this is one of the open source encryption product I’ve bet upon for implementation across a corporate network.
Today while exploring to implement this for a personal usage of a high profile client through one of my friend, came across umpteen number of free/open source, commercial tools for the same.
Having said that, people are claiming they’re able to break even
such tools in the underground security/forensic networks.
http://www.pgpi.org/ (email encryption)
Full-disk encryption (FDE) is encryption at the hardware level. FDE works by automatically converting data on a hard drive into a form that cannot be understood by anyone who doesn’t have the key to “undo” the conversion. Without the proper authentication key, even if the hard drive is removed and placed in another machine, the data remains inaccessible. FDE can be installed on a computing device at the time of manufacturing or it can be added later on by installing a special software driver.
Encryption is a process of encoding information so that it cannot be accessed by others unless they have the key needed to decode it. Encryption is usually used to protect highly sensitive documents, but it’s also a good way to stop people from looking at your personal stuff.
Primary encryption utility categories
Why use categories here? To bring a little order to the large catalog of encryption utility reviews at this site. This particular review article is limited to “drive encryption” utilities. See related categories below.
Encryption utilities that encrypt files/folders directly: These utilitiees encrypt discrete files and/or folders directly, in contrast to utilities that encrypt and store files in volumes (archives, i.e., container files). File-based utilities may operate in batch mode or in on-the-fly mode.
Virtual-drive encryption utilities create volumes (encrypted containers/archives) which can be mounted in the file-system as virtual drives, complete with drive letters, e.g. “V:”. These drives can contain both files and folders. The computer’s file system can read, write and create documents in real time, directly in cleartext. Virtual-drive utilities operate in on-the-fly mode.
Full-drive encryption utilities – the utilities reviewed in this article – encrypt entire storage devices, e.g., hard-drives, drive partitions and USB drives. Some of the utilities in this category can also encrypt the drive that the operating system itself is installed on.
Client-side encryption utilities for the cloud: A newly emerged category. These utilities encrypt files before they are uploaded to cloud sync/storage locations. The files are encrypted in transit and while at rest in the cloud. Cloud encryption utilities employ various forms of virtualization to present cleartext client-side, and they operate in on-the-fly mode.
Cautionary Notes Operating systems are messy: Echos of your personal data — swap files, temp files, hibernation files, erased files, browser artifacts, etc — are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echos.For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. Unless you purge — not just delete — those clear-text files. 😦
The fact that an encryption program “works” does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm – maybe even a reliable open source one – implements a user interface, tests the program to make sure it works, and thinks he’s done. He’s not. Such a program is almost certain to harbor fatal flaws.
“Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely buzzword compliant; they use secure cryptography, but they are not secure.” –Bruce Schneier, in Security Pitfalls in Cryptography
Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.