[truecrypt.tk...] : free and works ok
[jetico.com...] : a bit pricey but very good

Hope this helps,

Kaled.

Cryptainer is pretty easy to use. Cheap.

If up-to-date software is not a requirement, why not look at the free version 6 of PGP, which includes PGPDisk, or if you don't mind paying, buy a newer version. (The newer free versions don't have pgp disk) You can't get much better encryption software than PGP in my opinion .

I've been using PGP for years. The personal license is about $60 US and it includes PGP Disk which will allow you to work seamlessly with encrypted data. All data on my laptops is encrypted with this.

Next year they're coming out with PGP Whole Disk which will let you encrypt everything on your laptop. I'm looking forward to that.

Sorry but how does this encryption work? Do I have to enter a key or password every time I open a file and then each time I re-save it? Or I can I just enter a key once I log on and it de-crypts everything so I can work as normal until I turn off?

PGP Disk works like this: you enter your password once and the encrypted disk then works exactly like any other disk on your system. The difference is that you can set the length of time that your use of this disk will last. It can last for the entire time that you're logged on, or until the screen saver is activated, or as many minutes as you like. On my home laptop I have it setup so that I enter my password once per session. As soon as I log off or turn off the machine everything in that partition is encrypted.

You can also use PGP to encrypt certain files or folders. It's a very flexible system and quite easy to use. Other than the time that I enter my password I hardly notice that it's there.

Thanks Bill will definitely look into this. How will PGP Disk differ then from PGP Whole Disk because from the sounds of it unless you know the password everything is encrypted anyway?

You can't encrypt the operating system or the program files with PGP Disk. The software has to run from there. So, you could run the risk of some Windows programs storing passwords in the unencrypted drive.

The Whole Disk encryption will will let you encrypt everything. It's kind of like adding a BIOS level password, but with the added security that the entire physical disk is encrypted. This will add a more total level of security for your hardware. In their promotional blurb for this they say you can use the Whole Disk technology on removable disks and USB keys as well, so I'm sure you can see the benefits of that.

wow now that sounds quite amazing. Thanks for the explanation.

When using XP (and I believe other NT based systems), you can right-click any folder, choose properties, general tab, advanced button (next to the read-only attribute), and then enable encryption. The drive should be formatted with NTFS.
Now, only the currently logged in user can read that data.

Gert

When the system boots, go into setup.

You can then password the whole laptop from there. No clever software needed, but for goodness sakes don't forget the passoword!

That would not help if they take the disk from your laptop.

Gert

Ah. I didn't know that.

Luckily I use a memory stick for the dodgy stuff!

I've been using AxCrypt, a transparent AES encrypter along the same lines as the software mentioned above. It's open source & free.

Thanks for all the advice everyone :)

That would not help if they take the disk from your laptop.

What would not help if they remove the disk?
Are you talking about XP? Are you saying the encryption that comes with XP is accessible if someone removes the disk?

PGP sounds good!

No I meant a BIOS password won't help to protect the disk.
If you enable NTFS encryption, then only that user can read the data. Take care: if you delete the username, and then recreate the same username, you still can not access the encrypted data.

Gert

I'm not too sure about NTFS encryption. It has caused me some major problems after a hard disk crashes. Unless you have drive image type backups of your system it's extremely hard to recover that data. At least with a PGP-like public key encryption system you aren't tied into the operating system. After a couple of mishaps I have removed NTFS encryption from almost all of my files.

After a couple of mishaps I have removed NTFS encryption from almost all of my files.

I avoid NTFS entirely (except for a partition I use for testing).

Kaled.

For now all I need to do is encrypt one folder, with lots of sub-folders (about 6GB). Will PGP let me do that (easily)? I started looking at the info about PGP, it seems to be for disk partitions. I guess I will partition my disk if I must but I would rather be able to encrypt one folder on the disk.

Which is the main site to get PGP from? I started looking for it on Google and found a lot of different sites (slightly confusing).

I am not a PGP employee or affiliate. Just a private non-profit shill. ;)

For now all I need to do is encrypt one folder, with lots of sub-folders (about 6GB). Will PGP let me do that (easily)?

PGP will let you encrypt individual files and folders. It's very simple to do. Right click and encrypt from Windows explorer. The use of PGP disk encryption just makes it easier to work with a lot of files seamlessly. When you're working with individual files and folders you simply have to enter your password/keyphrase that many more times. It can get tedious depending on the number of files you're using and the frequency of access.

My initial attraction to PGP was not for the file or disk encryption, but for e-mail encryption. This is a whole separate topic, but it's what PGP is really great at for me. I'm an encrypted e-mail junkie.

Which is the main site to get PGP from?

The corporate PGP site is here:
[pgp.com...]
You can get the free and licenced versions from there.

Back before the US lightened up their encryption export laws in 1999 there were groups of people who would scan the the source code of PGP releases and redistribute it outside the US as an international version. The PGPi site is still up and has links to older free versions of PGP.
[pgpi.org...]

There is also an OpenPGP compliant PGP variant called GnuPG.
[gnupg.org...]
I haven't used GnuPG, but it is very popular in the encryption community. Some argue that the PGP originally written by Phil Zimmermann in 1991, has lost some of its integrity after being bought out by McAffee and now Network Associates Inc. Phil Zimmermann has rejoined the board of NAI so I don't know how much of an issue that is anymore.

the comment about putting a password on the bios isn't a secure thing, while it's secure for the average user, I bet you no matter what kind of password you put on it I could get past it (and by that i mean remove it).

I'll second that comment about BIOS passwords being ridiculously easy to overcome. I am by no means a hacker, but I was able to get past a BIOS password on a donated, used PC in about ten minutes by removing the BIOS battery. Don't rely on a BIOS password, ever.

I believe some laptops have secure bios passwords. However, dealers may still be able to clear them by means of a dongle. Information on such dongles (e.g. cross-connecting pins on a parallel-port plug) is available on the internet (shock!).

Kaled.

nothing is secure, stuff is just "more secure" or "less secure" absolute security is something you will never have (unless you live in a cave somewhere and block of the entrance, but then you will die)

Thanks everyone!

Bill:

When you're working with individual files and folders you simply have to enter your password/keyphrase that many more times.

All my work is in one folder (lets say that folder is called 'work'). 'Work' has lots of sub folders. If I use PGP to encrypt the 'work' folder, and I spend all my time in that folder; will I have to enter the password for every file or just the first time I access the work folder?

Oops, I should also have mentioned that I use a wireless network with 3 computers all sharing the same 'work' folder. Will PGP let each computer access the encrypted folder providing I have the password?

Suppose I want to send someone 10 of the files in my work folder. I want to send them unencrypted, will PGP decrypt a selection of files e.g. if I move them out of the work folder? I don't want my clients to have to get PGP so I can send them some files.

kapow in this case you'd be best off using PGPdisk, and instead of creating an entire encrypted disk with its own drive letter you can simply create an encrypted folder. Once the folder has been opened with your key you can share it across a network and make it accessible just like any other file/folder on your drive. When the folder is encrypted (locked) it will simply look like one file. When it's unlocked it looks and works just like any other folder on your PC. So, if you wanted to send files from that folder they would not be encrypted.

There is also SafeHouse from PCDynamics.com. It does basically what PGPdisk does as well, and has a variety of encryption scehmes including 448-bit blowfish.

I have been using it for some time, and it works very well.

Unless files are encrypted individually, there is definitely a potential for sharing violations. I strongly recommend you test whatever solution you choose carefully before you comit to it. You need to be sure that two computers on the network can both read and write files in the same encrypted directory/volume.

A volume-based system that bypasses high-level file access methods should be ok but I have my doubts whether a directory-based system (in which encrypted contents appear to be located in a single file) could achieve the required file-sharing.

Kaled.