Slashdot Mirror
Fast File Encryption for Windows?
cryptoz wonders: "I've used numerous encryption applications
for both Windows and Linux over the past few years and have always been satisfied. Until I realized I needed to start encrypting large files (say 10 to 30 GiB), or at least a large number of small(er) files. I found that everything I use seems to take hours and hours to compress, encrypt and shred. Not to mention decompressing, decrypting and deleting on the other end.
Every web search I do on the topic seems to turn up mostly closed-source applications or snake oil, neither of which is acceptable. Does Slashdot have any suggestions for fast file encryption? I should make it clear that in my particular case, I do not need to have a perfect key or incredibly secure encryption, since it is not the weakest link (as I am susceptible to hardware key-loggers, CRT eavesdropping and the like). The encryption needs to be just strong enough, but most importantly, *fast*." This is a worthwhile question, but when dealing with files in the 10s of GB, can anything really be considered to be "fast"?
I'd say your best bet'd be TrueCrypt.
You linked to it yourself, so you should be aware of the strengths of the application. It does on-the-fly disk encryption with either whole partitions or disk image files, has absolutely no problem with massive disks (I have a 40GB image on a USB drive), and is pretty fast. My benchmarks come up with 50MB/s average throughput (around 56MB/s encrypting, 47MB/s decrypting) for 256bit AES encryption on my machine. TrueCrypt seems to cope well with files of any size, and while I can't say I've tried 30GB, 4.7GB DVD images work very well indeed.
One thing that really makes it stand out in your scenario is the ability to use keyfiles. This allows you to select one or more files that will be used (hashed?) with your password to secure your data against those hardware keyloggers. (Although, I would question whether encryption is really required if you aren't that bothered about security.)
The best part of TrueCrypt is that it is completely open-source. No closed/proprietary systems and no snake oil. For encryption on Windows, when the built in stuff doesn't cut it, TrueCrypt is the only way to go, IMHO.
Ever tried this? SureCrypt
SureCrypt is an ultra small encryption program designed for fast processing of extremely large files. It can encrypt or decrypt files as fast as Windows Explorer can copy them. SureCrypt presents a flexible user interface with detailed record of all operations.
Just ROT2 the bits. Or is it ROT1?
Shhh! If I promise to mod you informative will you not tell the mods?
My 3D Texturing Skinning work (under construction)
Seagate recently released a self-encrypting hard-drive... does hardware level encryption at S-ATA link speed, or so they claim. More info: http://www.apcstart.com/site/dwarne/2006/06/263/se agates-self-encrypting-hard-drive
The submitter's question linked to truecrypt as one of two programs he's tried and found not fast enough. I hear it's real nice, but he's already found it too slow for his needs.
I'm also amused by the submitter's "too slow" comment for TrueCrypt. I use it on my 4-year old laptop (a 1.7Ghz Pentium 4 mobile) and find that it's the hard drive that is the bottleneck rather then the CPU. I'm using the stock TrueCrypt settings for encryption algorithm (256bit AES, LRW mode) and hash (RIPEMD-160). I have two volumes on the laptop, one is a ~700MB TrueCrypt file volume used for extra sensitive data and the second is a full-disk encrypted FireWire drive attached to the unit (160GB).
Copying from the laptop's hard drive to the encrypted external FireWire drive gives me transfer rates of around 10-12MB/sec and uses up around 30% of my CPU. Which is not too shabby for a 4 year old laptop. I would hardly call it "too slow".
I just did the benchmarks for a 100MB buffer, the left number is speeds on my 1.7Ghz Pentium 4 mobile laptop CPU, on the right is performance of a 2Ghz Opteron 246 chip (TrueCrypt 4.2 is not multi-threaded so it only used one of the two chips installed in that system):
Blowfish 35.1MB/s 46.8MB/s
Twofish 21.3MB/s 40.6MB/s
AES 28.5MB/s 32.6MB/s
Serpent 11.7MB/s 34.3MB/s
CAST5 10.5MB/s 34.7MB/s
Triple-DES 6.2MB/s 12.0MB/s
Those are not scientificially rigorous tests, but the built-in benchmark tool shows that the laptop's P4 is capable of very high encrypt/decrypt rates. It also looks like Serpent/CAST5 algorithms possibly don't fit inside the CPU cache very well (the Opteron chip has a larger L2 cache) or Serpent/CAST5 use operations that are more efficient on the Opteron chip. I don't know enough about the individual characteristics to make more educated guessed then that.
It's a pity that TrueCrypt isn't multi-threaded, or the dual-CPU Opteron system would've scored even higher on the TrueCrypt benchmark. I've run the benchmarks for a few different sizes (10MB / 50MB / 100MB / 500MB) and the numbers all tend to add up the same way (within a few percentage points) across the board.
Wolde you bothe eate your cake, and have your cake?
http://www.interhack.net/people/cmcurtin/snake-oil -faq.html
Bear with me for a moment while I try to get to the point as directly as I can.
There's a program called "Tiny IDEA" which implements the IDEA cipher. It's written in assembler for DOS, and comes with source code; the executable is about 500 bytes. It was originally written by Fauzan Mirza (who has credibility in that he also won Bruce Schneier's $10,000 award for best attack on Twofish during the AES competition). It was later further optimized and improved by someone named Mark Andreas, who I've never heard of in any other context. I'm not qualified to judge the quality of these programs directly, but when you read the manual it's pretty clear that Andreas knew what he was doing.
Tiny IDEA inspired a slew of other "Tiny" encryption programs by other authors, some anonymous, which can be found (free, and mostly with source code) at http://www.afn.org/~afn21533/rgdprogs.htm
(This is an interesting little site largely devoted to privacy and encryption, run by some random cool old guy. I think he wrote some of the "Tiny" spinoff programs.) Of particular note are a couple of Blowfish implementations, because as far as I know Blowfish is the fastest of the strong algorithms. Again, I can't vouch for the quality of these programs, but at least they seem to have a good genealogy.
Now obviously Blowfish implementations are a dime a dozen, but the reason I mention these "Tiny" ones in particular is because they encrypt your original file in-place, right there on the same disk sectors where it already resides, instead of creating a separate output file. This means you probably don't need to shred the original as a separate step, which might save you a great deal of time.