Recommendations for secure encryption tools that avoid these problems?
Recommendations for secure encryption tools that avoid these problems?
Hi everyone,
I’ve identified several significant security concerns with the encryption tools I’ve tested so far:
1. When using the software, the original encrypted file is decrypted by entering the password. If the app closes unexpectedly (due to power loss, battery failure, or a crash), it doesn’t re-encrypt the file. The file remains unencrypted on your hard drive until you realize it wasn’t re-encrypted.
2. After entering the decryption password, the software creates a temporary copy of the decrypted file and saves it in AppData or Temp. This keeps the original file safely encrypted. But if the software shuts down unexpectedly, the temporary file stays on your drive unencrypted until you notice it hasn’t been deleted.
3. Most applications require an online sign-in, which I’d prefer to avoid.
4. Overall, I’m seeking encryption solutions that satisfy these needs:
- Allow encryption of individual files or folders without encrypting entire partitions.
- Resist issues from unexpected shutdowns—tools like Veracrypt work by keeping files in RAM instead of writing them to disk.
- Handle local encryption and decryption without needing internet or company server sign-ins.
- Be open source.
- Support Windows platforms.
- Ideally, auto-re-encrypt files if the lock screen appears, or when the PC sleeps/hibernates.
- Automatically re-encrypt files after a set time (e.g., 5 hours).
- Offer a portable version.
Thank you for your help!
VeraCrypt offers the choice to build containers, effectively generating an encrypted virtual hard drive. Alternatively, you can generate a VHD file, mount it, and let VeraCrypt manage the access. The challenge with storing data solely in RAM is that any program needing to open the file must possess a file handle, which requires a location within the operating system. I’m unsure how Veracrypt addresses this beyond potentially implementing a dynamic RAM disk. This approach remains practical mainly for smaller datasets unless you have substantial RAM capacity comparable to data centers.
Files can't be opened in RAM because they are typically stored on physical storage devices like hard drives or SSDs, not in volatile memory.
As mentioned in my previous post, all programs require a file handler to indicate where the data is stored on some storage device. It might not be wise to load the entire file at once. Particularly in games where files can be several gigabytes in size, but only a few hundred megabytes are actually needed. You can't assign a program a RAM address because programs aren't permitted to access each other's memory by default, and there are restrictions you need to follow if you wish to do so.