Fast File Encryption for Windows? 117
cryptoz wonders: "I've used numerous encryption applications
for both Windows and Linux over the past few years and have always been satisfied. Until I realized I needed to start encrypting large files (say 10 to 30 GiB), or at least a large number of small(er) files. I found that everything I use seems to take hours and hours to compress, encrypt and shred. Not to mention decompressing, decrypting and deleting on the other end.
Every web search I do on the topic seems to turn up mostly closed-source applications or snake oil, neither of which is acceptable. Does Slashdot have any suggestions for fast file encryption? I should make it clear that in my particular case, I do not need to have a perfect key or incredibly secure encryption, since it is not the weakest link (as I am susceptible to hardware key-loggers, CRT eavesdropping and the like). The encryption needs to be just strong enough, but most importantly, *fast*." This is a worthwhile question, but when dealing with files in the 10s of GB, can anything really be considered to be "fast"?
TrueCrypt (Score:4, Informative)
You linked to it yourself, so you should be aware of the strengths of the application. It does on-the-fly disk encryption with either whole partitions or disk image files, has absolutely no problem with massive disks (I have a 40GB image on a USB drive), and is pretty fast. My benchmarks come up with 50MB/s average throughput (around 56MB/s encrypting, 47MB/s decrypting) for 256bit AES encryption on my machine. TrueCrypt seems to cope well with files of any size, and while I can't say I've tried 30GB, 4.7GB DVD images work very well indeed.
One thing that really makes it stand out in your scenario is the ability to use keyfiles. This allows you to select one or more files that will be used (hashed?) with your password to secure your data against those hardware keyloggers. (Although, I would question whether encryption is really required if you aren't that bothered about security.)
The best part of TrueCrypt is that it is completely open-source. No closed/proprietary systems and no snake oil. For encryption on Windows, when the built in stuff doesn't cut it, TrueCrypt is the only way to go, IMHO.
Re:TrueCrypt (Score:3)
It all depends on the threat model. I could see desiring encryption without being bothered by keyloggers if you're worried about someone breaking into your car an
Re:TrueCrypt (Score:2)
Primary Cryption (Score:2)
But since you get the source code and it is well-commented, you could probably modify it yourself to be less secure ( you decide how much) and a lot faster.
It works under Linux/Wine, and It can also handle multiple files. (Confession: I wrote it, and need to make myself write a helper program to keep track of keys and make it easier to handle multiple files, but I haven't had the time.)
Guess what (Score:2)
Also, security can be increased to downright unusability, too.
Re:Guess what (Score:2)
a la "I got an idea, an idea so smart my head would explode if I even began to know what I was talking about."
Re:Guess what (Score:2)
Not really: There are three offerings: cheap, secure, useable... Pick any two
You may combine ease of use and secure, but this will cost...
Regards, Martin
Motion for Truecrypt thirded (Score:2, Redundant)
Dunno why noone mentioned it... (Score:5, Funny)
Re:Dunno why noone mentioned it... (Score:1)
Re:Dunno why noone mentioned it... (Score:1)
It's linked in the story...
Re:Dunno why noone mentioned it... (Score:1)
I'm pretty stupid, I miss most of them anyway.
Yes... (Score:5, Funny)
Yes, a station wagon filled with tapes of 10GB+ files doing 80mph on a highway is going at a pretty fast clip in my opinion. YMMW.
With apologies to AS Tanenbaum.
Re:Yes... (Score:1)
Re:Yes... (Score:2)
Re:Yes... (Score:2)
Obviously with a transubstantiation cipher[1]. Sheesh, kids these days.
[1] you don't put labels on, and you just throw the tapes sort of haphazard into the back of the wagon - then at the far end you rely on pulling some sort of miracle out of your backside to get the data off in order.
Re:Yes... (Score:2)
Or a 747-400 Freighter full of 750GB HDDs flying at cruising speed.
2,565 HDDs fit in a cubic meter. (http://www.westerndigital.com/en/products/Product s.asp?DriveID=137 [westerndigital.com])
The 747-400 Freighter has 777 m^3 of cargo space. (http://www.montereypeninsulaairport.com/747specsh eet.html [montereype...irport.com])
This gives 2565 * 777 = 1,993,005 HDDs.
750GB == 698.5GiB
This gives us a grand total of 1,392,113,992.5 GiB or 1.392
Re:Yes... (Score:2)
Re:Yes... (Score:2)
Re:Yes... (Score:1)
Re:Yes... (Score:2)
You may want to double check the weight of 1.9 million hard drives vs. the maximum cargo weight allowance for a 777-400 freighter. A long time ago I did this same math for DLT cartridges and a 747 cargo plane, and I noticed that you couldn't fill the cargo space more than 60% full with DLTs before the plane was too heavy to take off.
Re:Yes... (Score:2)
DLTs, eh? You must be a DECcie.
Good point about the weight. The -400 Freighter can carry 112,490kg of cargo, and each HDD weighs 0.6 kg, meaning 187,483 hard drives.
Bummer, that's less than 10% of the cargo space, and "only" 130.96 EiB.
Since the latest SuperDLT tapes have 300GB (279.4GiB) raw capacity, SuperDLT600 tapes would give you much better bandwidth.
SureCrypt (freeWare) (Score:5, Informative)
SureCrypt is an ultra small encryption program designed for fast processing of extremely large files. It can encrypt or decrypt files as fast as Windows Explorer can copy them. SureCrypt presents a flexible user interface with detailed record of all operations.
Re:SureCrypt (freeWare) (Score:4, Interesting)
Re:SureCrypt (freeWare) (Score:2)
It's the first link returned by Google
Just ROT2 the bits. (Score:1, Informative)
Re:Just ROT2 the bits. (Score:1)
Re:Just ROT2 the bits. (Score:2)
and it's almost as fast as rot2, to boot
-1, Pedantry (Score:2, Insightful)
Re:-1, Pedantry (Score:2)
Because (Score:2)
Re:-1, Pedantry (Score:2)
1. Because GB is a more well known shorthand for a data amount.
2. Because a difference of 73,741,824 bytes doesn't matter in this article.
Re:-1, Pedantry (Score:4, Insightful)
That is a reason TO use GiB. It promotes awareness so that there is no confusion when it DOES matter.
"2. Because a difference of 73,741,824 bytes doesn't matter in this article."
Um... that supports the argument that it doesn't matter one way or the other which one is used, making the initial complaint seem pointless.
Re:-1, Pedantry (Score:2)
If people want to continue using GB when they really mean the ISO-defined GiB quantity, go right ahead. But don't complain about people choosing to use the correct measurement unit.
TrueCrypt (Score:1)
Who's asking? (Score:3, Funny)
Another nod for Truecrypt (Score:3, Interesting)
As far as shredding files goes, that isn't really connected with the encryption process, but more to your hard disk speed. Writing random bits to a 10-30 GiB file is going to take a while no matter what program you use.
Re:Another nod for Truecrypt (Score:2)
Re:Another nod for Truecrypt (Score:2)
If I understand TrueCrypt's technology and assuming that you didn't let an attacker copy your TrueCrypt volume header... overwriting the first 512 bytes of a TrueCrypt volume destroys the key for that volume. Unless you have a backup of the volume header, your data is lost and unrecoverable unless you get lucky and can break the encryption key.
Re:Another nod for Truecrypt (Score:2)
Re:Another nod for Truecrypt (Score:2)
Re:Another nod for Truecrypt (Score:2)
Re:Another nod for Truecrypt (Score:2)
I don't claim to be an expert on the macabre subject of interrogation methods, though. I suppose if you are simply tor
Re:Another nod for Truecrypt (Score:2)
Re:Another nod for Truecrypt (Score:2)
Reminds me of dangerous fun had with a potato cannon a buddy and I built a few years back. Something about giving a potato the same kinetic energy as a 15 pound bowling ball travelling at 125 MPH and slamming it into stationary objects still brings a smile to my face.
Security costs CPU cycles (Score:3, Insightful)
XOR against a repeated key would be ultra-fast but woefully insecure. When will people learn that it takes CPU cycles to encrypt that much plain-text? In just about every other field you don't get something for nothing; why should Cryptography be any different?
Simon
Strong crypto can be very, very fast. (Score:2)
Re:Security costs CPU cycles (Score:2)
Hardware acceleration. (Score:5, Interesting)
Re:Hardware acceleration. (Score:2)
Re:Hardware acceleration. (Score:1)
If you count other things your OS will be doing, an Athlon system will be faster and cheaper. However, the EPIA will be half the size and draw a third the power.
Re:Hardware acceleration. (Score:1)
LK
Re:Hardware acceleration. (Score:2)
I'm also suspicious of its capabilities -- it seems feasible to have a large source of entropy and perhaps a hashing or XOR acceleration engine -- I doubt it has the bandwidth to read and hash at 20 Gb/s as the present marketing web pages claim Padlock
You're all terrorists and kiddie-diddlers (Score:3, Funny)
Personally, I videotape all my daily activities and archive them in case a law enforcement agency wants to know what I was up to on a particular date. I suggest you all do the same. Think of the children and 9/11!!!
BestCrypt (Score:2)
Also, be aware that your encryption choice will affect speed greatly. 448-bit is slower than 224 bit, etc. Also some algos are optimized - twofish is a pentium-optimized version of blowfish.
which operation is taking too long?? (Score:1)
Seagate's self-encrypting hard-drive (Score:2, Informative)
Fast encryption, slow decryption (Score:2, Funny)
Re:Fast encryption, slow decryption (Score:1)
Use a sledge hammer.
Not cross platform, but... NTFS built-in (Score:2)
Re:Not cross platform, but... NTFS built-in (Score:2)
- The keys are tied to the machine (you can't take those USB drives and mount them on another machine, at least not when I tested it)
- The keys are a PITA to backup, the management interface is clunky
- It's not the strongest system in the world (I believe there are numerous issues with how it was implemented)
That being said, it's generally better then nothing for when you want to protect semi-confidential data. Most attackers won't t
Re:Not cross platform, but... NTFS built-in (Score:2)
Re:Not cross platform, but... NTFS built-in (Score:2)
For our remote workers using laptops, version-control software for corporate data and staying in sync with the other workers in their department. Combined with SecondCopy + TrueCrypt partitions on the USB/FireWire drives. The local USB/FW drive handles things like backing up their personal files or e-mail. We also recommend that they make use of a tool like Acronis Tru
Are you sure it's the encryption? (Score:3, Insightful)
Encryption itself... I seem to remember that TwoFish needs 26 clocks to encrypt 8 bytes on a Pentium. So your 2.6GHz CPU can encrypt 8GB/s (but the bus cannot deliver that much, I suspect). Add in some fudge factors for OS overhead and other tasks, and you're still two orders of magnitude below the IO time.
You need faster disks.
Re:Are you sure it's the encryption? (Score:3, Insightful)
BTW, TrueCrypt includes a little benchmark tool to allow you to calculate throughput rates for the various algorithms (as implemented inside of TrueCrypt). Useful for seeing just what the best-case ra
Re:Are you sure it's the encryption? (Score:2)
Blowfish, Twofish, Redfish, Bluefish!
Re:Are you sure it's the encryption? (Score:1)
LK
Re:Are you sure it's the encryption? (Score:2)
It's the 2GHz core with 3GB of PC3200 RAM running WinXP Pro 32bit. The motherboard is a Tyan Tiger K8W S2875 with a slightly odd memory path. Only one of the Opterons is connected to the memory, the 2nd Opteron routes its memory access through the first one. It's not ideal, but it was the small
Re:Are you sure it's the encryption? (Score:2)
Re:Are you sure it's the encryption? (Score:1)
Re:Are you sure it's the encryption? (Score:1)
Kryptochef (Score:2)
I would recommend "KRYPTO", or more precise "KRYPTO 2.0/2006 Professional Multi User Professional Data Fullbit Coding Program". The program uses the best encryption possible (called 256 bit fullbit encryption). Read up on it here:
Kryptochef [kryptochef.net]
The application even sports a friendly GUI that is easy to use and allows even novice users to encrypt files.
Cheers, Fogger
Snake Oil: Re:Kryptochef (Score:2)
Re:Kryptochef (Score:2)
Use PKZIP (Score:1)
AXCrypt (Score:2)
http://axcrypt.axantum.com/ [axantum.com]
GRC.com likes [the FOSS] 'TrueCrypt' (Score:2)
to hear why & more about it:
http://media.grc.com/sn/SN-041.mp3 [grc.com]
For slow modem users, here's the transcript:
http://www.grc.com/sn/SN-041.pdf [grc.com]
A list of his other podcasts:
http://securitynow.info/ [securitynow.info]
Re:GRC.com likes [the FOSS] 'TrueCrypt' (Score:2)
Snake Oil? (Score:2, Informative)
Whole disk (Score:1)
Consider Tiny Blowfish - skip the shredding step (Score:1, Informative)
There's a program called "Tiny IDEA" which implements the IDEA cipher. It's written in assembler for DOS, and comes with source code; the executable is about 500 bytes. It was originally written by Fauzan Mirza (who has credibility in that he also won Bruce Schneier's $10,000 award for best attack on Twofish during the AES competition). It was later further optimized and improved by someone named Mark Andreas, who I've never hear
Don't laugh... (Score:1)
Not sure what you are doing with the files (i.e. staying on your machine or being distributed, etc.) but the EFS might be a very simple and effective option. Microsoft's website actually has some fairly good articles about it's usage beyond the stupid-user stuff.
What's important to remember is that you MUST use Window's SYSKEY program in mode 2 or 3 in orde
Read the forums about EFS. (Score:2)
In some cases EFS is tied to the computer on which it is installed. You cannot restore it to another computer, even if you have all the keys.
Were you thinking, oh this time Microsoft won't be sloppy?
Re:Read the forums about EFS. (Score:1)
Author has a problem, I'm trying to offer a viable solution... a solution that I have found to work well on the enterprise level. So spare me the anti-M$ rhetoric, please.
He doesn't know what TrueCrypt is. (Score:2)
It sounds you don't know what TrueCrypt really does. Real-time transparent encryption does not "compress" nor "shred" anything.
Wait a minute... (Score:2)
Anyone else notice that the submitter is called 'cryptoz', or that his linked website, http://www.sheehy.ca/crypto/ [sheehy.ca], is called "The Cryptography Center"?
Also the little matter of his website's description saying "This website is designed as a location for as many cryptography resources as possible. The intent is to collect a large number of articles for those who are interested in learning more, practical computer applications to download, lists of other resources,
Isn't TrueCrypt Linked in the POSTING? (Score:5, Insightful)
Re:Isn't TrueCrypt Linked in the POSTING? (Score:3, Informative)
Re:Isn't TrueCrypt Linked in the POSTING? (Score:2, Funny)
Re:Isn't TrueCrypt Linked in the POSTING? (Score:1)
Re:Isn't TrueCrypt Linked in the POSTING? (Score:1)
Yes,
Re:Isn't TrueCrypt Linked in the POSTING? (Score:2)
Re:Isn't TrueCrypt Linked in the POSTING? (Score:1)
Nice site
New idea
Re:Isn't TrueCrypt Linked in the POSTING? (Score:1)
Damned elitist reading Nazis...
Re:Truecrypt (Score:2)
I've found Apple's FileVault too slow for video on a 1.2GHz G4, but maybe on a G5 or Core Duo it's fast enough. That's AES-128 or 256, so maybe the TrueCrypt AES implementation just needs tuning for his hardware.
Re:Truecrypt (Score:5, Informative)
I'm also amused by the submitter's "too slow" comment for TrueCrypt. I use it on my 4-year old laptop (a 1.7Ghz Pentium 4 mobile) and find that it's the hard drive that is the bottleneck rather then the CPU. I'm using the stock TrueCrypt settings for encryption algorithm (256bit AES, LRW mode) and hash (RIPEMD-160). I have two volumes on the laptop, one is a ~700MB TrueCrypt file volume used for extra sensitive data and the second is a full-disk encrypted FireWire drive attached to the unit (160GB).
Copying from the laptop's hard drive to the encrypted external FireWire drive gives me transfer rates of around 10-12MB/sec and uses up around 30% of my CPU. Which is not too shabby for a 4 year old laptop. I would hardly call it "too slow".
I just did the benchmarks for a 100MB buffer, the left number is speeds on my 1.7Ghz Pentium 4 mobile laptop CPU, on the right is performance of a 2Ghz Opteron 246 chip (TrueCrypt 4.2 is not multi-threaded so it only used one of the two chips installed in that system):
Blowfish 35.1MB/s 46.8MB/s
Twofish 21.3MB/s 40.6MB/s
AES 28.5MB/s 32.6MB/s
Serpent 11.7MB/s 34.3MB/s
CAST5 10.5MB/s 34.7MB/s
Triple-DES 6.2MB/s 12.0MB/s
Those are not scientificially rigorous tests, but the built-in benchmark tool shows that the laptop's P4 is capable of very high encrypt/decrypt rates. It also looks like Serpent/CAST5 algorithms possibly don't fit inside the CPU cache very well (the Opteron chip has a larger L2 cache) or Serpent/CAST5 use operations that are more efficient on the Opteron chip. I don't know enough about the individual characteristics to make more educated guessed then that.
It's a pity that TrueCrypt isn't multi-threaded, or the dual-CPU Opteron system would've scored even higher on the TrueCrypt benchmark. I've run the benchmarks for a few different sizes (10MB / 50MB / 100MB / 500MB) and the numbers all tend to add up the same way (within a few percentage points) across the board.
Re:Truecrypt (Score:2)
IIRC TrueCrypt is going to multithreadded-IO in a near-future release so that should help even more with heavy disk access.
Re:Truecrypt (Score:3, Funny)
It crimps the submitters style to have skipping porno. What else are people doing to generate 30GB of data the needs to be encrypted.