Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cross-Platform Encryption?

Posted by Cliff on from the lowered-barriers-for-information-protection dept.

Dr. Sp0ng asks: "I'm sure a lot of Slashdot readers carry around USB keychain drives or other portable media. What cross-platform encryption solutions have you found for these? The ideal solution would be something which can create a true encrypted disk image in a file, along with Windows and OS X (and perhaps even Linux) standalone executables which can mount these without requiring you to install anything. Obviously something like GnuPG could be used, but it won't let you create an actual mountable filesystem. There are plenty of Windows solutions, and Mac OS X users can simply create an encrypted DMG, but are there any cross-platform solutions out there?"

40 of 57 comments (clear)

  1. Truecrypt by Saiyine · · Score: 1


    Althought windows only, Truecrypt looks really cool and can be a real lifesaver in conjunction with pendrives or even gmail.

    --
    Dreamhost superb hosting.
    Kunowalls!!! Random sexy wallpapers.

    --
    Hosting 20G hd, 1Tb bw! ssh $7.95
    1. Re:Truecrypt by avalys · · Score: 2, Informative

      Ditto. Truecrypt is great, and free.

      They are also coming out with a Linux version in the future, but I don't know of the timeframe.

      Unfortunately, an OS X port is not planned.

      --
      This space intentionally left blank.
  2. A simple solution by waynegoode · · Score: 4, Interesting

    This is not exactly what you are looking for, but how about ...

    A big ZIP file on the drive.

    + It is encrypted.
    + It is cross platform if the underlying File System is.
    - The computer needs a ZIP file decrypter and a encrypter if you want read/write.
    - It acts like a file system, but really isn't.
    - Not the best encryption.

    1. Re:A simple solution by jasonwea · · Score: 2, Interesting

      And the worst negative of all for me:

      Typically one would have to decrypt the files to a local fixed disk where they live unencrypted while you work on them.

      Options such as RAM disks exist but how readily available are these? (Think of machines where you do not have root).

    2. Re:A simple solution by Skuggamara · · Score: 2, Informative

      I believe ZIP is encryptable with AES-256 now. Wouldn't this be considered "good" encryption?

    3. Re:A simple solution by Trepalium · · Score: 2, Informative

      Depends on your ZIP utilty. Winzip's AES encryption != pkzip's AES encryption, and I don't think Linux unzip supports either one yet.

      --
      I used up all my sick days, so I'm calling in dead.
    4. Re:A simple solution by zhiwenchong · · Score: 1

      Is there some tool that you can use to mount a zip file as a VFS? You know, like the way XP opens ZIP files like any other folder.

    5. Re:A simple solution by Trepalium · · Score: 2, Insightful

      Even if you didn't have to decrypt the files to open them, there's a good chance a directly opened file from a compressed volume might make it to the pagefile unencrypted (or to temporary files in %TEMP%). Depends on what risks you're willing to take. If you're just transporting files between trusted machines through untrusted areas, this may be perfectly fine (e.g. USB flash drive on a keychain). If you expect your files to be secure just because they're in an encrypted state on the disk, you might be disappointed.

      --
      I used up all my sick days, so I'm calling in dead.
    6. Re:A simple solution by Anonymous Coward · · Score: 1, Interesting

      If the goal is to transport files between trusted computers, and be safe in case you drop your USB key and someone unscrupulous finds it... this seems like a case where one-time pad could be a good solution. You'd first have to transport a random file the size of the USB key to each of your trusted computers, and you'd need a file system driver that uses a prespecified OTP file to XOR the data.

      Anyone who gets hold of the USB key can't do anything with it, unless they also have the OTP file. The "one time" in the OTP definition isn't here strictly followed, but it isn't a problem if the threat scenario is losing the USB key. On the other hand, if the attacker is able to make copies of the USB key without your knowledge at several different times, this would be a weakness. So the trustworthiness of the solution would depend on your paranoia and threat level...

      Would anyone know of a working software solution along these lines?

    7. Re:A simple solution by Burz · · Score: 1

      Can't say for certain, but Xandros Linux does have this behavior of handling a zip file like a folder. Its available via a free download so you may want to check it out.

  3. Encrypted DMG on OS X only supports AES-128 by zhenga · · Score: 3, Informative

    Altho Disk Utility on OS X can create encrypted disk images, it only has one encryption method which is AES-128.
    (prove me wrong here, but i've search many times on google to see if other encryption methods were available)

    I once created a 4 GB encrypted sparse disk image, but copying large files to it will always result in an inresponsive OS on my 867MHz G4.

    Maybe a fixed sized image will work better, but what I really want is support for other encryption algorythms so the user can make the trade-off between speed and security/paranoid level. I for one would not mind encrypting a disk with Blowfish only.

    On Windows I use TrueCrypt, I can't wait to see an OS X port of that (and other platforms ofcourse ;)

    1. Re:Encrypted DMG on OS X only supports AES-128 by Bishop · · Score: 1

      AES-128 is fast enough. An unresponsive OS is a problem with the implementation.

  4. Re:It's so obvious! by thegrassyknowl · · Score: 2, Interesting

    Well, you could XOR your data, or have the disk in EXT2 format (with a small FAT32 partition at the start with EXT2 drivers for various sysems.

    As for encryption, I presume you're interested in keeping the average user from sector L out of your files, should your key be "misplaced".

    I'd look at GPG; it's roughly PGP compatible. There are the pay for versions of PGP for Windows that can create a big encrypted file and give it a drive letter. Maybe there exists some GPG code that can mount those files?

    --
    I drink to make other people interesting!
  5. QEMU? by kisielk · · Score: 4, Interesting

    I've been thinking about doing a QEMU setup on a flash drive with an encrypted file system, and including QEMU executables for various OSs. You coul d then boot up the QEMU image, which could have networking support with Samba or something, and then access the files over the network.

    I haven't actually tried this yet, and I'm not entirely convinced it's a good idea, but it's one suggestion. Has anyone else tried this? Any comments or suggestions?

  6. What the hell is wrong with you? by Anonymous Coward · · Score: 1, Insightful

    He specifically asked for a cross-platform solutions and not a Windows-only solution.

  7. Previously on Ask Slashdot... by Bogtha · · Score: 5, Informative

    A pretty much identical Ask Slashdot from two years ago: Multi-Platform Encrypted Disk Image Formats?

    --
    Bogtha Bogtha Bogtha
    1. Re:Previously on Ask Slashdot... by aCC · · Score: 2, Insightful

      A pretty much identical Ask Slashdot from two years ago

      Exactly. 2 years is definitely too old.

  8. FreeOFTE for Win/Lin or ccrypt for Mac/Win/Lin by Trepalium · · Score: 3, Interesting

    FreeOTFE runs in Windows and is compatible with Linux losetup/dm-crypt volumes. The only Win/Mac cross encryption program I've found is ccrypt which is unfortunately just a simple file encryption program.

    --
    I used up all my sick days, so I'm calling in dead.
    1. Re:FreeOFTE for Win/Lin or ccrypt for Mac/Win/Lin by Noksagt · · Score: 1

      Thanks for the link to FreeOFTE. Looks handy.

      As for single-file encryption, there are A LOT of cross-platform apps which will do this (not the least of which is gnupg).

  9. Embedded Damn Small Linux by forsetti · · Score: 3, Informative

    You *have to* check out "Embedded" Damn Small Linux. ~50MB download, extract to your USB key, and run a full blown Linux distro in QEMU (Linux and Windows QEMU included).

    --
    10b||~10b -- aah, what a question!
  10. ZIP encryption by Noksagt · · Score: 1
    Yes, different archivers have different encryption. I've seen Blowfish, DES, 3DES, AES encrypted zip files (in addition to the OLD pk-zip "encryption.")

    For that particular case:
    That's since been fixed; WinZip can decrypt PKZip AES-encrypted files, and a PKWare program called the PKZip Reader can decrypt WinZip-created encrypted files.
    (which was in the article).
  11. Secret software to protect your secrets? by Futurepower(R) · · Score: 1


    I feel uncomfortable using closed-source encryption tools. Encryption is complicated. It is easy to introduce weaknesses. You don't know if secret software has back doors.

    Link to Jetico.

  12. Info-zip doesn't yet support AES by Noksagt · · Score: 1

    unzip will supposedly support it in 6.1 & zip in 3.1.

  13. bcrypt and ccrypt by iignotus · · Score: 1

    bcrypt and ccrypt. They're all you need. Windows, Linux, whatever. Open-source and very good ciphers.

  14. So why did you link to one? by iignotus · · Score: 1

    See subject heading. Was it just to warn us?

    1. Re:So why did you link to one? by iignotus · · Score: 1

      Disgregard that. My mistake. I've never seen the source before.

  15. Just an idea.... by martian67 · · Score: 1, Interesting

    I've wished for something similar in the past. One solution that occurred to me would be to create an encrypted loopback filesystem under Linux. For those not familiar with this scheme, it essentially encapsulates a filesystem in a regular file and [en|de]crypts it at the kernel level.

    One potential way to access this from Windows would be using Namespace Extensions. I believe this is the way that "special folders" such as Control Panel and Scheduled Tasks are integrated into the Explorer. It would seem to be straightforward for someone knowledgable in the area to create a Namespace Extension that could mount an encrypted loopback filesystem created in Linux.

  16. Re:Is this too obvious by base3 · · Score: 1

    That, and I haven't seen a non-trivial Java business application yet that doesn't require a very specific JVM under a very specific OS (Windows) and a very specific browser (MSIE). So it's not cross platform, and incurs the p-code performance hit. A real winner.

    --
    One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
  17. Truecrypt license by daveewart · · Score: 1

    Ditto. Truecrypt is great, and free.

    Although free to use, it's free-ness in other respects is unclear. The code is available to read (technically "open source"), but the license is a complete mish-mash of components, reflecting all the different contributions to it over the years: http://www.truecrypt.org/license.php

    In particular, it states: "This product may be freely copied and/or distributed, provided that it is not modified or repackaged" and then goes on to say that you *can* repackage it as long as you attribute about 12 different people ...

    Is there not a *real* Free product which does this?

    --
    "If you think the problem is bad now, just wait until we've solved it." --- Arthur Kasspe
    1. Re:Truecrypt license by Synli · · Score: 1

      Huh? Free Software doesn't mean there are no conditions. Their license merely states conditions under which you may distribute modifications. Each Free Software license does that.

      --
      "Two things inspire me to awe -- the starry heavens above and the moral universe within." - Albert Einstein
    2. Re:Truecrypt license by daveewart · · Score: 1

      No, 'Free' in this sense normally refers to freedom. Something as described in the Debian Free Software Guidelines http://www.debian.org/social_contract#guidelines is a typical benchmark for Free.

      Just being without cost ("free") doesn't make it Free!

      --
      "If you think the problem is bad now, just wait until we've solved it." --- Arthur Kasspe
    3. Re:Truecrypt license by Synli · · Score: 1

      Ok, name at least one item of the Debian Free Software Guidelines which the True License does not comply with.

      In case you haven't noticed: TrueCrypt is hosted on sourceforge.net, which allows only true open source projects.

      --
      "Two things inspire me to awe -- the starry heavens above and the moral universe within." - Albert Einstein
    4. Re:Truecrypt license by Synli · · Score: 1

      By "True License" I mean "TrueCrypt License". And one more thing, Debian Free Software Guidelines were used as the basis in creating the OSI (opensource.org) definition of open source. All projects on sf.net are required to comply with that definition.

      --
      "Two things inspire me to awe -- the starry heavens above and the moral universe within." - Albert Einstein
    5. Re:Truecrypt license by daveewart · · Score: 1

      Well perhaps you're right: however I'm not sure, strictly, whether it meets "3. Derived works", partly since the amount of attribution and acknowledgment one must give to the original authors is very high. Although, IANAL and it's unclear.

      In whatever light, the TrueCrypt license is very messy and is extremely complicated. This in itself makes it a tricky choice.

      --
      "If you think the problem is bad now, just wait until we've solved it." --- Arthur Kasspe
    6. Re:Truecrypt license by Synli · · Score: 1

      > This in itself makes it a tricky choice.

      Well, it depends on what you need it for. If you are an average Joe user, then I doubt you'll have troubles. BUT, if you are a software corporation that plans on using their code in its commercial products, then, yes, you'd better ask your lawyers. ;-)

      --
      "Two things inspire me to awe -- the starry heavens above and the moral universe within." - Albert Einstein
  18. Re:truecrypt is open source by Synli · · Score: 1

    They currently work on a Linux version, which should be out soon. Now it's Windows-only.

    --
    "Two things inspire me to awe -- the starry heavens above and the moral universe within." - Albert Einstein
  19. Re:Is this too obvious by base3 · · Score: 1

    Well, then you need to tell IBM, Perceptive Vision, the contractor for our state government, and probably a bunch of other people how to do it. And if it takes as much effort to achieve portability as with C++, then what good is it, given the performance hit?

    --
    One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
  20. Re:SourceForge, License, etc. by daveewart · · Score: 1

    The license is NOT GPL-compatible. It also isn't recognized by the OSI. It would be preferable and should be possible for them not to pick a persnickety license.

    That's what I was getting at, really ... the license just sounds too complicated :-)

    --
    "If you think the problem is bad now, just wait until we've solved it." --- Arthur Kasspe
  21. Try BestCrypt by jgoemat · · Score: 1
    BestCrypt (about $60 or 60 Euro also) creates a virtual drive into an ecrypted file and has versions available for Windows and Linux. Their SDK is free and includes source code at least for the encryption algorithms to verify they are safe and lets you plug in your own. The same file can be used in windows and linux and can even be accessed on a network share since the data is decrypted as it is used, sniffers would only see encrypted data being transferred.

    It also includes the ability to use hidden volumes. You use one password and the file opens up normally, if you use another you can access a hidden volume in the file. After creating a hidden volume you shouldn't modify the non-hidden volume contents as it could overwrite your hidden data, but there is no way to tell there's a hidden volume without guessing the second password.

  22. GNUPG by karlan · · Score: 1

    I just carry a usb pen with my secrect/public keys, I have a really long password, 4096 bit key, and every file is ascii armor encoded