5

Would it be correct to assume that encrypting a single file in a Windows environment, for example a simple text file containing login credentials for a variety of accounts, is inherently insecure?

It is my understanding that on most Windows systems, the creation of temporary files, caches and automatic backups means that it is likely that an unencrypted copy would exist somewhere on the system.

To put things concisely, what are the best practices for single file encryption on a Windows system, (if they exist.)

nitrl
  • 3,003
  • 4
  • 20
  • 23

2 Answers2

7

Your understanding is, indeed, correct.

Most probably you have a copy of that file on your system now. After you encrypt it, you'll either have to remove the unencrypted version yourself, or the encryption application will do that for you. As far as I know, there's no 100% way to delete a file and be sure that it's gone along with any evidence of its existence.

You have 3 options:

  1. Search and destroy: Learn about all the places in which your file might have existed. This is not just about the temp directories and caches, this means down to the sector-level and effectively destroying the data by overwriting it. While plausible, I'd say it's practically impossible.

  2. The alien approach: Encrypt the file on a different computer, copy the encrypted file to the intended storage place, then physically destroy the hard drive on the computer used for encryption. As long as you don't open the file (because once you open it, you'll run into the risk of leaking an unencrypted copy with caching, saving temporary files, accidental backup, etc...) Possible, but silly.

  3. Full disk encryption: This is, by far, the most secure option. While, like anything in security, not 100% secure, it's your best option. I'd recommend some industry-standard application like TrueCrypt.

Community
  • 1
Adi
  • 43,808
  • 16
  • 135
  • 167
  • Please note that this answer doesn't handle deep cryptography issues that _might_ exist in this area. For that, you need to wait for an answer by one of our more experienced members. – Adi Mar 12 '13 at 08:59
  • agreed that these don't provide deniability of the existence of a filename - but '[in]secure' can mean different things in different contexts. It's not particularly relevant to the task of maintaining a list of account details. Regrading 'It is my understanding...' most such tools (axcrypt, PGP, GPG) automatically shred temporary and source files. – symcbean Mar 12 '13 at 13:39
3

Indeed, when a file is encrypted, its contents are unusable until decrypted, so anything you do with the data necessarily implies that the data exists somewhere on the machine in decrypted format. It will be decrypted at least in the machine RAM, and some (many) applications may copy part of the data to temporary files (Word does that a lot, for instance). Moreover, RAM contents may be copied to the disk as part of virtual memory management, a trick by which process see more memory than really exist in the machine, the operating system using the disk for transparently storing the less used chunks of data. When using hibernation, the whole RAM contents make it to the disk.

To really keep your data confidential, even if your laptop is stolen, then you must use a comprehensive solution which encrypts just about everything on the machine. TrueCrypt is the oft-cited product for system encryption, and it supports full-system encryption.

As @Adnan points out, if the data is already on the machine, unencrypted, then it should be removed. However, applying full-disk encryption on the live system (as TrueCrypt pretends to be able to -- I have not tried !) should be sufficient. Possibility of recovering old data chunks from hard disks, after having been overwritten, is a recurrent subject on this site. If you are truly worried about it, buy a new laptop, apply full-system encryption, then transfer your data, and finally destroy the old laptop with your favourite annihilation method (burning and dissolving in acid tend to be health hazards, while throwing it overboard while in the middle of the Ocean is bad for the environment; shredding might be safer and easier). Half of the job of encryption is to alleviate the user's paranoia, so it is up to you to see how much your consider data confidentiality worth.

Community
  • 1
Tom Leek
  • 168,808
  • 28
  • 337
  • 475