Author: Aaron Weiss
Review Date: 12/4/2006
We’ve all heard the news stories — a portable computer is stolen from a government agency or a business and the thieves have access to sensitive data about thousands if not millions of people. It happened to the Veterans Administration. It happened to Starbucks. A stolen computer is one thing — private information is another more serious problem entirely.
We may not have much direct control over whether government or business handles our personal information responsibly, but we can at least protect the information we do control thanks to encryption. Steganos Safe 2007 is an easy-to-use, $49.95 suite for creating and managing encrypted storage on your PC, migrating protected data among PCs, and permanently shredding data to defend against unwanted recovery.
Steganos Safe is available either as a boxed product or a 16MB download. The usual installer wizard walks you through a quick setup. Unlike some obtuse encryption products, Steganos Safe is designed with a clear, easy-to-follow interface and guides you through each process.
Once Steganos Safe is setup you can create one or more secure drives. Each will be protected with Steganos’ 256-bit AES encryption. The heart of the Steganos Safe suite is its virtual, encrypted drives. When creating a new secure drive — again, guided by a clear and simple wizard — you assign it a drive label, such as Private, and a Windows drive letter, such as Z:.
Next, you select a path to save the .SLE file that Steganos Safe will generate. You specify the total capacity of your secure drive based on the available space on the medium your .SLE file is being saved. With a sufficiently large physical hard disk formatted in NTFS, Steganos Safe can create a secure drive as large as 256GB. If your physical drive or partition is formatted in FAT32, only a maximum 4GB secure drive is supported.
Before the secure virtual drive is created you must select a password as your key to decrypting and accessing the secure drive.
As many security experts know, many people choose insecure passwords when protecting data. To its credit, Steganos has made the process of choosing a secure, strong password easier. When typing your new password, the interface instantly shows you how strong it is. The more you combine mixed characters and numbers in length, and the less you rely on dictionary words, the stronger Steganos will grade your password.
Steganos provides rseal-time password strength rating.
Alternatively, you can use Steganos’ built-in Password Wizard to generate your password randomly. You can constrain the wizard by length and types of characters to include. Again, you will see in real-time how strong the resulting password will be.
An even more innovative alternative to traditional text-based passwords is Steganos Safe’s “PicPass.” If you opt to generate a PicPass password, you are shown a series of photos or symbols. Click any number of images in a specified order, confirm this order by repeating the process, and a password number is generated. In the future, when attempting to open your secure drive, you can either enter the numerical code generated by PicPass or visually click images in sequence to open the drive.
PicPass lets you select a series of images as a password.
However you create a password, you also have the option to store it on a “key device.” When you save the password to a USB stick, a PocketPC, ActiveSync-enabled SmartPhone, PDA, memory card, digital camera, or even an iPod, that device becomes your key. If you try to open a secure drive with the key device attached, you do not need to manually enter a password. If you try to open the secure drive without the key device, you are prompted for the password. One caveat to remember is that if you leave your key device attached all the time, you basically defeat the purpose of using the secure drive.
When the secure drive is opened, it’s mounted in Windows under the drive letter you chose when creating it. From there, you can use the drive just like any other disk on your system. If your secure drive is mounted as Z:, any time you save data to this drive, it will be encrypted and stored in the .SLE virtual disk file. You can create any number of secure virtual drives.
Managing the Secure Drive
The Steganos Safe 2007 interface opens with a display of all secure drives and their current status. If a drive is currently open (mounted in Windows), you can close it (dismount it) with one click. If a drive is closed, you can click to mount it. You will be prompted for the password unless you have its key device attached.
Additionally, you can manage several aspects of each secure drive. You can change its name, label color, or Windows drive letter. You can change its password, capacity, the location of the .SLE virtual disk file, or even delete the whole drive.
Two actions per drive allow you to launch any application upon opening or closing a secure drive. You can also assign a keyboard hotkey that will open and close the secure drive without need to navigate the Steganos Safe interface.
Another wizard called “Mailbox encryption” lets you migrate existing Outlook e-mail, contacts, and calendars to your secure drive. Although this wizard only supports Outlook, any e-mail program can benefit from encryption simply by configuring that program to use the secure drive as its store for e-mail.
The included Steganos Portable Safe lets create a secure drive in portable storage, such as a CD/DVD or USB stick, ZIP drive or portable HD. Once you’ve selected your storage medium, choose the size of the secure virtual disk.
When Steganos creates the secure drive, it includes the decryption software on the medium. Suppose you create a 100MB secure drive on a USB stick. When you plug that stick into a PC, you can launch the Portable Safe application from the stick. From there, you can open and mount — with the appropriate password — the secure drive on a Windows drive letter of your choosing.
With Portable Safe, you can ensure that your mobile storage is accessible only by you.
It’s important to realize that even the data you delete on your PC can be vulnerable to interception. Normally, when you delete files they are not completely removed from your hard drive. Numerous data recovery applications can retrieve fragments of “deleted” files. This can be a life saver when you need to recover your own data, but potentially dangerous if someone else gets their hands on your drive.
The Steganos Shredder, like its mechanical equivalent, permanently destroys data so that it cannot be recovered. You can shred existing drives or files, or scrub free space on your drive from any fragments of old files you may have deleted in the past.
Security vs. Performance
Encrypted data comes at the cost of extra processing overhead. With Steganos Safe 2007, overhead comes from two sources — one, the encryption and decryption process, and two, accessing a virtual disk file rather than direct access to the physical hard disk.
To illustrate the performance penalty of a secure drive, we created a secure drive and mounted it. Then, we ran SiSoft Sandra disk access benchmarks against the drive that the .STE file was saved to, and the mounted secure drive itself.
Read and write speeds to the “real” Windows partition containing the .STE virtual disk file averaged 57MB/s. Random access time was 8ms.
In contrast, read speed to the virtual drive mounted by Steganos Safe averaged 28MB/s and write speed 40MB/s.
The bottomline is that reading and writing to the Steganos secure virtual drive can invoke a performance penalty of nearly 50 percent. For most of the kinds of files you would expect to encrypt — documents and e-mail — the penalty will seem insignificant or transparent since these files are usually small. If, on the other hand, you use the secure drive to save large multimedia files, the performance hit will become more noticeable.