Toronto, Ontario, Canada.

To most of us, the word “encryption” conjures up images of spies and secret disks containing information that must be guarded at all costs.  Few of us realize that we all rely on and use encryption almost every day in our normal lives. Whether making a cell call, sending an email, buying something with your debit card, or accessing the web wirelessly, we are using and being protected by this not so simple process.

What is encryption? Encryption is the process used to transform and disguise data so that it is unreadable or undecipherable to anyone without a pre-determined secret code or password.  Basically, the data to be encrypted is sent through an elaborate algorithm using the secret code or password to scramble the data into indistinguishable rubbish.

Please note, that password protection is NOT encryption. Password protection “may” prevent access to the data, but it does not alter the actual data. Password protection can be easily bypassed.

Encryption has also become common place for protecting data on computer based storage device like hard drives and USB flash sticks. Encryption can be used to protect an entire volume, a folder or even a single file. There are several distinct implementations available:

• SOFTWARE, Users can buy or use free encryption programs that make it possible to encrypt files, folders or even their entire hard drive or flash device using software routines to intercept and modify the data on the fly. The entire encrypting and decrypting process is handled by your computer’s CPU or processor.  Popular examples include SafeGuard, SecureDoc, PGP, TrueCrypt and Safeboot. Starting with XP Professional, Microsoft includes a built in folder and file encryption feature called Encrypting File System or EFS for short. Software encryption methods are popular as they are inexpensive and can be implemented on any existing storage device. However, they are generally much slower, typically 20% slower than hardware based methods.
• HARDWARE, There are external hard drive devices that use a standard hard drive connected through a “hardware based” encryption interface board. In many cases this encryption process is performed without the user even being aware. Many Western Digital external boxes use this method allowing 100% data protection if the drive is ever removed from the enclosure and its encrypting interface board. Hardware techniques are considerably faster than software methods.
• SELF ENCRYPTING, Users can now buy hard drives and SSDs that utilize on-board hardware to encrypt and decrypt the data on the fly.  These devices encrypt the entire contents of a storage device and are referred to as SEDs or self-encrypting devices or drives. These drives carry a premium price tag but are the ultimate in safety and speed. Some hard drive manufactures such as Seagate may also refer to this self-encrypting as FDE or Fixed Disk Encryption.

Why use encryption? Most of us have heard a story or two about personal financial data falling into the wrong hands due to a corporate laptop being stolen or lost. Or the often recreated news story about reporters picking computers out of the trash and finding “valuable” info left abandoned. Yes it does happen, as someone who regularly buys previously used hard drives can attest. But just how many of us actually have super sensitive data on our computers in the first place?  If you are one of the few that must keep your data from prying eyes, then by all means encrypt away. But if you don’t need to … DON’T!

Besides the potential loss in performance, there are several other reasons not to use encryption.

• LOSS OF PASSWORD OR KEYFILE: If you can’t remember the password or can’t find the keyfile you made 3 years ago, you will NOT get your data back, period. While there are numerous recovery techniques for decrypting or accessing encrypted volumes, they all require some form of a username/password combo or a special key file created by the encryption software.
• OPERATING SYSTEM FAILURE: If an encrypted drive’s operating system becomes corrupted, perhaps due to a simple virus and the drive is no longer bootable or accessible, there is no easy way to repair the file system and regain access. To resolve the issue you must first decrypt the entire volume. Again you will need a user/password or keyfile (and specialized programs) to perform such an operation. Once the volume is decrypted, the  file system damage can then be repaired using the file system’s own repair utilities, i.e. chkdsk.exe
• READ ERRORS: Over time storage device can easily develop read errors and if these read errors affect the operating system files or an area used to store pertinent encryption parameters, it can become impossible to access your data. As above, complicated procedures will be required to decrypt the volume and access the data. A single read error can stop everything.

Is encryption breakable? Theoretically, with enough computing power and enough time, any encryption scheme can be broken. But if the process takes a thousand years, the value of the data may be very limited. And fortunately the increase in computing power to break the key is easily outstripped by the exponential increase in difficulty by adding an additional bit to the encryption key. Presently, most credit card companies recommend transactions using 128 bit encryption keys. 128 bits keys are considered by the experts to be safe until about 2030 although some recommend 256 bit keys due to the advent of the “quantum computer” where theoretically the difficulty may be halved.

There are 2 basic ways of breaking encryption. The hacker either breaks the password by guessing the password or the hacker uses crypto analysis to guess the message based on the natural frequency and composition of the characters in a given language. To guess a password is often very easy as people tend to use real words and they are often chosen from an individual’s personal life or interests. Even brute force using a pre-created word list is often successful. To be sure your password can’t be compromised in your lifetime it has been recommended that your password should be at least 20 random characters. Of course few of us can remember such a long sequence.

In the real world, getting around the encryption is often much easier than either of these methods. Keyboard recorders are simple to install devices that can be used to record all the keystrokes of a user including their passwords. Or perhaps a hidden camera could provide the same results.  Another technique can be utilized if a user leaves their computer unattended, as the contents of RAM memory are not encrypted and there are ways to dump the RAM contents and retrieve a password. Additionally, a group of researchers/hackers recently discovered that the contents of RAM memory do not disappear as soon as the power is removed. In fact if the RAM chips can be kept cool, the data may be retained for 10 minutes or longer. Theoretically reading the RAM contents could be possible even if the power is turned off. But this isn’t really so much about breaking the password as it is about stealing the password.

Can Memofix recover your encrypted data? Usually YES, but we need your keyfile or username/password combo … PERIOD. If we could recover your encrypted data without these credentials then what would be the point of using encryption in the first place.

We regularly recover data encrypted with PPG, Safeboot, SafeGuard, SecureDoc, EFS and most other software encryption programs. We are also very successful recovering hardware encrypted hard drives where the encryption is performed by an interface board separate from the storage device. i.e. the popular Western Digital My Book.

However, SEDs or Self Encrypting Devices present a real problem. It is estimated that by 2017 over 80% of all hard drives and all SSD or Solid State Drives will be SED or self-encrypting devices. There are NO decryption methods available for these SEDs and if consumers and businesses are to adopt these new SEDs, this concern must be addressed by the manufacturers.

Encryption is here to stay whether you need it or not. If you do choose to encrypt your data, we suggest you always create a key file and store it in a secure location. Additionally, record all usernames and passwords in a secure location and until the SED manufactures create a solution for authorized decrypting, we suggest you steer clear of their products or be sure to regularly backup.

As always, when things don’t quite go as planned remember your friends at Memofix http://www.memofixdatarecovery.com/ are always willing to help!