told me it was encrypting my files at 128 bit AES – sounds good too me! After a minute it has processed all my files and directories.

    I would recommend it for anyone that just needs to get the job done. It was free too, I can keep it on my PC for forever and no charge. Very impressed.

    John, London, UK

  11. weylin

    Rumor has it that if you use 7-ZIp to extract the files from the Axcrypt installer, you can get a clean 32-bit or 64-bit .msi installer with NO OPENCANDY OR ANY OTHER CRAPWARE.

  12. Paul

    [@Ashraf]
    That’s interesting, I’ve done it twice, the first time a few days ago when I installed the program and again yesterday to check what was being said in the comments, neither time was I offered anything.
    I just checked the 64 bit MSI again, I always keep a copy of anything I install, and it is definitely clean.
    The hash numbers are as follows:
    CRC32: 18055106
    MD2: CAD444C77E9349B9E0F656B9A80048CF
    MD4: E3097527C2599D36BD650D5F538187A5
    MD5: 81D663528D895551E10218840B3346BA
    SHA-1: 07959180DE1561B175EF8F3BAF90B830FB76BE8C
    SHA-256: F4490D94EE798D1C29DF8A018F9B3FF058C2E863558AE84ACDA070501CBA35B7
    SHA-512: 161582B47E4218FD67D5F9102AD871439EE097A59E24214C7091B79E5F295C39A923740C843ED497FE9A593408E19E5B78BFE979940644B06DE04E3B6E828432

  13. davidroper

    [@Strahd]

    Naw, at some point after the initial header you will be able to see Alphabet words like this email and decide whether you see Candy and stuff.
    The best hex editor of all is called HEX. Sooner of later there will be English words to read.

  14. niko-las

    [@Louis]

    Thanks Mate. That confirms it. There’s obviously two updates that have been released during 2012 and not mentioned on Sourceforge. Based on the change log, I think I’ll stick to 1.7.2867 for now.

    Cheers

  15. Louis

    [@niko-las]

    Here is the change-log for the two versions that came after 1.7.2867 — that would be versions 1.7.2931.0 (released on 20/07/2012) & 1.7.2976.0 (released on 12 November 2012) :

    @(#) $Id: ChangeLog.txt 2976 2012-11-12 14:02:16Z svante $

    1.7.2976.0 Release 2012-11-12
    – Add: Support for Czech language texts.
    – Bug: Assertion in Debug mode due to const string iterator change in VS 2010.
    – Bug: Did not detect Read-Only volumes such as USB drives with hardware Write Lock.

    1.7.2931.0 Release 2012-07-20
    – Add: Support for disabling passphrase cache via registry settings.
    – Chg: Fix minor first-time-build issue.
    – Chg: Re-integrate source code control x64 branch to trunk.
    – Chg: Refactorization to facilitate OEM-versioning (non-functional only).
    – Chg: Update to use OpenCandy SDK 1.6.3

    Personally … after using it for a very long time now, and still using it on my main machine — this was before the topic on the forum topic came up : I recently upgraded from the previous bugfree version 1.6.44 (which had never given me a problem) to the latest ones (32bit on netbook, 64 bit on Win 7 64bit laptop) but noticed right off the bat that the whole process of encrypting/ decrypting took considerably longer on my netbook than before — I believe it’s with the “shredding of temporaries” where it seems to be taking much more time with (perhaps they upped the number of passes ? ) —it’s not really noticable on my main machine though. And some years ago, I had the unfortunate experience with encrypting all my data, which amongst the folders included some containing MP3 files, and for some reason after decrypting, about half received the error message that the hash total is corrupted — still have the files, some of them were hard to come by, so will still attempt to try save them, but I certainly won’t encrypt mp3’s again (with any encryption software, as I’m not convinced the problem may only be attributed to AxCrypt — I can still open it with AxCrypt, it does still ask me for my password, and when I deliberately enter a wrong password, it does recognise that it’s not the right one, and inform me to enter the correct one — it’s when I enter the correct one, that I get the corrupted hash … message — so it seems at face value to be an encryption algorythm misfunction, I don’t know what else to think about that :-).

    [@Godel]
    Thanks for that inportant piece of information ! es, indeed it’s quite tempting to want to use what is arguably already the best compression utility out here, now knowing that not only does it also offer a good level of encryption, but that I can create a self-decrypting encrypted file using simultaneously what is probably the world’s best level of compression, all in one, to perhaps email to someone who hasn’t got it installed (some emails containing certain files like .exe etc, which will normally be blocked by the recipient’s AV, will always pass that filter if encrypted, should that be amongst the files one wants to email). Best of all : I just tested it with the 7Zip Portable version directly on my USB stick on my office computer and it worked just fine !

    One possible negative (but bear it mind it’s not a criticism per se, since 7Zip is primarily about compression), is that unlike say AxCrypt, it does not convert the existing files to their encrypted form, and shredding the unencrypted ones inbetween, so that you don’t really need extra space — if you run 7 Zip on your USB stick, and want to encrypt a large amount of data, that amount had better not exceed much more than half of your disk capacity, as 7Zip leaves the unencrypted files as is, and has to abort the mission if there’s not enough disk space to put the encrypted file.

    Nevertheless, I think over time I’m probably going to make use of that function more and more, at least on my USB drives (but I’m still keeping dsCrypt around for each really unbreakable features, for when I truly want to create an unbreakable file !

  16. Strahd

    [@niko-las]

    I got those .msi installers from Axantum. They are suppose to be without any crapware (no OpenCandy and/or Softonic). I placed them here on dottech because I havent the knowledge to know how to open them up, let alone know what to look for if indeed they are without OpenCandy and/or Softonic.

    Again i installed them but had Returnil started in virtual mode incase they did have crapware installed. Once I turn my PC off, and then turn it on tomorrow, the changes made when installing Axcrypt will be as if it never occurred.

    So if anyone knows how to open the .msi installers and know what to look for to be sure no crapware (including OpenCandy and Softonic) is in it, and posting their findings, then that would be much appreciated.

  17. niko-las

    [@Ashraf]
    I had a look at Softpedia and Downloadcrew. They both claim 1.7.2976.0 was released on 13 November 2012. Seems pretty legit. I have not installed (or extracted) 1.7.2976.0, but there should be a text file that comes with it called – RelNotes.txt. If this file was also updated, then it should also confirm the release date.

  18. Ashraf
    Author/Mr. Boss

    [@Godel] Thanks, updated.

    [@niko-las] I’m with you on the confusion about release dates due to the fact that the latest release is not on SoureForge. However, what websites are you quoting? If you provide me with solid resources I’m more than happy to change it

  19. niko-las

    [@Strahd]
    Interesting, I just had a look at ChangeLog.txt, which can be found in your AxCrypt installation directory. Seems like OpenCandy was introduced in the 2867 build, on Dec 2011:

    1.7.2867:
    – Add: Support build using free tools VC++ Express 2010, MSBuild etc.
    – Bug: Copy Meta Info did not work in x64 version. [Internal]
    – Chg: Implement installer bootstrapper to support Win32 and x64 in a single installer.
    – Chg: Add OpenCandy installer offer in the private build.
    – Chg: Major refactorisation of the build and dependency handling.

    You are right. The latest version is definitely based on build 2976 – this can confirmed on other sites such as Softpedia, Downloadcrew, etc.

    Did you find those Dropbox links via a Google search, or they legit links provided by developer? I can’t find the latest Change log anywhere for 1.7.2976.0, so I haven’t determined as yet whether its worth upgrading to the latest build version. 1.7.2867 seems to work fine.

    [@Ashraf] You may want to make that correction in your article, where you state AxCrypt has not been updated since Dec 2011. According to various download sites, it seems AxCrypt 1.7.2976.0 was released on November 2012.

    Cheers,

  20. Godel

    @Ashraf
    “Because 7-Zip is not an encryption program per se, it isn’t as user-friendly as AxCrypt. For example, even though you can extract an encrypted ZIP or 7z archive using any of many different archiver programs, you still need some archiver program — it isn’t like a standalone self-extracting EXE that AxCrypt can create, the one that requires nothing but a double-click to decrypt.”

    Nope. Just tick the “Create SFX Archive” option in 7-Zip and it does it. Click on the resulting .exe file and supply your password and it decodes immediately. I just tried it to be sure.

  21. Strahd

    [@niko-las]

    I may be wrong but since 1.7.2.x.x came out, that is when OpenCandy and Softonic ( similar to OpenCandy) was bundled with axcrypt.

    The lates version is 1.7.2976.0, and if you downlaod it from Sourceforge, Axcrypt will come bundled with OpenCandy.

    ry the links below, I installed the 64-bit version and it didnt look to have either OC or Softonic. I checked the EULA with EULAlyzer and during install i had no prompt about either of the two crapwares.

    Check it out for yourselves and see if I’m right. I suggest using something like Returnil before you istall either just to be safe.

    v1.7.2976.0 32 bit .msi installer;

    https://www.dropbox.com/s/k9a0iwk9s1vtnvq/AxCrypt-1.7.2976.0-Win32-en-US.msi?m

    v1.7.2976.0 64-bit .msi installer

    https://www.dropbox.com/s/qr8jzo5mnv74cav/AxCrypt-1.7.2976.0-x64-en-US.msi?m

  22. Buckley

    RE: It doesn’t happen too often but it is a known problem that sometimes TrueCrypt volumes can become corrupted and all data within the containers lost.

    Thanks for reminding me to backup the volume.

  23. Shawn

    @all

    Here’s my first useful tip and trick for you all today in regard to truecrypt.

    Should you have many small files that are smaller than the size of the allocated cluster then creating a truecrypt file to store them will actually prevent you from having over fragments and lost of storage space as truecrypt stores all the files in direct sequence and does not care about the cluster size limitations.

    In my case I’ve generated png files with imagemagick of each pixel color 1×1 for a total of 16 million files * 256 intensity transparency shades. Without a truecrypt storage folder there is no way that regular windows ntfs would properly manage such an enormous size of under cluster files.

    S.W.D.

  24. Bruce

    The article is an exact match with my preferences for each of these two areas of application. I would also note that TrueCrypt is available for Linux, whereas Axcrypt is strictly Windows. So TrueCrypt via Dropbox is my approach to secure sharing across my different platforms.

  25. niko-las

    Thanks Ashraf.

    Interesting that AxCrypt has not been updated since Dec 2011, but the latest version number is – 1.7.2976.0. I installed AxCrypt in March 2012, downloaded from the developers web-site and I’m currently running version 1.7.2867.0, therefore I would have thought this was the latest version. According to the SourceForge[dot]net site, the latest version is 1.7.2867.0, therefore I am running the latest version. However, according to the Axantum web-site, the latest version has is 1.7.2976.0 (Note, 2976 is the build number, therefore I’d image any change would have been very minor/trivial).

    I only looked at the SourceForge site since the Axantum web-site states that this is where I can find documented information regarding changes between versions. As mentioned, build 2976 is not listed on SourceForge.

    I don’t recall any potential threat of OpenCandy when I installed AxCrypt about 13 months ago. According to some of the recent comments in the review section on SourceForge, it sounds like OpenCandy was included in the installer over the last few months or so (late 2012).

    Has anyone tried installing the latest version available SorceForge, which is 1.7.2867.0 ?? Perhaps this is still free from OpenCandy – Maybe, or maybe not.

    This is only a guess, but maybe the only change with the latest build available on the Axantum web-site (1.7.2976.0) is that it now includes OpenCandy. It could be worth a try that you install the latest setup file from sourceforge[dot]net/projects/axcrypt/

    Cheers,

  26. weylin

    “SafeHouse Explorer cannot be made portable.”

    Yes it can.

    Optionally Run Stand-Alone without Installing
    SafeHouse Explorer can optionally be run as a stand-alone executable file without needing to be installed, meaning that it can be run directly from USB memory devices or even the Internet; thereby making it possible for you to now access your protected files from public access PCs found in schools and libraries.

    http://www.safehousesoftware.com/RunSafeHouseExplorer.aspx

  27. Louis

    @davidroper :
    yes indeed David, a couple of years ago I had encrypted all my data folders using axcrypt, including (without meaning to) the folders containing my MP3’s — after decrypting them, most would not play (some in the same folders were unaffected), in fact, I’ve kept the dysfunctional ones around, in case I can ever find an (unlikely) cure :

    As to a clue, I just tested one of them again : when decrypting directly by doubleclicking and entering the password, it comes up with the error message : ‘An error occurred when unwrapping Afric Simone – Ramaja – mp3.axx. File damaged or manipulated, integrity checksum (HMAC) error.” , or when decrypting it via rightclick decrypt function, it gives error message : “Decrypt and launch of Afric Simone – Ramaja-mp3.axx failed. File damaged or manipulated, integrity checksum (HMAC) error.”

    I’ve never encrypted a mp3 again after that, but I’ve often wondered about that — perhaps something in the encryption algorythm, with all the ‘hashing’ and ‘salting’ of the data ? I’m not a cryptography expert though.

  28. tony33

    Hi,
    is there a program that can encrypt a whole partition (no O/S) that can not be formatted by mistake (and especial won’t ask to be formatted automatically like in case of Truecrypt!) ? or is there a way to prevent deletion accidentally a Truecrypt file container?
    Thanks

  29. Louis

    If needing to encrypt your whole drive, TrueCrypt would be the software fo choice, with its level of plausible deniability included.

    However, that (for me right now) is overkill — I prefer to encrypt only specific folders & subfolders, or specific files — for that AxCrypt is what I use (I would lke to see some choice as to other algorythms other than AES to use, like TwoFish or Serpent), but until I can find an opensource program that does that, and is as polished as AxCrypt, I’m sticking with AxCrypt.

    One thing about AxCrypt’s latest version, which I had installed on my netbook a few days ago — it took an ENORMOUS lot of time to ‘shred the temporaries’ after I encrypted what wasn’t all that big a folder — that makes me a little concerned about updating the program on my main laptop.

    I do want to add another little gem here : it’s called dsCrypt, is fully portable and only 25 kb — yep kb ! Its companion program, dsDel (which (semi)securely deletes files (only 2 pass overwriting) weighs in at only 8 kb ! I have these permanently on my USB sticks.

    dsCrypt is freeware, and uses AES. What sets this thing apart from anything I’ve seen, is that it includes an alternative to using your keyboard, i.e. you’re not limited to letters, numbers and special characters — you can use 2 screens from the software itself containing strange symbols not found anywhere else, to click on in a certain order instead of having to type on your keyboard — quite brilliant in fact.

    For example, if you regularly communicate with someone, say by email, and you’ve privately agreed to a specific password upfront, you can just send this little file together with your encrypted file attachment by email, and the recipient can just open dsCrypt and decrypt the file, without having to install any encryption software. Just one practical example of how this one may come in handy — of course, just having it permanently on your USB stick is just as good a solution, together with dsDel (Where-as I’m quite paranoid to encrypt everything sensitive (exam papers etc) on my main machine, I’m often guilty , being in a hurry, not to encrypt some important files on my usb stick, which would be bad if I lose that thing !).

  30. Bruce

    I share the same concept with JohnnyG: Axcrypt for files, and TrueCrypt for folders. I also use TrueCrypt for sharing between Windows and Linux machines, typically via Dropbox, as there’s no Linux version of Axcrypt. This does involve a few extra steps over a pure Axcrypt solution, but no big deal.

    I wouldn’t touch an unknown app of any sort.

  31. JohnnyG

    Like others, TrueCrypt (which I use for folders, drives and partitions) and AxCrypt (which I use for individual files). These are “free” programs but I’ve sent $20 “donations” to both since I find them so useful. I want the developers to stick around and continue developing them.

  32. Sputnik

    I didn’t looked at this kind of software since a while, but from all the research I have done about it a couple of years ago, TrueCrypt and AxCrypt are the two best softwares out there.