JEFF WILSON.dev

July 11, 2007

Open Source Data Security Tools

This is just a list of a few of my favorite security tools (generally for Windows), along with descriptions.

Password Database

Keepass is a good option for an encrypted database of all your passwords. It’s an open source project. There is official support for Windows and PocketPC. There are unofficial ports to OSX and Linux. In addition to password authentication, Keepass optionally supports keyfiles for unlocking the database. You can put the keyfile on a USB keychain to create a two-factor authentication system.

Encrypted Volumes

Truecrypt is an excellent open source tool for creating encrypted volumes on Win2k (and up) machines. It also works with Linux. Once mounted, an encrypted volume appears as another (virtual) hard drive on your machine. Authentication methods include password and/or keyfile (for two-factor auth). The actual encrypted volume can be stored as a file, an unformatted hard drive partition, or even an unallocated portion of a hard drive. A Truecrypt volume file can be on pretty much anything including hard drive, USB thumb drive, or network path. A thumb drive can be configured so that all the executables/dlls needed for encryption/decryption are on the drive unencrypted (so you can mount it anywhere). However, I believe you need admin privledges to run the executables and mount the volume.

Secure Erase

Eraser is a good open source tool for erasing files so that they cannot be recovered by any means. It includes a scheduler and can wipe “empty space” as well as files. Eraser is primarly useful to me at work for it’s ability to make a “nuke” floppy disk for wiping a machine before surplussing an old computer. The nuke disk is an image of a tiny Linux OS with menu options for wiping the hard drives after you boot the disk.

*Data Integrity *

wxChecksums is a pretty good checksum calculator for Windows. It can compute MD5 and SFV checksums, which isn’t really a security process exactly but is often associated with the topic. The wxChecksums software includes a shell extension that can be installed optionally. Security/encryption software often provides MD5 checksums on their project webpages for a crude form of authentication of the source of the file, as well as data integrity of the download. PGP signatures are better, but MD5 is better than nothing.