How To: Protect Your Data from Digital Thieves
BY: OMEED CHANDRA, MAXIMUM PC MAGAZINE
The thousands of MP3s you’ve amassed over the years; your income-tax returns dating back to the Reagan presidency; your infallible proposal for achieving peace in the Middle East—we’re talking about your data, chief. Those precious bits and bytes might be safe enough on your hard drive, but they’re dangerously exposed the moment they leave the shelter of your home. Send an e-mail, and it might pass through dozens of other computers on the Internet, where it could be easily intercepted and read before reaching its intended recipient. Indulge in the convenience of carrying your most important data in your pocket on a USB flash drive or a portable hard disk, and you’ll be in a world of hurt if that pocket drive is lost or stolen.
Digital thieves are everywhere, so we’ll show you some easy ways—using free and low-cost tools—to defend the data stored on your pocket drives. We’ll show you how you can ensure the privacy of your e-mail, too. And for the uninitiated, we’ll explain the basics of what encryption is and how it works.
What Is This “Encryption” You Speak Of?
You probably use encryption all the time, whether you realize it or not. Encryption is what keeps shady characters from seeing your password when you log onto Hotmail, or stealing your credit-card number while shopping online. And in a much more potent form, it’s what the government uses to keep enemies of the state from getting their hands on top-secret NSA communiqués.
Encryption is fundamentally about obscuring data, using a special code called a key. Here’s a simple example: Say your best friend wants to know how much you really paid for your engagement ring. Suspecting that your girlfriend is monitoring your Internet connection, you e-mail your buddy saying the ring cost $8,000. Next, you call him on the telephone and inform him that you encoded the message by multiplying the true price by 800. Your friend then divides 8,000 by 800 to learn that the ring cost a mere $10; your girlfriend will be none the wiser. (Note: Maximum PC does not advocate buying your fiancé a $10 engagement ring, and we accept no responsibility for the consequences of such unwise actions.)
Real-world encryption procedures are much more complicated, of course, but the concept is basically the same. They differ mainly in terms of the number and types of keys used to scramble and unscramble data, as well as how those keys are computed. Good encryption algorithms generally use very large numbers (indicated by the bit strength, e.g., 128-bit) and complex formulas. In order to decrypt something, you’ll need to either know or be able to compute the proper key. Assuming the key-generating algorithm is too complex to decipher, the only way a hacker can decrypt your data is by guessing the right key. That’s why higher bit strength translates into better security—a 256-bit binary key (where the value of each bit can be either 0 or 1) has a whopping 2256 possible values! Few (if any) criminals will bother with the exorbitant amount of time needed to try out that many keys—they’ll just move on to an easier target.
OK, that’s simple enough; the more bits, the better. But how can you tell whether a particular encryption utility uses a secure algorithm? As a rule of thumb, opt for utilities that employ one of the widely used encryption algorithms that cryptography experts have deemed secure. There are too many to mention here, but some of the most popular include AES (Advanced Encryption Standard), RC4, Blowfish, and 3DES (Third Generation Data Encryption Standard). We’ll stick with AES for this how-to; AES has yet to be cracked as of this writing.
STEP 1: OBTAIN PRIVATE DISK
We tested several tools capable of encrypting the contents of a pocket drive. We wanted a secure, user-friendly program that could be run from the encrypted drive itself, so we wouldn’t have to install it on every computer we take our files to. Our top choices were Lockngo Professional ($40) and Private Disk ($45). Both apps consume a negligible amount of disk space, and each boasts 256-bit AES encryption for the entire contents of a drive (many utilities encrypt only the file system and not the data, leaving the latter vulnerable to cracking).
Although Lockngo Professional is easier to set up and use than Private Disk, we prefer the latter for several reasons. First, Lockngo won’t let you leave a portion of your pocket drive unencrypted for storing unclassified data—it’s all or nothing. Second, you can use the same copy of Private Disk on as many pocket drives as you wish, whereas you must purchase a separate copy of Lockngo Professional for each pocket drive you own. Private Disk can even be used to encrypt files on your computer’s hard drive. And finally, unlike Lockngo, Private Disk encrypts data on the fly as you copy it to your pocket drive, making it considerably faster. Read on to learn how to set up Private Disk on a pocket drive.
STEP 2: INSTALL PRIVATE DISK AND CREATE AN IMAGE FILE
The first thing you’ll need to do is download and install Private Disk on your computer (every Windows OS since Windows 95 is supported). When you run the program for the first time, we recommend heading over to the Options tab and unchecking “Closing the window will minimize the program to System taskbar” and “Display icon on System taskbar.” Then, return to the Disk tab and click the Create button. If you haven’t connected your pocket drive to your computer yet, do so now, and then click the Browse button and navigate to your pocket drive. The encrypted data on your pocket drive will be represented by a .dpd file in Windows Explorer. Enter a name for this file and click Save.
You should now be back in the New Private Disk window. Feel free to experiment with the various options here later on; for now, let’s just deal with the “Disk size” field. You can encrypt as little or as much of your pocket drive as you wish—just be sure to reserve about 2MB of unencrypted free space for storing the Private Disk program files. For instance, to encrypt a 256MB USB flash drive (which had an actual capacity of 242MB, according to Windows XP), we specified a 240MB image size.
We chose to save our encrypted disk image to a USB flash drive, but you can also create an encrypted image file on your PC’s hard drive and use it to protect important files stored there. This can be useful if, say, your hard drive gets stolen or you have snoopy coworkers or family members.
At this point, click the Create button and choose a password for your encrypted data. The usual common-sense advice applies here: Use a long password that isn’t something ridiculously obvious (e.g., your name) and that incorporates a combination of upper- and lower-case letters, numbers, and symbols. You can even use an easy-to-remember sentence. Make sure it’s something you won’t forget though—if you do forget it, your encrypted files are as good as gone. Lastly, format the new virtual drive when prompted, using whatever settings you desire.
STEP 3: ADD A PINCH OF DATA AND A DASH OF SELF-SUFFICIENCY
You’ll need to mount your encrypted image file before you can access and modify the data inside it. Private Disk does this automatically when you first create the image, but the next time you need to access your data, you’ll need to start Private Disk, click the Connect button, and locate the image file you wish to mount—or just double-click the image file. Enter your password, and your encrypted data will appear as a virtual drive in Windows Explorer, where it can be read from and written to just like any other drive. Any data you add to this virtual drive is automatically encrypted. When you’re done accessing your encrypted data (and before you unplug your pocket drive), dismount the virtual drive either by exiting Private Disk or by clicking the Disconnect button in the program’s main window.
Once you mount an encrypted .dpd file using Private Disk, its contents will appear as a virtual disk drive in Windows Explorer, where it can be read from and written to.
Toting files around on a pocket drive isn’t very convenient if you can’t access them on computers that don’t have Private Disk installed. However, it’s easy to take Private Disk with you. First, copy the entire Private Disk folder from your hard drive onto your pocket drive (the default folder is C:\Program Files\Dekart\Private Disk). Next, open the Start menu, choose Run, type “%SystemRoot%\system32” and click OK. Locate versnum.dll and dkar.dll and copy these two files to the Private Disk folder on your pocket drive. Finally, edit prvdisk.ini (found in the Private Disk folder) and add the following line at the end: SerialNumber =xxxxx (where xxxxx is the serial number you obtained upon purchasing Private Disk).
Your encrypted pocket drive is now entirely self-sufficient. To access your files on someone else’s computer, simply run the PrvDisk.exe executable from your pocket drive and mount your encrypted image file.
23.06.05 04:53 Age: 8 yrs