How secure is file encryption? (Any recommendation for programs that can encrypt files?)

[Infohawk]

I want to back up some of my files on remote servers. Of course, other people will have access to these servers and the files on them. My question is, if someone malicious sees my encrypted file, how hard would it be for them to break the encryption and access the files?

 

[Barfo]

I use TrueCrypt, works like a charm and it's free, I've never had anyone try to break into my files though, but I think that would be very hard, just check their site for info.

 

[BladeVenom]

If you're using a decent cipher, and a strong passphrase with todays computers they wouldn't be able to decrypt it in their lifetime.

 

[jrenna]

If I use TrueCrypt to create an encrypted folder on a portable (external) hard drive and add files to it, can I then take this hard drive to a different computer and access these files? Or will I need to install TrueCrypt on the second computer as well?

 

[BladeVenom]

Truecrypt lets you create a no install version, Truecrypt Traveller, that you can keep on a external drive, thumb drive, or disc so there's no need to intall it on every PC you use.

 

[Armitage]

Anybody that really knows the answer to that question probably can't/won't tell you.
That said, unless you have reason to believe the government is *really* interested in your data, any of the good programs should be more then adequate.

 

[Smilin]

If you implement your public key infrastructure correctly it will take longer for someone to decrypt your files than it would take for them to find another method (break into your work, install cameras, or some other extreme measures).


Links:

Best Practices for EFS with 2003 and XP

Best practices for the Encrypting File System - http://support.microsoft.com/default.aspx?scid=kb;en-us;223316

A good 'rule of thumb' guide to EFS management. This goes through user education, archival, private key sensitivity, and other important information for PKI administrators.

The Encrypting File System - http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx

An excellent and lengthy guide to deploying and maintaining EFS in a recommended fashion. Covers Disaster Recovery, additional protection guidelines, and many links to specific useful articles based on subject matter.

Create a recovery policy for a domain - http://www.microsoft.com/technet/prodte...af14d-66e3-4cee-bc3d-38795b046c25.mspx

Add a recovery agent for a domain - http://www.microsoft.com/technet/prodte...01135-c289-4f64-8bf3-8c0de903a8b7.mspx

The two articles above cover the brief set of steps necessary to adding Data Recovery Agents when in an AD environment. This is critical to protecting your data from a careless or malicious end user.

Encrypting File System Tools and Settings - http://www.microsoft.com/technet/prodte...22595-5d30-4b19-945a-b6e4bb33bd6f.mspx

A list of the most useful EFS-related tools for making management of encrypted files much easier. Includes info on EFSINFO and CIPHER, as well as links to sub-articles with the complete syntax for these commands. This also has some very useful information on using Group Policy to manage EFS which will be exposed fully after your migration is completed.


Best practices for PKI with 2003 and XP

Here are some webcasts on how to implement a Publick Key Infrastructure:
Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure - http://www.microsoft.com/technet/prodte...03/technologies/security/ws3pkibp.mspx

If you read nothing else, this is the guide to examine. This online whitepaper covers every aspect of best practices in PKI, from planning, deployment, offline roots, scenarios, samples, and the rest.

TechNet Support WebCast: Best Practices for Public Key Infrastructure: Steps to build an offline root certification authority (part 1 of 2) - http://support.microsoft.com/default.aspx?scid=kb;en-us;896733

TechNet Support WebCast: Best practices for Public Key Infrastructure: Setting up an offline subordinate and an online enterprise subordinate (part 2 of 2) - http://support.microsoft.com/default.aspx?scid=kb;en-us;896737

Finally, the above two online webcasts cover the end-to-end process of creating an offline root certificate authority structure for maximum security. This two-part presentation walks through the entire process, and is great for people that want to see how it works before digging into whitepapers and labs to make it all happen.