Fog Creek Software
Discussion Board




Replacement for PGPdisk?

I store confidential information, like passwords, in a PGPdisk, which is an encrypted virtual disk that I can use on my Mac or Windows notebooks.

PGP is "hostageware". It stops working after a year unless you pay up for another 12 months. Before I pay the ransom, I wondered if anyone had suggestions for a replacment.

I do know about GPG but it does not have the PGPdisk function as far as I can tell. Also, I can create an encrypted disk image on my Mac, but that won't be usable on Windows.

Nate Silva
Friday, December 19, 2003

Let me get this straight:

You have a program that encrypts your whole disk, making the machine along with ALL of YOUR data unusable if the program stops working for any reason.

And the license for said program requires that you pay per year.

And the vendor could go under/be bought/etc. at any time.

And you permit this?

David Jones
Friday, December 19, 2003

NTFS permits encryption. Any encrypted files are tied to a specific user account. The danger there, obviously, is that your NT installation may fail, and then you lose your files. I've yet to hear what Microsoft's proposed solution to this is. But at least it's free with the OS, and is no worse off than you are now with your hostage-ware.

Brad Wilson (dotnetguy.techieswithcats.com)
Friday, December 19, 2003

I have used BestCrypt from http://jetico.sci.fi/ for years, under Windows 98, 2000 and XP, and I had no problems with it - it worked very well.

James
Friday, December 19, 2003

I have used Maxcrypt for a number of years without problems.  It handles automated encryption and decryption with AES (Advanced Encryption Standard) finalist 256-bit Twofish encryption algorithm.  It also allows you to setup user accounts on the same machine.

http://www.kinocode.com/maxcrypt.htm

MSHack
Friday, December 19, 2003

Microsoft's solution to the problem of Encrypted File Systems being tied to a unique user ID is that you make a rescue floppy (and hopefully make three or four copies of it so you don't get hosed if the one floppy got left next to the AC).

Mind you, even Excel VBA project managers have been known to forget to make one :)

Stephen Jones
Friday, December 19, 2003

What about encrypting the files individually using PGP Free, or just using something like Keynote (freeware/open source) or Treepad Secure (shareware) that lets you store large amounts of information and encrypt the file.

www.MarkTAW.com
Friday, December 19, 2003

Note that said unique id is unique across space and time, i.e. when you forget your password, delete your account, setup a new account chosing the same user name, you will not be able to access files encrypted using the previous user account (time). The same applies when you attach the hard drive to another machine (space).

Johnny Bravo
Friday, December 19, 2003

Which is why you make a restore floppy before you encrypt.

Stephen Jones
Friday, December 19, 2003

I rummaged around on my HD and found a distribution of PGP "freeware" version 6.02 that includes PGP Disk. Completely free for personal non commercial use.

Is this version not available anymore?

Bored Bystander
Friday, December 19, 2003

> What about encrypting the files
> individually using PGP Free

Mark, you miss the point of virtual encrypted disks.

With a virtual encrypted disk, you can keep all your work, thousands of files of different types on that disk.

When you leave, you just "close" the disk.

When you come back into the office, you start the computer, and then you open the virtual encrypted disk in order to access your files.

For opening it (for mounting it) you need to know the password.

If somebody breaks into your office, and doesn't know the password, and tries to steal your data, he can't access it - even if he steals the whole computer.

But, you can work on your files just like on normal files - without having to explicitly encrypt and decrypt files all the time.

James
Friday, December 19, 2003

For NTFS, I thought you had to export the Certificate (from IE) that's tied to your user account if you want to recover a hosed installation or deleted user.

Simply import the certificate back into the certificate store and you could access the encrypted contents?

Ankur
Friday, December 19, 2003

Ankur, EFS not NTFS.

Stephen Jones
Friday, December 19, 2003

James, I'm not missing the point of PGPdisk. I'm just matching his original requirement:

"I store confidential information, like passwords"

Which hardly seems like thousands of files. It almost seems plaintext. How many thousands of confidential files do you have?

I can't know for sure, but I can offer a suggestion that may fill his requirement.

PGP Freeware is still available.

http://www.pgpi.org/download/

Including an apparently free PGP Disk.

www.MarkTAW.com
Friday, December 19, 2003

It isn't really freeware as they give a "only for non-commercial, personal use", further clarifying that it will tag messages indicating that it was encrypted using the non-commercial, free ware personal version (presuming you're sending pgp encrypted emails).

Of course the source is available there as well, so you can just edit that resource string or const or whatever.

Dennis Forbes
Friday, December 19, 2003

BestCrypt and PGPDisk is overkill IMO for storing passwords -- I use Password Safe ( http://www.schneier.com/passsafe.html ) for this, so far it's been a fairly pleasant experience.

Prasenjeet Dutta
Friday, December 19, 2003

>Let me get this straight:

>You have a program that encrypts your
> whole disk, making the machine along
> with ALL of YOUR data unusable if the
> program stops working for any reason.

No, it only encrypts a 10 MB virtual disk which contains a couple dozen files containing passwords, PIN numbers and the like.

Nate Silva
Friday, December 19, 2003

I wasn't aware that the freeware version included PGPdisk, I'll have to check that out.

Nate Silva
Friday, December 19, 2003

I second the recommendation for Bestcrypt (www.jetico.com). I've used it for a year and half now on my work laptop, and it's great.

Matthew Christensen
Friday, December 19, 2003

For a small file of passwords you could try SafeSex, from the WinAmp creators

In 1998 Nullsoft brought you Sex, a little virtual notepad for "scribbling" things down. Then we made the UI a little different, but never released it. Fast forward to 2002, and we added encryption and better profile support to Sex, and called it SafeSex.

http://www.nullsoft.com/free/safesex/

Joel Spolsky
Friday, December 19, 2003

I don't see how SafeSex is better than. (Yes I installed SafeSex.)

http://www.tranglos.com/free/keynote.html

or

http://www.treepad.com/treepadsafe/

The addition of the outliner allows you to store multiple notes & quickly browse to them, almost as if they were individual files. Both of these create encrypted files, and can store rich text.

www.MarkTAW.com
Saturday, December 20, 2003

Unfortunately the Mac version of PGPfreeware is for OS 9. While there are some interesting applications here, the only one that works with both Windows and OS X is PGP.

One solution -- an encrypted NTFS filesystem -- looks interesting. I could pair this with FileVault on the Mac side. But I'm not ready to trust important data to either one of these systems yet.

So it looks I'll be renewing PGP for one more year.

Nate Silva
Sunday, December 21, 2003

Yep, no PGPdisk for OS X. It SU X.

www.MarkTAW.com
Sunday, December 21, 2003

If it's really just a password storage application, I'll second the recommendation for Password Safe:

http://sourceforge.net/projects/passwordsafe/

Bill Tomlinson
Monday, December 22, 2003

I suggest on those little USB disks on a keychain.

Thinking outside the Box
Monday, December 22, 2003

sorry to dig up an old thread, but I shared the same problem as the OP and found what looks to be a reasonable alternative: Paragon Encrypted Disk
http://www.encrypted-disk.com/

It works using the same principal as PGPdisk (an encrypted file mounted as a disk).

Steve H
Thursday, January 15, 2004

http://www.fortunecity.com/skyscraper/true/882/Comparison_OTFCrypto.htm has a comparison of 19 different on-the-fly-compression utilities. 

A USB drive on a keychain can still be lost, but apparently Scramdisk can be installed even on such a device.

Joe Nobody
Monday, February 09, 2004

Recently I found CrossCrypt, Open Source AES and TwoFish Linux compatible on the fly encryption for Windows XP and Windows 2000.

http://www.scherrer.cc/crypt/

I started to use it a few days ago and IMHO it is a good alternative to PGPdisk (but currently without GUI)

Helmut Zeisel
Tuesday, February 17, 2004

Hi all
I had PGPdisk on my (FAT format) C: harddisk which went belly-up when a defrag in Windows ME stopped half way with the usual "no system resources" message.
The PGPdisk contained my bank account statements in XLS format and some other XLS files as well as my husband's bookkeeping.
Oddly enough the C harddisk is still recognised by BIOS but not by Windows.
I have tried GetDataBack to recover the information (no luck) and have a few other ideas to try ("Knoppix" for example) , but I wonder whether PGPdisk can be recovered? The keyrings were on my D: harddisk, so I still have them.
I'm keeping my fingers crossed.

Diane Rowe
Monday, March 29, 2004

I would recomend using Dekart's "Private Disk Light".
I've used it for a couple of years: it's rock solid and free.

Get it now before it disappears, from....

http://www.dekart.com/products/file&disk_encryption/private_disk_light/

Tom Marriott
Thursday, April 01, 2004

PGPdisk is what I use for anything bigger than lists of passphrases.  I store my PGP keys inside a PGPdisk, and with the latest versions of PGPdisk can opt to encrypt  containers to one or more public keys.  (CrossCrypt also has this capability, and, like PGPdisk, it's source code is publicly available.) Another common use for encrypted disks is to make them include the paths to your email and IM databases; it is also often possible to install entire applications to such a disk, if desired.

Phosphor
Saturday, April 10, 2004

SafeDisk is a very nice tool too from SafeHouse, but I want my PGPdisk exported to WinXP...

ps. NEVER use Microsoft's build-in encryption... you might loose the key and identification somehow OR WINDOWS might do it FOR you... I wouldn't trust it after I last time lost 6GB after re-installing WinXP and manually re-intergrate the keys and IDs I had... I still needed some files and whatever... it sucks...



For some weird reason I can't compile PGPdisk from the source code...
I get an error:
LINK : fatal error LNK1104: cannot open file "..\..\..\libs\pfl\win32\pflCommon\Debug\pflCommon.lib"
Error executing link.exe.

If anyone ever finds out how to compile, please do and tell how it was done and please email me the files.

Please help me get the files compiled... please! =)

Al. Rol.
Thursday, April 15, 2004

I also found this:
"PGPckt
Imad Faiad has continued to develop and extend PGP 6.58. Although this is an older version, it works fine on Windows old and new (including XP), and it includes the PGP Disk utlity, which allows you to create encrypted disk volumes that can be mounted and unmounted like any other disk drive. This utility is not present in other free PGP versions. There are no plans to develop further versions as the owners of PGP will not release the source and authorize such development. This software includes the encryption utilities and the shell.
Recommended for anyone, better for novices and general end-users than the GnuPG and GPG Shell combo."
(http://www.chrislott.org/geek/pgp/)

But has on present time not found it anywhere...

Al. Rol.
Thursday, April 15, 2004

PGPckt is still available at zedz: ftp://ftp.zedz.net/pub/crypto/pgp/pgp60/pgp658_ckt/ -- not sure if Imad is still developing it or not. I have switched over to GPG/GPGShell-- but it doesn't offer the disk encryption....

Chris Lott
Monday, April 26, 2004

I'm am in similar situation. In windows i'm using a lot pgp disks, nut now i want to migrate to linux and i'm looking for a software that can mount those virtual disk (.pgp format).
Any suggestion?

S.R.
Friday, June 25, 2004

*NUT should have been BUT. sorry for the mistake

S.R.
Friday, June 25, 2004


Could someone confirm this:

If your laptop is stolen, your NTFS (WindowsXP) Encrypted files and folders will still be protected? Even if the thief puts  the hard drive into another laptop on which he has admin privileges? (The only way he could possibly get to the content was if he knew the password to the account?
Or if he stole a recovery disk at the same time: would he still need to know the password?)

Btw:
I've tested how well a pgpdisk volume survices random modification: I made a small program that randomly
changed more and more random bytes in the .pgd-file.
Step by step. And I tested if I could still open the
volume. (File size was not  changed) I dont remember
the details anymore, but I was supprised on the amount
of destruction it could take before I no longer was able
to open it. Of cource the content,  files and folders
was more and more corrupted too. I think
pgpdisk must store the key-information several
places in the file, since I also tried to destruct
completely the first and last megabyte.
(if I remeber correctly).

Charlton Heston
Wednesday, July 28, 2004

Check out http://www.cypherix.com/cryptainerle/index.htm?source=google_R2_le_dnld_encr
Free download, never expires...so the ads say.

Knot Myrealname
Friday, July 30, 2004

*  Recent Topics

*  Fog Creek Home