RGdot

Tag: security

  • Treek’s Password Manager: Freeware Password Storage

    Treek’s Password Manager: Freeware Password Storage

    Treek’s Password Manager

    Treek’s Password Manager (version: 1.2) is a freeware password manager with strong encryption (Rijndael AES 256bit by default) and optional cloud storage and sync.

    Its interface is clean and polished and at first launch it offers to create a new database, and optionally allows the user to view or modify the initilization vector and salt that go along with the user chosen master password. The option to make it a local database or online one is available here or can be chosen later. The free service allows one database in the cloud with a paid version that has more allowances and offers backups.

    Treek’s Password Manager can import passwords saved in browsers automatically. Passwords and login data can be copied, via double click by default, and the associated URL opened too. For better security the program options include a setting to clear the clipboard after a number of seconds. Right clicking an entry presents other options. The most useful of these options is the auto type which will (attempt to) paste the username and password in an open browser page.

    The program collects telemetry which it of course claims to not include passwords. An ID is associated with this telemetry and it can be reset to “send telemetry with new identity”. Whether or not this is a deal breaker it is up to the user but the program looks clean.

    KeePass is and has been the de facto standard for local password storage and arguably the safest available, it is in many ways superior to any online alternative as well but Treek’s Password Manager is one possible option to consider.

  • Safely Transfer Files Using WinSCP

    WinSCP is described by its author as

    WinSCP is an open source free SFTP client and FTP client for Windows. Legacy SCP protocol is also supported. Its main function is safe copying of files between a local and a remote computer.

    It is a very robust and feature rich FTP client that supports secure file transfer using SSH over FTP. It has many of the usual and expected features like integration into Windows for such operations as drag and drop and insertion into the Send To context menu. Additionally in can be used via the command line to perform many actions available in its GUI such as synchronizing files between remote and local folders or simply uploading files. Many remote commands are also available by right clicking files in the remote pane, such as duplication, move, Tar, Touch, Grep and of course changing file permissions. It is possible to store sessions or login details and even remember last used local and remote directories.

    Two perhaps trivial but stand out features are an internal text editor to work on remote files and the ability to actually view such formats as .htaccess files in the remote pane therefore eliminating the risk of overwriting such files that Windows does not recognize, one thing that is really missing on most FTP clients.

    WinSCP should run on any system running Windows 95 or later and is currently at v4.1.8. In my experience I have had less problems with WinSCP when compared to the highly rated FileZilla.

  • Encrypt And Hide Files With TrueCrypt

    Encrypt And Hide Files With TrueCrypt

    TrueCrypt is described by its author as

    Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux

    TrueCrypt is a feature rich, powerful and reliable software to secure any number of files, folders or even entire drives. It achieves this by creating a ‘virtual encrypted disk’. It is possible to hide most any thing in one ‘file’ that is only accessible with TrueCrypt and via password and/or keyfiles. It is also possible to encrypt an entire partition or a USB key or flash drive. TrueCrypt supports three main methods of encryption, AES-256, Serpent, and Twofish, and depending on the data being encrypted one may not even need the most powerful but nevertheless it is also possible to generate strong password using TrueCrypt.

    Starting up the program and hiding, securing or encrypting requires a few steps. The user starts by pressing the ‘Create Volume’ button which leads to the launch of the ‘TrueCrypt Volume Creation Wizard’. Once there one chooses to either encrypt by creating a virtual disk within a file, a non-system partition such as a USB key or a system partition which basically allows for the encryption of the operating system as a whole. In one of the more typical uses, the ‘disk within a file’, the next step is to choose between a ‘normal’  encrypted disk or a hidden volume which basically hides the encrypted data inside another area so as to make it possible to deny any data is encrypted at all, what is called plausible deniability. Then the user chooses a location for the so-called file, the type of encryption, the size of the container or file, a password (and keyfiles if preferred) and finally between FAT or NTFS for the format of the volume.

    When the program is launched the user will see something like the image below where the encrypted file becomes accessible as a drive.

    truecrypt

    For increased security check ‘never save history’ and keep ‘cache passwords and keyfiles in memory’ unchecked (see image above).

    Many command line options that can ease the use of and for example automate mounting of encrypted drives plus many other explanations including a very easy to follow tutorial are all available at www.truecrypt.org/docs. TrueCrypt is currently at version 6.1a and supported by a good community and a detailed site.