Menu
homeErrors

Flop disk encryption programs. How to encrypt your entire hard drive using VeraCrypt. What to use now

With CyberSafe, you can encrypt more than just individual files. The program allows you to encrypt an entire hard drive partition or an entire external drive (for example, a USB drive or flash drive). This article will show you how to encrypt and hide an encrypted partition of your hard drive from prying eyes.

Spies, paranoids and ordinary users

Who will benefit from the ability to encrypt partitions? Let's discard spies and paranoids right away. There are not so many of the former, and their need for data encryption is purely professional. The second one just wants to encrypt something, hide it, etc. Although there is no real threat and the encrypted data is of no interest to anyone, they encrypt it anyway. That is why we are interested in ordinary users, of whom, I hope, there will be more than paranoid spies.
A typical partition encryption scenario is when a computer is shared. There are two options for using the CyberSafe program: either each of the users working at the computer creates a virtual disk, or each one allocates a partition on the hard drive for storing personal files and encrypts it. It has already been written about creating virtual disks, but in this article we will talk specifically about encrypting the entire partition.
Let's say there is a 500 GB hard drive and there are three users who periodically work with the computer. Despite the fact that the NTFS file system still supports access rights and allows you to limit one user's access to another user's files, its protection is not enough. After all, one of these three users will have administrator rights and will be able to access the files of the remaining two users.
Therefore, the hard drive disk space can be divided as follows:
  • Approximately 200 GB - shared partition. This partition will also be the system partition. It will install the operating system, the program and store common files of all three users.
  • Three sections of ~100 GB each - I think 100 GB is enough to store each user’s personal files. Each of these sections will be encrypted, and only the user who encrypted this section will know the access password to the encrypted section. In this case, the administrator, no matter how much he or she wishes, will not be able to decrypt another user’s partition and gain access to his files. Yes, if desired, the administrator can format the partition and even delete it, but he will only be able to gain access if he tricks the user into giving him his password. But I think this will not happen, so encrypting the partition is a much more effective measure than differentiating access rights using NTFS.

Partition encryption vs virtual encrypted disks

What is better - encrypting partitions or using encrypted virtual disks? Here everyone decides for himself, since each method has its own advantages and disadvantages. Partition encryption is as secure as virtual disk encryption and vice versa.
What is a virtual disk? Look at it as an archive with a password and a compression ratio of 0. Only the files inside this archive are encrypted much more securely than in a regular archive. A virtual disk is stored on your hard drive as a file. In the CyberSafe program, you need to open and mount the virtual disk and then you can work with it like a regular disk.
The advantage of a virtual disk is that it can be easily copied to another hard drive or flash drive (if the size allows). For example, you can create a 4 GB virtual disk (there are no restrictions on the size of a virtual disk, except for natural ones) and, if necessary, copy the virtual disk file to a flash drive or external hard drive. You won't be able to do this with an encrypted partition. You can also use a virtual disk file.
Of course, if necessary, you can create an image of the encrypted disk - in case you want to back it up or move it to another computer. But that's a different story. If you have a similar need, I recommend the Clonezilla program - it is already a reliable and proven solution. Transferring an encrypted partition to another computer is a more complex undertaking than transferring a virtual disk. If there is such a need, then it is easier to use virtual disks.
With partition encryption, the entire partition is physically encrypted. When mounting this partition, you will need to enter a password, after which you can work with the partition as usual, that is, read and write files.
Which method should I choose? If you can afford to encrypt the partition, then you can choose this method. It is also better to encrypt the entire section if the size of your secret documents is quite large.
But there are situations when using the entire section is impossible or makes no sense. For example, you have only one partition (drive C:) on your hard drive and for one reason or another (no rights, for example, because the computer is not yours) you cannot or do not want to change its layout, then you need to use virtual disks. There is no point in encrypting the entire partition if the size of the documents (files) you need to encrypt is small - a few gigabytes. I think we’ve sorted this out, so it’s time to talk about which partitions (disks) can be encrypted.

Supported drive types

You can encrypt the following types of media:
  • Hard drive partitions formatted in FAT, FAT32 and NTFS file systems.
  • Flash drives, external USB drives, with the exception of drives representing mobile phones, digital cameras and audio players.
Cannot encrypt:
  • CD/DVD-RW disks, floppy disks
  • Dynamic disks
  • System drive (from which Windows boots)
Starting with Windows XP, Windows supports dynamic disks. Dynamic disks allow you to combine several physical hard drives (analogous to LVM in Windows). It is impossible to encrypt such disks with the program.

Features of working with an encrypted disk

Let's imagine that you have already encrypted a hard drive partition. To work with files on an encrypted partition, you need to mount it. When mounting, the program will ask you for the password to the encrypted disk that you specified when encrypting it. After working with an encrypted disk, you must immediately unmount it, otherwise the files will remain available to users who have physical access to your computer.
In other words, encryption only protects your files when the encrypted partition is unmounted. Once the partition is mounted, anyone with physical access to the computer can copy files from it to an unencrypted partition, USB drive, or external hard drive and the files will not be encrypted. So, when you are working with an encrypted drive, make it a habit to always unmount it every time you leave your computer, even for a short time! Once you have unmounted the encrypted drive, your files will be securely protected.
As for performance, it will be lower when working with an encrypted partition. How much lower depends on the capabilities of your computer, but the system will remain operational and you will just have to wait a little longer than usual (especially when you copy large files to an encrypted partition).

Getting ready for encryption

The first thing you need to do is get a UPS somewhere. If you have a laptop, everything is fine, but if you have a regular desktop computer and you want to encrypt a partition that already has files, then encryption will take some time. If the power goes out during this time, you are guaranteed to lose data. Therefore, if you don’t have a UPS that can withstand several hours of battery life, I recommend doing the following:
  • Back up your data, for example on an external hard drive. Then you will have to get rid of this copy (it is advisable to wipe the free space with a utility like Piriform after deleting data from an unencrypted disk so that it is impossible to recover deleted files), since if it is present, there is no point in having an encrypted copy of the data.
  • You will transfer data to the encrypted disk from the copy after the disk is encrypted. Format the drive and encrypt it. Actually, you don’t need to format it separately - CyberSafe will do it for you, but more on that later.

If you have a laptop and are ready to continue without creating a backup copy of your data (I would recommend doing one just in case), be sure to check the disk for errors, at least with a standard Windows utility. Only after this you need to start encrypting the partition/disk.

Partition encryption: practice

So, theory without practice is meaningless, so let's start encrypting the partition/disk. Launch the CyberSafe program and go to the section Disk encryption, Encrypt partition(Fig. 1).


Rice. 1. List of partitions/disks of your computer

Select the partition you want to encrypt. If the button Create will be inactive, then this partition cannot be encrypted. For example, this could be a system partition or a dynamic disk. Also, you cannot encrypt multiple drives at the same time. If you need to encrypt several disks, then the encryption operation must be repeated one by one.
Click the button Create. Next a window will open Kripo Disk(Fig. 2). In it you need to enter a password that will be used to decrypt the disk when mounting it. When entering your password, check the case of characters (so that the Caps Lock key is not pressed) and the layout. If there is no one behind you, you can turn on the switch Show password.


Rice. 2. Crypto Disk

From the list Encryption type you need to choose an algorithm - AES or GOST. Both algorithms are reliable, but in government organizations it is customary to use only GOST. On your own computer or in a commercial organization, you are free to use any of the algorithms.
If there is information on the disk and you want to save it, turn on the switch. Please note that in this case the disk encryption time will increase significantly. On the other hand, if the encrypted files are, say, on an external hard drive, then you will still have to copy them to the encrypted drive to encrypt them, and copying with on-the-fly encryption will also take some time. If you haven't backed up your data, be sure to check the Enable radio button Save file structure and data, otherwise you will lose all your data.
Other parameters in the window Crypto Disk can be left as default. Namely, the entire available size of the device will be used and quick formatting will be performed into the NTFS file system. To start encryption, click the button Accept. The progress of the encryption process will be displayed in the main program window.


Rice. 3. Progress of the encryption process

Once the disk is encrypted, you will see its status - encrypted, hidden(Fig. 4). This means that your drive has been encrypted and hidden - it won't show up in Explorer and other high-level file managers, but partition table programs will see it. There is no need to hope that since the disk is hidden, no one will find it. All disks hidden by the program will be displayed in the snap-in Disk management(see Fig. 5) and other programs for disk partitioning. Please note that in this snap-in, the encrypted partition is displayed as a partition with a RAW file system, that is, without a file system at all. This is normal - after encrypting a partition, Windows cannot determine its type. However, hiding a partition is necessary for completely different reasons, and then you will understand exactly why.


Rice. 4. Disk status: encrypted, hidden. Partition E: not visible in Explorer


Rice. 5. Disk Management snap-in

Now let's mount the partition. Select it and click the button Resurrection to make the partition visible again (the disk state will be changed to just " encrypted"). Windows will see this partition, but since it cannot recognize its file system type, it will offer to format it (Fig. 6). This should not be done under any circumstances, since you will lose all data. This is why the program hides encrypted drives - after all, if you are not the only one working on the computer, another user can format a supposedly unreadable partition of the disk.


Rice. 6. Suggestion to format the encrypted partition

Of course, we refuse formatting and press the button Montirov. in the main CyberSafe program window. Next, you will need to select the drive letter through which you will access the encrypted partition (Fig. 7).


Rice. 7. Selecting a drive letter

After this, the program will ask you to enter the password necessary to decrypt your data (Fig. 8). The decrypted partition (disk) will appear in the area Connected decrypted devices(Fig. 9).


Rice. 8. Password for decrypting the partition


Rice. 9. Connected decrypted devices

After this, you can work with the decrypted disk as with a regular one. In Explorer, only drive Z: will be displayed - this is the letter I assigned to the decrypted drive. The encrypted E: drive will not be displayed.


Rice. 10. Explorer - viewing computer disks

Now you can open the mounted disk and copy all the secret files to it (just don’t forget to delete them from the original source and wipe out the free space on it).
When you need to finish working with our section, then or click the button Dismantler., and then the button Hide or simply close the CyberSafe window. As for me, it’s easier to close the program window. It is clear that you do not need to close the program window during the operation of copying/moving files. Nothing terrible or irreparable will happen, just some of the files will not be copied to your encrypted disk.

About performance

It is clear that the performance of an encrypted disk will be lower than that of a regular one. But how much? In Fig. 11 I copied my user profile folder (where there are many small files) from the C: drive to the encrypted Z: drive. The copy speed is shown in Fig. 11 - approximately at the level of 1.3 MB/s. This means that 1 GB of small files will be copied in approximately 787 seconds, that is, 13 minutes. If you copy the same folder to an unencrypted partition, the speed will be approximately 1.9 MB/s (Fig. 12). At the end of the copy operation, the speed increased to 2.46 MB/s, but very few files were copied at this speed, so we believe that the speed was 1.9 MB/s, which is 30% faster. The same 1 GB of small files in our case will be copied in 538 seconds or almost 9 minutes.


Rice. 11. Speed ​​of copying small files from an unencrypted partition to an encrypted one


Rice. 12. Speed ​​of copying small files between two unencrypted partitions

As for large files, you won't feel any difference. In Fig. Figure 13 shows the speed of copying a large file (400 MB video file) from one unencrypted partition to another. As you can see, the speed was 11.6 MB/s. And in Fig. Figure 14 shows the speed of copying the same file from a regular partition to an encrypted one and it was 11.1 MB/s. The difference is small and is within the error limit (the speed still changes slightly as the copy operation progresses). Just for fun, I’ll tell you the speed of copying the same file from a flash drive (not USB 3.0) to a hard drive - about 8 MB/s (there is no screenshot, but trust me).


Rice. 13. Large file copying speed


Rice. 14. Speed ​​of copying a large file to an encrypted partition

This test isn't entirely accurate, but it can still give you some idea of ​​performance.
That's all. I also recommend that you read the article

Editor's Choice

File encryption programs

Encrypt everything!

Every time information leaks onto the Internet about a scandal involving important documents being leaked somewhere, I ask myself why they were not encrypted? Document security should be everywhere, after all.

Encryption algorithms

The encryption algorithm is like a black box. A dump of the document, image or other file you upload into it is what you get back. But what you see seems crazy.

You can turn this gibberish back into a normal document through the window with the same password that you entered during encryption. This is the only way you will receive the original.

The US government has recognized the Advanced Encryption Standard (AES) as a standard, and all products that are collected here support the AES encryption standard.

Even those who support other algorithms generally recommend using AES.

If you are an encryption expert, you may prefer another algorithm, Blowfish, and perhaps even the Soviet government's GOST algorithm.

But this is completely for fans of extreme entertainment. For the average user, AES is simply an excellent solution.

Public Key Cryptography and Exchange

Passwords are important and you should keep them secret, right? Well, not when using public key infrastructure (PKI), which is used in cryptography.

If I want to send you a secret document, I simply encrypt it with the public key. Once you receive it, you can use it to decrypt the document. It's simple!

Using this system in reverse, you can create a digital signature that verifies that your document came from you and has not been altered. How? Just encrypt it with your private key.

The fact that your public key decrypts it is proof that you have the right to edit it.

PKI support is less common than support for traditional symmetric algorithms.

Many products allow the creation of self-decrypting executable files.

You may also find that the recipient can use a certain tool for free only for decryption.

What's better?

There is now a huge selection of products available in the encryption space.

Everyone simply has to choose a solution that will be convenient in terms of functionality, practical and stylish from the point of view of the interface of the main program window.

A CertainSafe digital safe goes through a multi-step security algorithm that identifies you to the site. You will have to go through multiple authentication checks each time.

Your files are encrypted; if someone tries to hack them, they will fall apart and no one will be able to recreate them. In this case, there is a certain risk, but at the same time, the level of reliability is very decent.

Each piece of the file is then stored on a different server. A hacker who was able to hack one of the servers will not be able to do anything useful.

A lock can encrypt files or simply lock them so that no one can open them. It also offers encrypted lockers to safely store personal confidential information.

Many other useful features include shredding, free space shredding, secure online backup, and self-decrypting files.

VeraCrypt (Windows/OS X/Linux)

VeraCrypt supports truecrypt encryption, which was discontinued last year.

The development team claims that they have already addressed the issue raised during the initial audit of truecrypt and believe that it can still be used as an accessible version for , OS X and .

If you're looking for a file encryption tool that actually works, this is it. VeraCrypt supports AES (the most commonly used algorithm).

It also supports TwoFish and Serpent encryption ciphers, and supports the creation of hidden encrypted volumes.

The software is open source and most of the code base is Truecrypt.

The program is also constantly evolving, with regular security updates and independent audits at the planning stage (according to the developers).

Those of you who have already tried it have praised it for being a great on-the-fly encryption tool that only decrypts your files when they are needed. So the rest of the time they are stored in encrypted form.

Users especially note that the program is a powerful tool that is easy to use and always in place. Yes, it lacks a nice interface or a ton of bells and whistles.

AxCrypt (Windows)

AxCrypt is a free program, open source GNU licensed.

A GPL-licensed encryption tool for Windows that prides itself on being simple, efficient, and secure to use.

It integrates perfectly with the Windows shell, so you can right-click on the file you want to encrypt and issue a command.

Or you can simply configure the executable code so that the file will be locked if not used for a certain period of time. It can be decrypted later, or when the recipient notifies of receipt.

Files with AxCrypt can be decrypted on demand or kept decrypted while they are in use and then automatically encrypted.

It supports 128-bit AES encryption and provides protection against hacking attempts. It is very light (less than 1 MB.)

Everyone decides for themselves which program to use, but if your data is worth anything to you, be sure to think about the fact that you need an encryption program.

Encrypting files and folders in Windows

File encryption programs: Which ones are better to choose?

The privacy and security requirements of a computer are entirely determined by the nature of the data stored on it. It’s one thing if your computer serves as an entertainment station and there’s nothing on it except a few toys and a daddy with photos of your favorite cat, but it’s quite another thing if the hard drive contains data that is a trade secret, potentially of interest to competitors.

The first “line of defense” is the login password, which is requested every time you turn on the computer.

The next level of protection is access rights at the file system level. A user who does not have permission privileges will receive an error when attempting to access files.

However, the described methods have one extremely significant drawback. They both work at the operating system level and can be relatively easily bypassed if you have a little time and physical access to the computer (for example, by booting from a USB flash drive you can reset the administrative password or change file permissions). Complete confidence in the security and confidentiality of data can only be obtained if you use the achievements of cryptography and securely use them. Below we will look at two methods of such protection.

The first method considered today will be Microsoft's built-in crypto protection. Encryption, called BitLocker, first appeared in Windows 8. It cannot be used to secure an individual folder or file; only encryption of the entire disk is available. In particular, this implies the fact that it is impossible to encrypt the system disk (the system will not be able to boot), and it is also impossible to store important data in system libraries such as “My Documents” (by default they are located on the system partition).
To enable built-in encryption, do the following:

  1. Open Explorer, right-click on the drive you want to encrypt and select “Enable BitLocker.”
  2. Check the box “Use a password to unlock the disk”, create and enter a password twice that meets the security requirements (at least 8 characters long, must have lowercase and uppercase letters, it is advisable to enter at least one special character) and click the “Next” button. We will not consider the second unlocking option within the framework of this note since smart card readers are quite rare and are used in organizations that have their own information security service.
  3. In case you lose your password, the system offers to create a special recovery key. You can attach it to your Microsoft account, save it to a file, or simply print it on a printer. Select one of the methods and after saving the key, click “Next”. This key should be protected from strangers because it, being an insurance against your forgetfulness, can become a “back door” through which your data will leak.
  4. On the next screen, choose whether to encrypt the entire drive or just the used space. The second point is slower, but more reliable.
  5. Select an encryption algorithm. If you do not plan to migrate the disk between computers, choose the more robust latest mode, otherwise, compatibility mode.
  6. After configuring the settings, click the “Start Encryption” button. After some waiting, the data on your drive will be securely encrypted.
  7. After logging out or rebooting, the protected volume will become inaccessible and a password will be required to open the files.

DiskCryptor

The second cryptographic utility we're looking at today is DiskCryptor, a free and open source solution. To use it, use the following instructions:

  1. Download the program installer from the official website using the link. Run the downloaded file.
  2. The installation process is extremely simple; it consists of pressing the “Next” button several times and finally rebooting the computer.

  3. After rebooting, launch the DiskCryptor program from the program folder or by clicking on the shortcut on the desktop.
  4. In the window that opens, click on the disk to be encrypted and click the “Encrypt” button.
  5. The next step is to select an encryption algorithm and decide whether you need to erase all data from the disk before encrypting it (if you do not plan to destroy information, be sure to select “None” in the “Wipe Mode” list).
  6. Enter the decryption password twice (it is recommended to come up with a complex password so that the “Password Rating” field is at least “High”). Then click "OK".
  7. After some waiting, the disk will be encrypted. After rebooting or logging out, to access it you will need to launch the utility, click on the “Mount” or “Mount All” button, enter the password and click “OK”.

The undoubted advantage of this utility compared to the BitLocker mechanism is that it can be used on systems released before Windows 8 (even Windows XP, which has been discontinued, is supported). But DiskCryptor also has several significant disadvantages:

  • there are no ways to restore access to encrypted information (if you forget your password, you are guaranteed to lose your data);
  • Only password unlocking is supported; the use of smart cards or biometric sensors is not possible;
  • Perhaps the biggest disadvantage of using DiskCryptor is that an attacker with administrative access to the system will be able to format the disk using standard means. Yes, he will not gain access to the data, but you will also lose it.

To summarize, I can say that if your computer has an OS installed starting with Windows 8, then it is better to use the built-in functionality.

In this video I talk about how to hide, encrypt and keep files or folders safe.

1. .rar archive password protected

Right-click on the file or folder and select. Go to the ADDITIONAL tab and click the SET PASSWORD button. We come up with a password and confirm it, check the ENCRYPTION FILE NAMES box, and click OK. Go to the GENERAL tab, here you can make a .rar or .zip archive, compress the archive, divide it into several parts by size

2. hidden file

Right-click on the file or folder and select PROPERTIES. In the attributes, check the HIDDEN box and click OK. If the file is missing, click the VIEW or HIDE menu at the top and check the HIDDEN ITEMS box to see hidden files and folders. Translucent files and folders are hidden files and folders. You can now move the hidden file somewhere else and disable HIDDEN ITEMS so that hidden items don't show up

3. Protected folder using outpost firewall

Go to and go to the PROTECTION OF FILES AND FOLDERS tab and check the box for ENABLE PROTECTION OF FILES AND FOLDERS. Click ADD and select the cat folder. must be protected from opening and click OK. Also, do not forget to set a password to access the outpost firewall settings

4. Bury the deep file in the system folder

For example C:/Windows/System32/DriverStore/File/Repositoryacpitime.inf_amd64_29b0a8cd9e06aad1/New folder

so that no one would guess to look there.

5. Using TrueCrypt program

The program is free and can be downloaded from the official website truecrypt.org/downloads

You can Russify it by downloading the archive truecrypt.org/localizations

So, having downloaded the installation file and the archive with the Russian language, we put everything in one folder, unpack the archive with the Russian language into the same folder as the installer and install the program. The installer will automatically pick up the Russian language and install the program with the Russian language. After installation, launch the program and click CREATE VOLUME. Select the volume type CREATE ENCRYPTED FILE CONTAINER and click NEXT. Select the TRUECRYPT HIDDEN VOLUME and click next. Select NORMAL MODE and click NEXT. Click FILE and indicate where to save our file with encrypted information and what it will be called.

After writing the name and selecting the location, click SAVE. Click NEXT and NEXT again. Here we select the encryption algorithm and hashing algorithm. Select the default: AES and RIPEMD-160 and click NEXT. Let's choose the size of the outer volume for our encrypted needs. Let's set it to 5 GB. in the future, if necessary, it will be possible to increase it. Let's come up with a password for the encrypted volume, I advise you to come up with a password of more than 10 characters, use capital and small letters and special letters. symbols. For example Podpishis87-.NaKanal, just don’t forget your password later.

Click NEXT. If we store files here the size of cat. exceeds 4 GB. then put a dot on YES and click NEXT. Click MARKUP if the program asks us again about the NTFS system, then click YES and wait until the program creates and layouts a new volume for our encrypted needs. After a while, a new disk will be created and a certain letter will be assigned to it, in my case Z. Let's log into the computer and see the new disk. Then, for the sake of appearance, you can throw in all sorts of files there that you don’t need to hide, this is just for the sake of appearance that there is something on this disk and it is being used.

So let's go back to the program and click NEXT and NEXT again. Let's choose an encryption algorithm and a hashing algorithm here again. Select the default: AES and RIPEMD-160 and click NEXT. Set the size for the hidden volume and select its size (set it to be 1 GB less than the space that is available to us), click NEXT. Click YES if the program asks you to confirm the operation. Now let's come up with a password for the hidden volume, for example EsheNePodpisanNaKanal?Apochemu? click NEXT. Click MARK.

Click NEXT. After we have created the hidden volume, close the program. The program will now be displayed on the bottom right, right-click on it and select SHOW TRUECRYPT. Let's select the drive letter for cat. mount our volume, click FILE and select the file that we created and click OPEN. Next, click MOUNT, the program asks us to enter a password by entering the first password Podpishis87-.NaKanal, we will get into the open volume by entering the second password EsheNePodpisanNaKanal?Apochemu? we will end up in a hidden volume. Click OK.

So our encrypted storage has appeared, now we can save the files here that we want to hide. After you have copied your files there and want to hide them, click UNMOUNT in the program to unmount the hidden volume.

Hmm, I understand that the method, to put it mildly, is not simple.

6. Combine these methods

Hide the file, put it deep in the system folder, encrypt it, add an encrypted one to the archive, another encrypted archive with a different password, and place it all in a hidden volume.

7. Encrypt using Windows

Right-click on the file or folder and select ENCRYPTION (not available in all versions of Windows, only in maximum versions of Windows). Windows will prompt you to enter the password for the encryption key, confirm it, then prompt you to export the key file, select a file name for the key and click SAVE so that you can open encrypted files after reinstalling Windows or on another computer using this key.

Here is a video tutorial on file encryption.

1. .rar archive password protected (00:11)
2. hidden file (01:28)
3. Secure folder using outpost security suite (02:08)
4. “Bury” the deep file in the system folder (03:22)
5. Using TrueCrypt (04:01)
6. Combine these methods (10:40)

Our media stores huge quantities of personal and important information, documents and media files. They need to be protected. Cryptographic methods such as AES And Twofish, which are standardly offered in encryption programs, are approximately one generation old and provide a relatively high level of security.

In practice, the average user will not be able to make much of a mistake in his choice. Instead, it's worth choosing a specialized program based on your intent: hard drive encryption often uses a different operating mode than file encryption.

For a long time, the best choice was the utility TrueCrypt, if we were talking about full encryption of the hard drive or saving data in an encrypted container. This project is now closed. Its worthy successor was an open source program VeraCrypt. It was based on the TrueCrypt code, but it was modified, resulting in improved encryption quality.

For example, in VeraCrypt improved key generation from password. A less common mode used to encrypt hard drives is CBC, A XTS. In this mode, blocks are encrypted by type ECB, however, this adds the sector number and intrasegmental displacement.

Random numbers and strong passwords

To protect individual files, a free program with a simple interface is enough, for example, MAXA Crypt Portable or AxCrypt. We recommend AxCrypt because it is an open source project. However, when installing it, you should pay attention to the fact that the package with the application includes unnecessary add-ons, so you need to uncheck them.

The utility is launched by right-clicking on a file or folder and entering a password (for example, when opening an encrypted file). This program uses the AES algorithm 128 bit with CBC mode. To generate a robust initialization vector (IV), Ax-Crypt integrates a pseudo-random number generator.

If IV is not a true random number, then CBC mode weakens it. The MAXA Crypt Portable program works in a similar way, but encryption occurs using a key 256 bits long. If you upload personal information to cloud storage services, you must assume that cloud storage providers, such as Google and Dropbox, are scanning the content.

Boxcryptor embeds itself into the process as a virtual hard drive and, with a right-click, encrypts all files located there before they are uploaded to the cloud. It is important to get a password manager, such as Password Depot. It creates complex passwords that no one can remember. Need to just don't lose master password for this program.

We use encrypted disks

Similar to TrueCrypt, utility wizard VeraCrypt guides the user through all the stages of creating an encrypted disk. You can also protect an existing partition.

One-click encryption

Free program Maxa Crypt Portable offers all the necessary options for quickly encrypting individual files using the AES algorithm. By clicking on the button you start generating a secure password.

Linking the cloud to privacy

Boxcryptor One-click encrypts important files before uploading to Dropbox or Google storage. AES encryption is used by default with a key length of 256 bits.

Cornerstone - Password Manager

Long passwords enhance security. Program Password Depot generates and uses them, including for encrypting files and working with web services to which it transfers data to access the account.

Photo: manufacturing companies