Firewalls and antivirus programs are just dandy for

protecting your PC itself, but what about the stuff that’s

on your PC? The thousands of MP3s you’ve amassed

over the years; your income-tax returns dating back

to the Reagan presidency; your infallible proposal for

achieving peace in the Middle East—we’re talking about

your data, chief. Those precious bits and bytes might be

safe enough on your hard drive, but they’re dangerously

exposed the moment they leave the shelter of your

home. Send an e-mail, and it might pass through dozens

of other computers on the Internet, where it could be

easily intercepted and read before reaching its intended

recipient. Indulge in the convenience of carrying your

most important data in your pocket on a USB fl ash drive

or a portable hard disk, and you’ll be in a world of hurt if

that pocket drive is lost or stolen.

Digital thieves are everywhere, so we’ll show you

some easy ways—using free and low-cost tools—to

defend the data stored on your pocket drives. We’ll show

you how you can ensure the privacy of your e-mail, too.

And for the uninitiated, we’ll explain the basics of what

encryption is and how it works.

?

JUNE 2005 MA XIMUMPC 

How To...^ A step-by-step guide to tweaking your PC experience

TIME TO COMPLETION

00:46

HOURS MINUTES

MA XIMUMPC

Protect Your Data

FROM DIGITAL THIEVES

BY OMEED

CHANDRA

Use encryption technology to

keep your private data out of

the public domain

WHAT IS THIS “ENCRYPTION”

YOU SPEAK OF?

You probably use encryption all

the time, whether you realize it

or not. Encryption is what keeps

shady characters from seeing

your password when you log onto

Hotmail, or stealing your credit-

card number while shopping

online. And in a much more potent

form, it’s what the government

uses to keep enemies of the state

from getting their hands on top-

secret NSA communiqués.

Encryption is fundamentally

about obscuring data, using a

special code called a key. Here’s a

simple example: Say your best

friend wants to know how much you

really paid for your engagement

ring. Suspecting that your girlfriend

is monitoring your Internet

connection, you e-mail your buddy

saying the ring cost $8,000. Next,

you call him on the telephone and

inform him that you encoded the

message by multiplying the true

price by 800. Your friend then

divides 8,000 by 800 to learn that

the ring cost a mere $10; your

girlfriend will be none the wiser.

(Note: Maximum PC does not

advocate buying your fi ancé a $10

engagement ring, and we accept no

responsibility for the consequences

of such unwise actions.)

Real-world encryption

procedures are much more

complicated, of course, but the

concept is basically the same.

They differ mainly in terms of

the number and types of keys

used to scramble and unscramble

data, as well as how those keys

are computed. Good encryption

algorithms generally use very

large numbers (indicated by the

bit strength, e.g., 128-bit) and

complex formulas. In order to

decrypt something, you’ll need to

either know or be able to compute

the proper key. Assuming the

key-generating algorithm is too

complex to decipher, the only way

a hacker can decrypt your data is

by guessing the right key. That’s

why higher bit strength translates

into better security—a 256-bit

binary key (where the value of

each bit can be either 0 or 1) has

a whopping 2^256 possible values!

Few (if any) criminals will bother

with the exorbitant amount of

time needed to try out that many

keys—they’ll just move on to an

easier target.

OK, that’s simple enough; the

more bits, the better. But how

can you tell whether a particular

encryption utility uses a secure

algorithm? As a rule of thumb, opt

for utilities that employ one of the

widely used encryption algorithms

that cryptography experts have

deemed secure. There are too

many to mention here, but some

of the most popular include AES

(Advanced Encryption Standard),

RC4, Blowfi sh, and 3DES (Third

Generation Data Encryption

Standard). We’ll stick with AES

for this how-to; AES has yet to be

cracked as of this writing.