Whats (currently) the most secure encryption software? [closed]

I've never encrypted my data and I am thinking about it, but I am not sure which is the best option, I know there are tools like TrueCrypt, that the developers don't recommend now or GnuPG, but i think that if I am going to encrypt at least I should use the most secure option.


Solution 1:

For encryption you have a few decent options:

VeraCrypt

VeraCrypt is a fork of TrueCrypt. It has fixed all the known flaws of TrueCrypt and is actively developed. It is used just like TrueCrypt and is compatible with old TrueCrypt containers.

Pros:

  • It is flexible, it can encrypt container files or disk devices with no added complexity.
  • It has a nice GUI and powerful algorithms to keep your data safe.
  • It's available for Windows, Linux and Mac -- cross compatibility.

Cons:

  • It's not available in the repositories.
  • No automatic updates.

LUKS

LUKS works in much the same way as VeraCrypt. It's able to encrypt disk devices (whole disks or partitions) and files. It is also compatible with Ubuntu out-of-the-box.

To format a partition as LUKS, use a command like this:

sudo cryptsetup luksFormat /dev/sdX #See man cryptsetup for other options such as algorithm and key strength

Then, when this device is plugged in, you should get a password prompt to unlock the device. If this doesn't happen, you must use a command like sudo cryptsetup luksOpen /dev/sdX encrypteddrive

Pros:

  • Built-in Ubuntu kernel support
  • Good degree of configurability.

Cons:

  • No GUI, the drive must be formatted from the command line.
  • Not mountable in Windows and possibly Mac.

eCryptFS

This is a built-in home folder encryption that can be enabled in Ubuntu. However, in Ubuntu it only uses a 128-bit RSA key which seems fairly weak. It also offers filename encryption which also encrypts filenames in the home folder until it is decrypted.

Pros:

  • Ubuntu support is out-of-the-box

Cons:

  • If you haven't already enabled it, it's a quite a chore to get your home folder encrypted after-the-fact.
  • The 128-bit encryption default is fairly weak.
  • Also, not cross-platform.

GnuPG

As you mentioned, GnuPG is another option. Though, it doesn't really fall into the same category as the others on this list. It's really only suitable for encrypting single files and there is no transparent way to access the contents without decrypting the whole file, making changes, and then re-encrypting it. This, of course, leaves an unencrypted copy of the file on the disk.

If you're only looking to encrypt a few files rather than a partition, then this is a viable option. Anything more than that, however, and GnuPG is lacking.

Pros:

  • Fairly simple to use, after installing seahorse-nautilus seahorse-nautilus it's a simple right-click->Encrypt... process.
  • Up to 4096-bit encryption is available
  • Available for Windows, Mac and Linux -- cross compatibility.

Cons:

  • Can only be used for individual files

Conclusion

All in all, "best" is a matter of opinion and your desired use case.

If you're looking for single file encryption, I'd say that GnuPG is your best option as it's up to you which files you want to encrypt.

If you're looking for partition, drive, device, or container encryption, I'd say VeraCrypt is probably the best overall option. It has a nice, easy-to-use GUI as well as some powerful features and multiple layers of encryption. However, it wouldn't be suitable for encrypting something like your home folder, since you'd have to unlock the /home partition with VeraCrypt before you were even able to log in.

For more-or-less whole OS encryption though, LUKS would probably be the best tool to accomplish the task. However, some setup is required to get this working as expected and would be considered an advanced or expert level process.

I'm sure there are more options, but these are my mainstays and a few to get you started =)