Thanks to all who have taken the time to answer, either on- or off-list.
Yes, I know PGPdisk and ScramDisk, but I was hoping to find good solutions
operating on per-folder or per-file basis, to minimize the reconfiguration
hassles when securing data used by standard applications (like mailbox
files).
All considered, I think that my choice will fall on ScramDisk, even though I
don't like very much the fact that, unlike in SafeHouse, the size of the
encrypted volume must be defined in advance. OTOH, ScramDisk is OpenSource,
and also $79.99 cheaper than SafeHouse ;-)
Cheers --
Enzo
----- Original Message -----
From: "Bill Stewart" <[EMAIL PROTECTED]>
To: "Enzo Michelangeli" <[EMAIL PROTECTED]>; "crypto list"
<[EMAIL PROTECTED]>
Sent: Wednesday, March 15, 2000 11:40
Subject: Re: Encrypting folders in Win95/98
> At 01:05 PM 03/13/2000 +0800, Enzo Michelangeli wrote:
> >Does anybody know any good Win95/98 utility providing connectoids seen by
> >the user as folders, so that any file moved to and from them get
> >automatically encrypted and decrypted? Something like Encrypted Magic
> >Folders by PC-Magic, but with a serious crypto engine instead of their
> >proprietary snake oil.
>
> Do you really want something that encrypts & decrypts individual files?
Bad!
> I tried RSA's freebie that did that, and while it did use real crypto
> instead of snake oil, it depended on having enough warning to re-encrypt
> on shutdown (really bad assumption for a laptop), and not encrypting files
> until they're closed cleanly (really bad assumption on Windows)
> as well as the extra work of decrypting and encrypting things in advance.
>
> One alternative is to use an encrypted diskoid driver that keeps its
> cyphertext in a file rather than using a full partition,
> similar to what Stacker and several other disk compression products do.
> Safehouse and Scramdisk both do this (ask AltaVista where to get them.)
> They do their encryption on a disk-block basis, not a file basis,
> and decrypt blocks when reading them off the disk, encrypt when writing,
> so they're never writing unencrypted data onto the disk.
> You assign some space on another drive (e.g.
C:\MyDocuments\Scramdisk.svl),
> and when you want to use the contents, you run the mount command,
> which gives you something looking like a removable drive (e.g. F:\),
> which you can store files in. I assume you can build shortcuts to
> point to the disk if you want files to look like they're somewhere else.
> Some of these products know how to expand their space if they get full,
> some don't.
>
> NTFS has a third approach for compression, and it may also do encryption
> (though it's probably just MSSnakeOil crypto if it does.)
> Each file and directory can be vanilla or compressed, and they're
> decompressed/compressed on the fly when reading/writing,
> though I'm not sure if it's a block-by-block basis or per-open/close.
> The user interface is the Windows Explorer file-system browser,
> which lets you select which files will get treated this way
> and which are stored as normal uncompressed files;
> compressed stuff turns blue, and compressed directories automagically
> handle all the files added to them as compressed.
> It was a very pleasant way to handle compression (unlike the
> big Double-Space blocks I needed to set up when I downgraded to Win95),
> with a lot less administration work needed.
> If they also did Real Crypto with it, it could be a win.
>
> In both the pseudo-disk and NTFS-like methods, you'd have to see
> how it worked mapping files across a net from a file server.
> I suspect the pseudo-disk products like Scramdisk do the right thing
> (or else refuse to work entirely) but I don't know if the NTFS-like
> systems do the compression on the file server or the client
> or just refuse to work.
> Thanks!
> Bill
> Bill Stewart, [EMAIL PROTECTED]
> PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
>
