Having your laptop stolen is traumatic; having the thief gain access to your sensitive documents could be catastrophic.
To avert the possibility of catastrophe, use an encryption tool to protect your most important files. With Steganos Safe 18, you can create any number of encrypted storage containers.
Steganos combines an impressive variety of security options with an interface that’s very easy to use.
Your $39.95 purchase lets you install Steganos Safe on up to five PCs.
This is a one-time cost, which is a common model for encryption tools.
Editors’ Choice utility Folder Lock also costs $39.95, and Ranquel Technologies CryptoForge goes for $39.70. You’ll pay $45 for Cypherix PC, and $59.95 for CryptoExpert. Note, though, that those are single licenses.
The five-license Steganos package is quite a bargain.
In addition to being available a standalone product, Steganos Safe is an integral part of the full Steganos Privacy Suite.
This suite also includes Steganos Password Manager 18 and a number of other useful tools.
What Is Encryption?
Throughout history, rulers and generals have needed to communicate their plans in secret, and their enemies have devoted great resources to cracking their secret communication systems.
A cipher that simply replaces every letter with a different letter or symbol is easy enough to crack based on letter frequency.
France’s Louis XIV used a system called The Great Cipher, which held out for 200 years before anyone cracked it.
Father-son team Antoine and Bonaventure Rossignol conceived the idea of encoding syllables rather than letters, and letting multiple code numbers represent the same syllable.
They also included nulls, numbers that contributed nothing to the cipher.
But even this long-unbroken cipher pales in comparison with modern encryption technology.
Advanced Encryption Standard (AES), the US government’s official standard, runs blocks of data through multiple transformations, typically using a 256-bit key.
Bruce Schneier’s Blowfish algorithm should be even tougher to crack, as it uses a 448-byte key.
Whatever the size of the key, you must get it to the recipient somehow, and that process is the weakest point in the system.
If your enemy obtains the key, whatever its size, you lose. Public Key Infrastructure (PKI) cryptography has no such weakness.
Each user has two keys, a public key that’s visible to anybody and a private key that nobody else has.
If I encrypt a file with your public key, you can decrypt it with the private key.
Conversely, if I encrypt a file with my private key, the fact that you can decrypt it with my public key proves it came from me—a digital signature.
Getting Started with Steganos Safe
The Steganos encryption utility’s installation is quick and simple. Once finished, it shows you a simple main window that has two big buttons, one to create a new safe and one to open a hidden safe.
When a safe is open, it looks and acts precisely like a disk drive. You can move files into and out of it, create new documents, edit documents in place, and so on.
But once you close the safe, its contents become totally inaccessible. Nobody can unlock it without the password, not even Steganos.
Like Editors’ Choice tools CertainSafe Digital Safety Deposit Box, AxCrypt, and Folder Lock, Steganos uses AES for all encryption. However, it cranks the key size up from the usual 256 bits to 384 bits.
CryptoExpert and CryptoForge offer four different algorithms, and Advanced Encryption Package goes over the top with 17 choices.
Few users have the knowledge to make an informed choice of algorithm, so I see no problem sticking with AES.
Steganos warns if you try to close a safe while you still have files from the safe open for editing.
In addition to the basic safe, Steganos can optionally create portable safes and cloud safes.
I’ll cover each safe type separately.
Create a Safe
The process of creating a new safe for storing your sensitive documents is quite simple, with a wizard that walks you through the steps. You start by assigning a name and drive letter to the safe—the program’s main window shows you the name.
By default, Steganos creates the file representing your safe in a subfolder of the Documents folder, but you can override that default to put it wherever you want, including on a network drive.
Next, you define the safe’s capacity, from a minimum of 2MB to a maximum that depends on your operating system. Unlike Cypherix PE and CryptoExpert, with Steganos the initial capacity doesn’t have to be a hard limit. You can create a safe whose size grows dynamically.
Folder Lock works a bit differently. While you must set a maximum size at creation, it only uses as much space as its current content requires.
A newly created Cypherix volume requires formatting. With Steganos, the safe is ready for use immediately.
The next step is to select a password.
If you’ve created a master password for Steganos Password Manager, the password dialog should look familiar.
Steganos rates password strength as you type.
If you wish, you can define the password by clicking a sequence of pictures rather than typing it in.
There’s also an option to enter the password using a virtual keyboard.
Folder Lock and InterCrypto Advanced Encryption Package 2016 also offer a virtual keyboard.
Here’s a useful option. You can choose to store the password on a removable drive, making that drive effectively the safe’s key.
By default, a safe opened in this way closes automatically when you remove the key.
It’s not two-factor authentication, as you can still unlock the safe using just the password, but it’s certainly convenient.
In a similar situation, you can configure InterCrypto CryptoExpert 8 to require both the master password and the USB key.
Digging into the program’s settings, you can simplify the process by disabling advanced wizard options.
If you do so, Steganos chooses default values for each new safe’s drive letter and filename.
There’s a special option that only appears for safes smaller than 3MB.
If you’ve chosen an acceptable size, a link appears explaining how you can create a hidden safe.
Steganos can hide a small-enough safe inside a video, audio, or executable file.
After creating the safe, you click it, choose Hide from the menu, and select a carrier file.
Steganos stuffs the entire safe into the carrier, without affecting the carrier’s ability to function as a program or audio/video file.
To open it, you click Open a Hidden Safe on the main window, select the carrier, and enter the password. Just don’t forget where you hid the safe.
For additional security, consider creating a portable safe that you only bring out when you need to access it.
The process is similar. You start by selecting the target device, which can be a USB storage device or an optical drive. You define the size and create a password, just as for a regular safe.
But then the process diverges.
Steganos creates and opens what it calls a prepackaging drive, using the drive letter of your choice.
Showing its age, the tool warns that portable safes don’t support Windows NT 4.0 or Windows 95/98/Me. You click to open the prepackaging drive and drag the desired files into it. When you click Next, Steganos creates the necessary files on the target device. You’re done!
If the size of the portable safe is less than about 512MB, Steganos creates what it calls a SelfSafe by default.
As with the hidden option for regular safes, you won’t even see this as a choice if your desired size is too large.
The SelfSafe is a single executable file called SteganosPortableSafe.exe that contains both the necessary decryption code and the data representing the safe’s contents. Otherwise, it stores the contents in a folder called Portable_Safe and adds a file called usbstarter.exe.
Either way, launching the file lets you enter the password and open the portable safe.
In testing, I did run into one surprise; a portable safe is not completely portable.
It requires the Steganos encryption engine. You can only open and work with your portable safe on a PC where you’ve installed the program.
As noted, you can open a portable safe on any PC where you’ve installed Steganos Safe.
Creating a cloud safe is another way to share your encrypted files between PCs.
Steganos supports the cloud storage services Dropbox, Google Drive, or Microsoft OneDrive. Whichever you choose, you must install that cloud service’s desktop app.
The help points out that Google Drive and OneDrive must re-sync the entire safe when there’s any change, while DropBox can selectively sync changes only.
My test PC didn’t have any of the desktop apps installed, and the cloud safe creation dialog reflected this fact.
For testing purposes, I installed the Dropbox app.
As with a regular safe, you select a name and drive letter and then choose the safe’s size.
For a cloud safe, you don’t get the option to have the safe expand as needed.
Create your password, wait for the safe’s initialization, and you’re ready to go.
The safe syncs to the cloud each time you close it, and you can use it on any PC that has both Steganos and the proper cloud app installed.
Click a safe and click Settings to bring up the administration dialog. Here you can change the password, name, and file location for the safe, but that’s not all. On the main page of the dialog you can color-code the safe, and choose whether Windows should see it as a local drive or a removable drive. On the Events tab, you can choose whether to open the safe when you log on, and whether to close it on events such as screen saver activation or going into standby.
There’s an option to define an action that occurs after the safe opens, and after it closes.
For example, you could configure it to automatically launch a file that resides within the safe after opening it, or automatically make a backup copy after closing it.
Perhaps most interesting is the Safe in a Safe feature.
This defines a separate safe, hidden within the normal safe, occupying a user-defined percentage of available space, and having its own password.
Depending on which password you use to open the safe, you either open the Safe in a Safe, or the original safe that contains it.
Sneaky! But take care.
If you overfill the outer safe, its contents can wipe out the super-secret Safe in a Safe.
It’s all well and good to put your most sensitive files into an encrypted safe, but if you leave the unencrypted originals on disk, you haven’t accomplished much, security-wise.
Even if you delete the originals, they’re not really gone, because their data remains on disk until new data overwrites it.
For true privacy, you must use a secure deletion tool that overwrites file data before deletion, something like this program’s file-shredder component.
The easiest way to use the shredder is to right-click a file or folder and choose Destroy from the menu that appears.
Steganos overwrites the file’s data once and then deletes it.
This should be sufficient to foil software-based file recovery systems, though it would still be theoretically possible for a hardware-based forensic tool to get back some or all of the data.
Folder Lock, by contrast, lets you choose up to 35 overwrite passes, which is overkill, as there’s no added benefit after seven passes.
Launching the full File Shredder from the main window’s menu reveals that it does more than just securely delete files.
As with Folder Lock, Steganos can overwrite all the free space on a disk.
Doing so wipes out all traces of previously deleted files, in effect shredding them ex post facto.
This can be a lengthy process, so you may want to use the scheduler to set it for a time when you’re not using the computer. You can also schedule daily or weekly free space shredding. Note that if you stop and restart the free space shredding process, it skips quickly past previously shredded areas.
Finally, there’s the Complete Shredder nuclear option.
Choose this to completely wipe out all data on a drive, including partition data.
A drive that’s been shredded in this way must be formatted before you can do anything with it. Like shredding free space, this process can take quite a while.
By observation, you can’t shred the active Windows volume, which makes sense. When I tried, there was no error message, but it did nothing.
Comprehensive Encrypted Storage
Steganos Safe 18 focuses on the singular task of creating encrypted storage containers for your sensitive files, and it does that task very well.
It’s easier to use than most of its competitors, and its Safe in Safe and hidden safe options are unique. You can only use its portable safe and cloud safe features on PCs that have the program installed, but your purchase gets you five licenses.
However, Folder Lock does most of what Steganos does, and quite a lot more.
It features include encryption of individual files and folders, secure storage of private data, a history cleaner, and (at an extra cost) secure online backup.
AxCrypt Premium is even easier to use than Steganos, and supports public key cryptography.
And CertainSafe Digital Safety Deposit Box protects your cloud-stored encrypted files against any possibility of a data breach.
These three are our Editors’ Choice products for encryption, but Steganos is a worthy contender.