How-To: Keep Your Files Secure

Alex Castle

These days, privacy is getting pretty hard to come by. Your boss checks your Facebook, your mom sees what you’re looking at on YouTube, and anyone who Googles your name can find out about that embarrassing incident at the IHOP.

That’s why we think you should at least be able to find some peace of mind on your own PC. With that in mind, we’ve prepared a quick guide for keeping files and folders on your computer hidden from prying eyes. We’ll cover four different ways to accomplish this, from the mundane to the nigh-unbreakable.

Method 1: Hide Folders

Alright, the first and easiest method for hiding files is the one that’s built into Windows. You’re almost certainly already familiar with it: The good old fashioned “Hide Folder” option. To hide a folder this way, all you do is right click on it, then click on the Hidden checkbox in the properties.

This will make the folder invisible to the file explorer, as long as the “”Do not show hidden files and folders” setting is selected in the folder options. If this option is not selected, the folder will still be visible, but slightly ghosted. Because it’s so easy to find folder hidden this way, it’s a technique that should only be used against someone who isn’t actually trying to snoop through your files.

Who this is going to fool: Your Mom, a small child

Method 2: Locked Archive

Method number two is definitely more secure, and not much more difficult to do than the first method. Here, we’ll hide sensitive files or folders by stashing them inside an encrypted (password locked) archive file. Almost any file archiver as the ability to encrypt a .ZIP archive, but the default encryption algorithm for many programs, called ZIPCrypto, is not terribly secure and can be cracked using programs available on the internet. Instead, make sure you use a program that can use very secure AES 256 bit encryption. Example of these include 7-Zip, PeaZip, and WinZIP. Windows’ built-in ZIP app does NOT do AES 256 b it encryption.

There are two issues to consider with locked archives. First, the encryption is only as strong as the password you choose, so pick a password that’s at least 10 characters long and has a mix of letters (upper and lower case), numbers and symbols. Even if it’s fairly long, a password that is a word is susceptible to a quick dictionary attack. Second, although the archive hides the contained files from peeping Toms, the archive itself is plainly visible. You can try to disguise the file as something else, but a big, encrypted archive is always suspicious.

Who this is going to fool: Probably nobody, but they’re going to have to waterboard you if they want to know what’s inside

Method 3: Steganography

Alright, enough of the boring methods, let’s get down to the James Bond stuff. Steganography is like cryptography, in that its goal is to hide a message from 3rd parties, but it goes a step further, demanding that the 3rd party not be able to tell that the hidden data even exists. Commonly, this is done by disguising one sort of file as another sort of file, or hiding it in a big pile of random data.

How can you get started with steganography? If you just want to impress your (easily impressed) friends, you can use one of a couple of web apps. Mozaiq is a site which allows you to hide a secret message inside a .png or .jpeg. It’s very limited (128kb image, 1024 characters max for your secret message) but it couldn’t be any easier: Just upload your image (or choose one of their stock photos), enter your message and an optional password, then click Hide Your Message! You can give the picture and password to anyone you want, and they can read the hidden message by going to the mozaiq decryption page.

If you want to hide one whole file, and not just a secret message inside another file, the maxant Steganography app has you covered. This is good for hiding single files, but if you’re looking to conceal a whole bunch of data, you’re going to need a more heavy duty solution. For that, read on.

Who this is going to fool: Anyone but a data forensics expert

Method 4: TrueCrypt

Finally, it’s time for the big guns: TrueCrypt. We’ve mentioned TrueCrypt several times before (as a means to secure a USB thumb drive, for instance) and with good reason; it’s simply the best solution for encrypting your data. However, it has another, sneakier feature that we haven’t yet covered, which allows you to place a hidden volume inside another encrypted volume.

How does it work? To understand that, you need to know how a standard TrueCrypt volume works. When you create an encrypted volume with TrueCrypt, you specify its size, like you would when creating a disk partition. The hidden volume will always occupy exactly this much space, regardless of how many files you put into it. Any space in the volume not occupied by encrypted data is filled with random data. To anyone without the passphrase, the encrypted data is completely indistinguishable from the random data. To anyone with the passphrase, the encrypted data can be decrypted, but the unused space remains totally random.

This creates an opportunity to hide more data. By encrypting additional data with a different passphrase and inserting it among the random data at the end of a volume, TrueCrypt creates an encrypted volume with two different Passphrases, each of which provides access to a different set of data. You can fill one of these volumes with decoy data, so that even if you ever need to give away a password you can give up the decoy password, and nobody will ever be able to prove that another volume even exists.

The process to create a hidden TrueCrypt volume is pretty simple. Just follow these steps:

Download TrueCrypt—which is free and open source—from its website . Run the executable; it doesn’t matter whether you choose to extract or install it. Go to where you extracted the files and run truecrypt.exe.

Next, click the Create Volume button.

Choose Create an encrypted file container , then Hidden TrueCrypt Volume , then Normal Mode .

You will now be guided through the necessary steps to create an outer volume. Choose a filename for the volume, a size and a password. Don’t worry about messing with the encryption. When given the opportunity, shake the mouse around in the window and press Format (don’t worry, this won’t format your hard drive).

Once the first (outer) volume is completed, you’ll repeat the process for the hidden volume. Choose a size that gives you enough room to plant decoy data in the outer volume, and pick a significantly different passphrase.

There! Now you’ve created your hidden volume. Now you can access it at any time by clicking Select file , browsing to the volume, then clicking on Mount from the main TrueCrypt screen and entering either the decoy or real passphrase.

Who this is going to fool: The KG-freakin’-B

Around the web