Skip navigation.

Security > Disaster Preparation & Recovery
Software > Utilities & Free Software

Encryption software - Free And Open Source Vs. Proprietary

By Graeme Batsman

In this article Graeme Batsman looks at open source and proprietary (both paid for and free) encryption software. Encryption software encrypts (or encodes) data and means that the human eye cannot understand it without the means to decrypt it, for example, if gets into the wrong hands.

Why encrypt?

Cryptography has existed for thousands of years, starting off with the ancient Egyptians, to the Greeks and Romans, and most recently (and most famously), Bletchley Park and the Enigma code breakers of World War II.

Encryption can be used on all kinds of digital media - USB flash drives, USB hard drives, documents (files), emails, website forms, laptops, optical media (CDs, DVDs) - and can even encrypt a printed A4 sheet of paper (think MI5/MI6). Today it’s essential for securing data and meeting compliance rules, mainly the Data Protection Act (DPA), regulated by the Information Commissioners Office (ICO), and other regulatory bodies like the Financial Services Authority.

ICO's advice is: “I can advise, however, that our office would generally expect that portable media are encrypted. In regard to deciding what security measures to take in respect of personal data processed on static equipment, in each case an organisation must take into account such factors as the nature of the data and the harm that might result from any unlawful processing or loss of that data”.

To put it simply, ICO is saying that any data which is portable needs to be encrypted. This mainly refers to laptops, USB devices and optical media.

What encryption software to use?

As with all technologies, there is a choice. A well known open source encryption tool is True Crypt. However, not all proprietary (closed source) software is paid for - there are some free tools available, an example being DESlock which has a free personal licence edition (check with DESlock for not-for-profit organisational use).

The following table highlights the differences between generic open source and proprietary software:

Open source

 Proprietary

Warranty

No

Yes

Support

Partly, mainly a free forum

Yes, email or phone

Cost free

Usually

Occasionally

Paid for

Not usually

Mostly

Compliant

Rarely

In most cases

Easy to use

Not usually

A little easier to use

Multi functional

Some

Even more

 Strong security

Yes

Yes, sometimes stronger

True Crypt screen grabDESlock screen grab

The following tables highlights the differences between True Crypt and DESlock personal edition:

True Crypt

DESlock personal

Laptop encryption (secures an entire laptop – if lost or stolen).

Yes

No, but on paid editions

Removable media encryption (secures an entire device – if lost or stolen)

Yes

No, but on paid editions

Files and folder encryption (restricts/encrypts a folder or document – stops access internally and reduces impact if leaked)

No

Yes

Compliant

No

Yes

File shredder (removes documents or folders for good – stops data recovery)

No

Yes

Outlook Email Encryption (secures emails – from interception and possibly hacking.)

No

Yes

Virtual Disks and Archives (creates a secure “Zip” style file - similar to a file/folder but compress and secured)

Yes

Yes

Text and Clipboard Encryption (ability to encrypt the clipboard or create Mi5 style letters)

No

Yes

All of the above increase data security and compliance with the UK DPA and other laws.

Compliance?

What do we mean by the word compliant? Compliant means the software and/or encryption algorithm has been tested by a government (UK or USA). Federal Information Processing Standard (FIPS) is a United States Government standard administered by the National Institute of Standards and Technology (NIST). CAPS  and CCTM under CESG UK Government's National Technical Authority for Information Assurance. Both standards mean the encryption algorithm or software/hardware product has been tested and passed.

ICO recommends FIPS certified products - “Since encryption standards are always evolving, it is recommended that data controllers ensure that any solution which is implemented, meets the current standard such as the recommended FIPS 140-2 (cryptographic modules, software and hardware) and FIPS – 197”. Typically open source software is not FIPS certified and a lot of closed source vendors are.

So what should you choose?

The main difference between and open and closed source is compliance and support. If you install True Crypt and you need help or something goes wrong you cannot call the vendor. If you pay for software then support and a warranty is normally included, giving you access to email or phone support. Just because software is free it doesn’t mean it is poor quality and not secure. True Crypt offers quite a few features but is quite technical to set up and some features are fiddly to use even once set up.

DESlock personal edition is great to lock down files, folders, emails, archives by encrypting them. It restricts access and means if the encryption file is leaked, it’s nearly impossible to read. If you wish to encrypt emails both parties need the software installed but the personal edition is free.


About the author

Graeme Batsman
Graeme assists third sector organisations with their ICT security as a volunteer for IT4Communities.

Glossary

Encrypt, Flash, Forum, Hard Drives, Hardware, Open Source Software, Proprietary software, Software, USB, Website, Wiki

Related articles

Published: 22nd February 2012

Copyright © 2012 Graeme Batsman

User comments and discussion

If you have useful information to add to this article please Add a comment. Comments will appear after they have been moderated.

Discuss this topic in the Knowledgebase forums. This is a useful place to share knowledge, experiences, and ask questions.

Please sign in or register to be able to post a comment or discussion.