Folder Encryption 4.5

Discuss anything related to portable commercial apps here.
Message
Author
clevermind
Posts: 4
Joined: Thu Jan 24, 2008 5:12 pm
Location: Canada

Folder Encryption 4.5

#1 Post by clevermind » Thu Jan 24, 2008 6:12 pm

http://www.kakasoft.com/

http://www.kakasoft.com/files/lockdir.exe

"KaKa Folder Encryption is a powerful and easy-to-use program for encrypting and protecting your data.You can encrypt any folder including flash disk and removable hard disk

1.Fast and Simple:
With one-click encryption and decryption. Instant encryption and decryption

2.Strong Encryption Algorithm:
Using the Original encryption technology that can effectively protect your data.

3. Encrypted folders are characterized by protection against copy, deletion or real size check.

4. Support VISTA system! "

I must admit. it works very well. No install!! It hides the contents behind an encrypted type folder. So it really doesn't encrypt all the files per say, but it hides all the data behind an encrypted folder.

Very fast!! Size of folder has little impact on time taken to perform operation. The only trick is the exe that you use to decrypt the folder is left behind in the same directory where the folder was encrypted, not the same exe you used to encrypt the folder.


Highly recommended. :o


Clever Mind

User avatar
mebugnot
Posts: 2
Joined: Fri Nov 02, 2007 5:03 pm

#2 Post by mebugnot » Thu Jan 24, 2008 10:25 pm

But under Win Vista you didnt see see the lock button as icon for a folder. You only see the lockdir.exe inside of this folder...

User avatar
FlightGeek
Posts: 49
Joined: Wed Aug 30, 2006 6:12 am

#3 Post by FlightGeek » Fri Jan 25, 2008 5:37 am

Using the Original encryption technology
Does "Original" mean that you invented the encryption algorithm? If so, who has vetted it to make sure it's really secure. Most home-brew ciphers are easily broken by a knowledgeable cryptanalyst. You are far better off using a standard algorithm like AES which most of the world's experts have looked at and failed to find a weakness.
It hides the contents behind an encrypted type folder. So it really doesn't encrypt all the files per say, but it hides all the data behind an encrypted folder.
IMHO this is snake oil. In order to be effective the data need to be encrypted.

chezduong
Posts: 67
Joined: Mon Jan 15, 2007 6:14 am

#4 Post by chezduong » Fri Jan 25, 2008 6:56 am

This is very very interesting. I just tested the version 4.6 (according to the bubble tips in my Windows XP Pro SP2).
  • This software does not seem to use the registry nor leave files lying around in system directories (as far as I can tell with JauntePE).
    It seems to be clean of viruses, adware, spyware and malware according to the download sites and according to my virus scanner (CA eTrust).
    It does hides files in folders at lightning speed.
    It does not really encrypt anything. It seems to mark the files as deleted, but without moving it to the recycle bin. So if you use SoftPerfect File Recovery or similar tools, you can see and recover the files "unencrypted".
    You cannot delete the locked folder by either dragging to the trash, delete key, nor right click -> Delete.
    You can delete the LockDir.exe file itself, but the locked folder remains undelete-able.
    If you copy the original LockDir.exe file back to the locked folder, you can unlock the folder without any problems (with proper password).
    Right click -> Properties on the locked folder only shows the LockDir.exe file and any hidden system files (like desktop.ini) but does not show the size nor number of hidden files.
    You cannot copy the folder by drag and copy nor by Ctrl C and Ctrl V nor by right click Copy, right click Paste.
    The LockDir.exe only stays in memory when you lock or unlock the folder. Once the folder is locked, the program seems to exit from memory (as seen in the Task Manager).
My conclusion is that this program does what the author says it would (even if he/she should use the word hide/unhide rather than encrypt/decrypt). It would also be great for anyone wanting to hide all of their portable applications and a truecrypt volume (where all the sensitive information will be stored) from the casual user that may find their lost USB key. It does not, however, encrypt anything.

My only question is does one need administrator privileges to run the software?

Thanks for the suggestion and a super THANK YOU to the author of the software.

User avatar
Local
Posts: 238
Joined: Fri Aug 03, 2007 3:48 am

#5 Post by Local » Fri Jan 25, 2008 11:09 am

Another question about this.

I run file deletion software such as disk redactor frequently (It lowers the hits if I do need to recover accidentally deleted files) if this software marks the files deleted would my redactor erase them?

It's a nice idea in concept but seems more useful for playing pranks than security

User avatar
FlightGeek
Posts: 49
Joined: Wed Aug 30, 2006 6:12 am

#6 Post by FlightGeek » Fri Jan 25, 2008 12:12 pm

Local wrote:I run file deletion software such as disk redactor frequently (It lowers the hits if I do need to recover accidentally deleted files) if this software marks the files deleted would my redactor erase them?
I wondered the same thing after reading chezduong's post. I also wonder about possible overwrite in the normal course of writing new files. I also wonder what anti malware software might do (since malware might use similar techniques to hide).

Someday I might take an old 256Meg flash drive and experiment.

It would be nice if clevermind would say exactly what his software does.

chezduong
Posts: 67
Joined: Mon Jan 15, 2007 6:14 am

More Important information

#7 Post by chezduong » Fri Jan 25, 2008 1:01 pm

Funny that FlightGeek should mention this. I thought of the same thing. So when I got home, I did just that.

I got a 256 Mb USB key and 1/2 filled it with junk including folders, jpgs, programs, video, etc. I then used LockDir to hide the junk (in the root directory of the USB drive and in nested folders). Everything disappeared except the executable. I then right clicked on the USB drive -> Properties and noticed that the disk usage pie chart showed 1/2 used and 1/2 free. So if you do this on a folder, you will not know how many files or how much space, but if you right click on the drive itself, you will know how much space is used...I cannot remember about the number of files. humm.

I then proceeded to try to fill the rest of the drive and....drumroll please....when the drive was full, it stopped copying. It did not overwrite the hidden stuff. Right click on USB drive -> Properties...100% full. zero space left.

So BRAVO again! It did not delete anything that was hidden...so much for my theory about marking the files as deleted.

But there's more! I clicked on the program to unhide the hidden stuff and it work...but a message came up and said something too fast for me to read (actually, I clicked on OK too fast). I realized later that the message said that one of the folders that was being unhidden, Wesnoth, was named the same as one of the already visible folders....OH OH! So the program unhid the hidden Wesnoth folder by creating a new folder call Files (or something similar) and unhiding Westnoth within the new Files folder...AWESOME! No apparent damage to either version (I did not really check, but the folder size was the same before and after).

That's not all. I re-executed LockDir.exe and within 1/2 second, everything disappeared again...256 MB in 1/2 second. Fast, so this certainly is not encryption. I got out Softperfect File Recovery again to look for files to see if I could find any using the *.* mask. To my surprise, I only found about 10 *.jpg and 1 *.avi files. No .dll's, no .exe's nothing else. Just about 10 files. At this point I realized that the .jpg's and the .avi's were in the root of my USB drive (same place as the LockDir executable), but that everything else was within folders...so I gather that if it is within folders nested below the folder with LockDir.exe, you might not be able to see it with file recovery software.
[edit] If you move or delete files from with the "hidden" folders, Windows will allow for software like Softperfect File Recover to "recover" the deleted or moved files. But this is also the case when the files are not "hidden" so it is not really a downside. You just have to realize that this is not encryption.

TA DA!!! It took me less time to test all of this than to write this... Hope you find it helpful. As for me, I am going to now set up a flash drive with 4 things in the root: lockdir.exe, autorun.inf (to launch lockdir.exe), an .ico file for my USB drive (using autorun.inf) and a folder where I'll have all my programs and my truecrypt volume. It'll be hidden from casual users without limiting my use of the flash drive for moving information around and Truecrypt will house all of my "sensitive" information.

Can I patent this idea?


PS: I'll try to run file deletion / wipe disk software later on the 256 Mb drive to see what happens.
[edit] I ran Systeminternal's SDelete on the drive and it only deleted really deleted files. The files "hidden" by LockDir were not deleted.

User avatar
Local
Posts: 238
Joined: Fri Aug 03, 2007 3:48 am

#8 Post by Local » Fri Jan 25, 2008 5:13 pm

Thanks chezduong, saved me work to do ;)

I don't hink you could get away with patenting your idea though, I, and I assume other, tried something similar using hidden folders already.
This does put a new concept into the mix I must say though.

I really do want to know how this product works now it has me really interested.

redllar
Posts: 411
Joined: Thu Aug 03, 2006 7:52 pm
Contact:

#9 Post by redllar » Sun Jan 27, 2008 10:57 am

Guys, this is really, really, really, really, bad/basic security. I'm sure you've heard of the term "security through obscurity"? Well, this barely even falls in that category.

I wrote a simple little app in fairly short order that was able to "unlock", and I use that term loosely, all of the files and directories that this app "locks." There's not even any encryption used on the files and directories that it attempts to hide. All I did to "unlock" them was to move them out of a specially named path. So this is basically not worth your time, unless you want security through obscurity, because, if I can "unlock" things, it's a sure bet that someone who knew what they were doing would have your files in no time. You should never trust anyone who doesn't detail the "powerful and easy" protection scheme of an app. If they won't divulge the info then you know it's security through obscurity.

If you want to try it yourself, you can get my little app at http://www.geocities.com/redllar/unlockdir.zip Just put it in the same directory as the lockdir.exe and then run it and follow the prompts. If you choose to "unlock" the contents you'll end up with a unlocked subdirectory with the stuff in it. Then rerun lockdir and choose "cancel decrypted" to get rid of what lockdir did.

User avatar
Queue
Posts: 197
Joined: Mon Oct 08, 2007 2:41 am
Contact:

#10 Post by Queue » Sun Jan 27, 2008 8:53 pm

You can mix it with proper encryption to try and further hide things though. It's interesting even if simple.

Thanks for the unhide tool. =)

Queue

clevermind
Posts: 4
Joined: Thu Jan 24, 2008 5:12 pm
Location: Canada

#11 Post by clevermind » Mon Jan 28, 2008 7:57 pm

It does provide a different way of hiding your folders. It may be easy for a professional to gain access to the hidden files but not so easy for the average computer user.

Clever Mind

kakasoft
Posts: 5
Joined: Wed Jan 30, 2008 6:29 am

Author's idea-KaKa

#12 Post by kakasoft » Wed Jan 30, 2008 6:49 am

I am very glad to be here and discussed this issue with you.

Indeed, the software does not really encrypt any documents, but it use special methods to protect the documents, Maybe it should not be called the "encryption" but "protection".

But I think, for average computer user, this software is very applicable.

If you have any suggestions on the software,Please do not hesitate to write to me. Looking forward to your letter.

MSN: kakasky@hotmail.com
Email: support@kakasoft.com

My English may not be standard, please apologize

redllar
Posts: 411
Joined: Thu Aug 03, 2006 7:52 pm
Contact:

#13 Post by redllar » Wed Jan 30, 2008 10:08 am

I wouldn't call it "protection" if all someone had to do was drop into a command window and use dir/a/x and cd "dir short name" to get to the files. The password isn't even encrypted. Assuming we're all in agreement that subtracting one from each character isn't encryption.

On a side note, you might want to try and do a better job of covering up the fact that you're using a hacked VCLSkin Demo app and passing it off as yours. If you actually want to help out others with something useful, try doing it legally as well.

kakasoft
Posts: 5
Joined: Wed Jan 30, 2008 6:29 am

To all the users

#14 Post by kakasoft » Wed Jan 30, 2008 6:22 pm

Maybe you are right, but this is just a free software, what it wants to do is just to serve the public ,and it should not have too high expectations.

As what you said "really encrypt", it is not difficult to achieve actually, but you have to consider the requirements of the time to encrypt some lage folder. Is the software good or not? I think the users themselves will finally answer this question.

I just think, no one dares to claim that their encryption can be both fast and highly safe.

"File Encryption"will be released tomorrow . "File Encryption" use the RSA, MD5 and BLOWFISH algorithm,which will be a true encryption.
Encryption speed is 20M/S
download:http://www.kakasoft.com

Thanks for your discussion. I am willing to listen to everyone's views and I will constantly improve this folder encryption.

chezduong
Posts: 67
Joined: Mon Jan 15, 2007 6:14 am

#15 Post by chezduong » Thu Jan 31, 2008 1:14 am

Please encrypt the password, but leave the user the option to encrypt or not the files themselves. Why? Because even if Blowfish can encrypt/decrypt at more than 20 Mb/s, the USB drive will likely not be able to write at that speed. This means that each time someone wants to "lock or unlock" all the files on their key, they will be sitting around for a while. This will lead them to eventually stop using the encryption.

For example, at 20 Mb/s, 700 Mb of data would take only 35 seconds to encrypt/decrypt via Blowfish. The only problem is that most USB keys only write at 10-15 Mb/s on average...and this is for relatively large files. For smaller files (most of the GIMP, OOo and VLC files), the key will choke to about 5 Mb/s. This means that each time people want to use the 700 Mb, they will have to sit around for more than 2 minutes waiting for decryption and then another 2 minutes for encryption before pulling the key out. They'll eventually get tired of this and leave the programs in plain view.

As I mentioned above, this is a good program as a first level deterrent to novice users or the average Joe (like hiding your jewelry somewhere in the house). If you really want privacy, use Truecrypt and hide it with LockDir (like putting jewelry in a metal safe and hiding the safe). The two combined are better than just the Truecrypt solution (just putting jewelry in the safe and leaving the safe in plain view almost tempting people to delete the file).

Only request I have is to maybe tone down the use of the words "encryption/decryption" on the website until new version comes out.

Thanks again...been using this every day since first post. Works like a charm.

Post Reply