Microsoft Vista Back Door

Microsoft spokes people and some members of the team working on the encryption
security areas on Vista say there is no way they are going to install backdoors
for encrypted volumes. The rumor started on the tail-end of a rumor that Microsoft
was asked to supply a backdoor to the encrypted volumes for National Security
and Crime investigation purposes. This was a rumor built on some fact (as all
good rumors are). While is a very good probability that departments such as
Homeland Security have been in talks with Microsoft, we know that the British
Police and some members of the House of Commons are very concerned with Vista's
ability too encrypt a drive.

So why are they concerned? After all, you can encrypt a drive now. There are
plenty of package out there you can install on your computer, and encrypt a
volume so that nefarious personages seeking to steal your data will not be able
to get there hands on your information. The problem exists already, and I certainly
can't believe that the encryption Vista is going to introduce is massivly harder
to crack than some of the encryption currently available. I can't believe it,
but is my belief worth anything? Let's find out.

First of all, the encryption Vista will employ is called BitLocker Drive Encryption.
The system can encrypt a user's entire hard drive, making it almost impossible
to access data if the drive is removed from the computer or otherwise tampered
with. It works in conjunction with the Trusted Platform Module (TPM), a motherboard
chip that generates secure keys. Under the BitLocker system, the key will never
be stored on the hard drive itself, making the drive's contents more secure.
The key is only released in the presence of the authorized operating system.

So you encrypt your drive, and store the key on a USB ram stick and no one
can look at your system. Brilliant. (If you loose the USB ram stick you are
screwed, but that's what you wanted). But what about packages like Safehouse?

SafeHouse provides transparent
"on-the-fly" encryption for your notebook or desktop personal computer.
Using SafeHouse, you can allocate portions of your existing hard drives to be
reserved for encrypted data. SafeHouse encrypted volumes appear on your PC as
another Windows drive letter. All encryption is performed automatically and
transparently on the fly. You can do anything with a SafeHouse virtual drive
that you can do with a normal hard drive; only that with SafeHouse, the encrypted
volumes require password authentication before the files become accessible.

At the end of this article you will find a list of other possible answers for
the same situation. So why the hassle on Microsoft. I don't feel sorry for them,
but it does seem fairly strange.

The answer was given by Cambridge don Ross Anderson testified before a select
committee in the House of Commons this week and sounded the alarm.

"This means that by default your hard disk is encrypted by using a key
that you cannot physically get at... An unfortunate side effect from [sic] law
enforcement is it would be technically fairly seriously difficult to dig encrypted
material out of the system if it has been set up competently."

So basically we are worried about the fact that just any old user can do perform
the deed. So I checked out this claim, and he's right. After reading a few step
by step instructions on how to add a secure volume to the computer system, it
seemed very easy and accessible to me. The fact that the setup program for Window's
Vista is going to bring up the question during installation was a tickler as
well. Just because software is out there that does the same thing, doesn't me
everyone knows about it, or has the will to go out of their way to install the
packages. Windows has it right there, and can set it up for you. Nice.

I would say the fear is founded, that just about every Vista user out there
is going to have one or two secure volumes which authorities simply can't get
at, at least those Vista owners that have the Enterprise or Ultimate versions
(those would be the two most expensive versions of Vista slated to be available
in the second half of 2006). Yes, that's correct. If the user is willing to
spend over $1000.00 for his OS, then Ross Anderson is absolutely right, the
system will not be accessible by the police when this guy turns to crime and
starts keeping evidence on his computer.

Windows Vista Starter – lite version for lower-costs
PCs in developing countries.

Windows Vista Home Basic - for people who want to simply use
the PC to browse the internet, correspond with friends and family through e-mail
or perform basic document creation and editing tasks. Includes security and
search tools.

Windows Vista Home Premium - includes everything in Windows
Vista Home Basic, along with additional features and enhancements such as the
Aero user interface, Media Centre capabilities, and connection to Xbox 360.
This version is expected to be most used by the home users.

Windows Vista Business – basic version for companies
which includes tools that will enhance administration of greater number of PCs.

Windows Vista Enterprise – includes everything in Windows
Vista Business, with enhanced data encryption and BitLocker Encryption that
helps prevent sensitive data and intellectual property from being stolen.

Windows Vista Ultimate - is the edition of Windows Vista that
brings together all Home and Business versions features.

Of course I'm only guessing at the "over $1000.00" price tag on the
versions of Vista which will include the BitLocker Encryption, but based on
what the Windows 2003 Server cost in the past, its probably not very far off.
I doubt, highly, that the average user is going ot have those versions on their
home computer.

More Drive Encryption Software and Websites

FreeOTFE is an open source OTFE (on the fly disk encryption) software for Windows. It presumably creates
encrypted partitions (the documentation does not explicitly state this, nor does it state if it supports
the creation of encrypted container files). You mount the encrypted volume under
Windows and it appears as a drive which you can use normally. FreeOTFE supports "hidden volumes" which are
encrypted volumes that are created inside another encrypted volume. All FreeOTFE volumes also have no identifiable
signature. It is compatible with Linux losetup, which is useful if you need to use your encrypted volumes in both
Linux and Windows. Supported ciphers include AES and Twofish, and supported hash algorithms include MD2, MD4, MD5,
RIPEMD-128, RIPEMD-160, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512. At the time I write this review, FreeOTFE is still
in BETA testing.

TrueCrypt is the successor to E4M (which is no longer maintained). You can use it to encrypt an entire partition
of your hard disk or to create an encrypted container file which appears like a normal hard disk to Windows. You
can then store and access your files on that virtual drive just like any other file. Since the program does not
mark the encrypted container (or partition) in any way, there's no way to for any intruder to guess which file
is your encrypted container. This, according to the author, also preserves plausible deniability. Encryption algorithms
supported include AES, Blowfish, CAST, IDEA (removed in version 2.1a) and Triple-DES. The source code is available free.
This program only works under Windows XP, 2000 and 2003.

Cryptainer LE allows you to create 25 MB encrypted containers that appear to Windows as disk
drives. It supports Windows 95 (OSR 2), 98, ME, 2000, XP and 2003. It uses the Blowfish
algorithm. It apparently also allows you to send encrypted emails as well.

CryptoExpert Lite is a free on the fly encryption program that creates a virtual disk on your disk
from a container file. It supports the CAST encryption algorithm.

This encryption software will encrypt your entire hard disk (including your operating
system) using a "fast AES algorithm". It also supports the encryption of floppy disks,
memory sticks and other removable devices. Even your Windows hibernation file is stored
encrypted on the disk.

Working with documents on your computer where you don't want prying eyes to see? You can get
free software that sets up a drive on your hard disk where all files saved will be encrypted.
The drive need not be an actual hard disk or partition, it can be a file that is set up to
look like a drive to Windows for transparent operation. It is easy to use, free, freely
redistributable with the full source code available. It works on all Windows systems.
Supported encryption include DES, IDEA, Triple-DES, Blowfish, and CAST. If you find yourself
continually encrypting individual files on your computer, this might prove to be the easier
o use solution. Note: E4M is no longer being maintained. The link above leads to a third party
site.

Scramdisk allows you to create an encrypted virtual drive on your Windows
systems where you can store files which will be automatically encrypted. The
drive acts like a normal drive which you can access just like any other disk
drive on your system. Supported encryption algorithms include Triple DES (EDE),
Blowfish, DES, IDEA, MISTY1, Square, and TEA (both 16 and 32 rounds). This software
is no longer supported.

Windows Privacy Tools (WinPT)

Windows Privacy Tools (including the Windows Privacy Tray, ie WinPT Tray,
and the WinPT Explorer Extensions), is a set of tools that allow you to encrypt
your data using GnuPG (see elsewhere on this page). It is a frontend to GnuPG
that resides in your system tray that may be used as a universal plug-in to
any email software. The software is free.

PGP (Pretty Good Privacy) Public Key Encryption

The above link is to the International PGP Home Page, where you can get
free binaries and sources for Pretty Good Privacy (PGP) for a variety of operating
systems for either US or non-US countries. You can use PGP to encrypt your
email in conjunction with your email client, be it Eudora, ELM, PINE, or whatever.
PGP is a public key encryption system, which means that you have two keys
(passwords), one which is known only to you and the other is known to your
recipient. Messages or documents (or whatever) encoded with one key can only
be decoded with the other. You can read more about this from the PGP FAQs
at the site.

GPG: GNU Privacy Guard

GPG, a.k.a. GnuPG, is the GNU version of PGP (Pretty Good Privacy), a public
key encryption system. Like all things GNU, it is free and can be freely distributed
and modified. It is generally compatible with the newer PGP versions (depending
on the encryption algorithms you choose); but you should read their FAQ for
more details.

S-Tools

S-Tools is an encryption software with steganographic capabilities. It hides
files in BMP, GIF and WAV files after compressing and encrypting them. It
runs on Windows and supports drag and drop. It uses the facilities provided
in a freely available encryption library cryptlib
(which supports a host of well known encryption algorithms like AES, Blowfish,
etc) to perform its encryption.

4t HIT Mail Privacy Lite

This encryption software allows you to hide your private data such as email
messages inside an image (JPG, GIF, TIFF, BMP, etc). The image is still viewable
as an image, but it also contains the encrypted version of your secret message
(steganography). The website does not specify which encryption algorithm is
used.

Camouflage

This encryption software performs steganographic functions as well. It encrypts
your file using an unspecified algorithm (in fact the website merely says
it scrambles your data) and attaches them in another file of your choice,
such as sound files, picture files, etc. I suspect that this software is only
for the casual user (who merely wants to hide files from a prying brother
or sister) and not for anyone who really needs strong encryption (such as
governmental agencies, banks, companies, and the like).

LockNote

LockNote encrypts your documents using AES 256. Your encrypted document will have an embedded decryption program that
will run when you (or your recipient, if you are sending your document to someone else) double-click it in Windows NT/2000/XP. You
can then enter the password to decrypt the document. The program is released under the GNU GPL.

BCArchive is an encrypting, compressing archiver. It can compress a file, a group of files, or folders
(subdirectories), and place the result into an encrypted archive. It uses algorithms like IDEA and Blowfish
to encrypt the data, and PKCS #5 for deriving the encrypted key from the password string. It is also able
to create a self-extracting archive, so that the recipient of your archive (if you're sending it to someone)
need not have to install BCArchive to access your files. You can also use public/secret key pairs with this
program. BCArchive supports the following symmetric algorithms: Blowfish, IDEA, Triple-DES and CAST5. It
supports the following asymmetric algorithms: RSA and ElGammal/Diffie-Hellman. Secure hash algorithms
supported include SHA-256, SHA-1, MD5, RIPEMD-160.

AxCrypt allows you to encrypt your files with the AES encryption algorithm (128-bit key). It supports the use of
key files, huge files (more than 4 GB), shredding of temporary and plaintext files, an extensive command line
interface as well as a right click interface from Windows Explorer, etc. The program is open source,
distributed under the GNU General Public License.

FineCrypt allows you to encrypt a limited number of folders and files (although it will not encrypt archives like
ZIP, ARC, CAB, ARJ, TAR and GZ files). Encryption algorithms supported include MARS, RC-6, Rjindael (AES), Serpent,
Twofish, and others. You can encrypt select your encryption mode as well, from ECB, CBC, CFB and OFB. The software
also allows you to create encrypted self-extracting executables.

File Buddy encrypts and decrypts your files as well as securely wipes your original plaintext
versions. It works on Windows 95, 98, ME, NT4, 2000. It is also able to compress your files
before encrypting. The website does not specify the encryption algorithm used.

Crypto-Lock uses SHA-1 and Blowfish (CBC mode) to encrypt your files (including executable
files) after compressing it. It can produce self-decrypting modules, and overwrite the
original plaintext version.

PowerCrypt uses a proprietary symmetric encryption algorithm to encrypt your data. It is
a Windows program.

CCrypt is a command line encryption tool that encrypts the files you specify. It is multiplatform
with ports for Windows, Linux, Sun Solaris, Macintosh OS X, FreeBSD, AIX, etc. It uses the
Rjindael AES cipher (Advanced Encryption Standard). The source code is available.

mcrypt is a command line tool in the fashion of the Unix crypt command. It allows you to
encrypt files that you specify on the command line using one of the following encryption
algorithms: Blowfish, Twofish, DES, TripleDES, 3-Way, Safer, Loki97, Gost, RC2, Mars,
Rjindael AES, Serpent, Cast, Arcfour and Wake. The OpenPGP encrypted file format is supported.
This encryption tools works on Unix systems (including Linux) and has also been ported to
Windows.