Jump to content

Compression and encryption

Guest David Walker

By Guest David Walker
in Windows XP

 Share

Recommended Posts

Guest David Walker

Guest David Walker

Posted
Posted

I will be using a system that's running Windows XP Pro (SP3) as a backup

target, probably using an FTP server, to back up some home and work files

-- the computer will be in a remote location (across town).

 

I would like to have both encryption (in case the computer gets stolen) and

compression active on the folders that the data gets backed up to. I would

prefer not to Zip the files for various reasons (such as, I don't want to

have to mass-unzip them in case the source computer loses a hard drive).

 

I could tell Windows to compress the files that get written to the folder,

and use a third-party folder encryption program, OR I could tell Windows to

encrypt the files, but then I would have to use something else to compress

them.

 

(Mode-Z for FTP only compresses the data during transfer, right? Once it's

written to the target disk, it will be stored "normally" I think.)

 

I would appreciate any suggestions anyone has. Thanks.

 

 

David Walker

  • Replies 12
  • Created
  • Last Reply

Popular Days

Popular Days

Guest VanguardLH

Guest VanguardLH

Posted
Posted

Re: Compression and encryption

 

David Walker wrote:

> I will be using a system that's running Windows XP Pro (SP3) as a backup

> target, probably using an FTP server, to back up some home and work files

> -- the computer will be in a remote location (across town).

>

> I would like to have both encryption (in case the computer gets stolen) and

> compression active on the folders that the data gets backed up to. I would

> prefer not to Zip the files for various reasons (such as, I don't want to

> have to mass-unzip them in case the source computer loses a hard drive).

>

> I could tell Windows to compress the files that get written to the folder,

> and use a third-party folder encryption program, OR I could tell Windows to

> encrypt the files, but then I would have to use something else to compress

> them.

>

> (Mode-Z for FTP only compresses the data during transfer, right? Once it's

> written to the target disk, it will be stored "normally" I think.)

>

> I would appreciate any suggestions anyone has. Thanks.

>

> David Walker

 

Windows XP Pro comes with EFS (encrypting file system). Be sure to

export the EFC certificate to removable media so you have it should you

ever have to reinstall the OS. You'll need to import that cert to

regain access to the encrypted file created under the old instance of

Windows that used that cert. Read all the included help (Start -> Help

and Support) on EFS before using it. The EFS cert is available when you

login, so be sure to use *strong* login credentials for whatever account

under which you use EFS. If you use any auto-login utility then you

choose to eliminate any security since anyone powering up that host will

login under your account and have access as yourself to those EFS

protected files.

 

Truecrypt (free) can encrypt using file containers or an entire

partition. However, you'll need to enter the password when you boot the

remote host to open the Truecrypt container so you can read/write to it.

You won't have access to the encrypted container until you provide the

password, and the same for anyone else that cracks your Windows login.

Guest Patrick Keenan

Guest Patrick Keenan

Posted
Posted

Re: Compression and encryption

 

"David Walker" <none@none.com> wrote in message

news:Xns9ADB568DE4CC4DavidWalker@207.46.248.16...

>I will be using a system that's running Windows XP Pro (SP3) as a backup

> target, probably using an FTP server, to back up some home and work files

> -- the computer will be in a remote location (across town).

>

> I would like to have both encryption (in case the computer gets stolen)

> and

> compression active on the folders that the data gets backed up to. I

> would

> prefer not to Zip the files for various reasons (such as, I don't want to

> have to mass-unzip them in case the source computer loses a hard drive).

>

> I could tell Windows to compress the files that get written to the folder,

> and use a third-party folder encryption program, OR I could tell Windows

> to

> encrypt the files, but then I would have to use something else to compress

> them.

>

> (Mode-Z for FTP only compresses the data during transfer, right? Once

> it's

> written to the target disk, it will be stored "normally" I think.)

>

> I would appreciate any suggestions anyone has. Thanks.

>

>

> David Walker

 

As noted, you must understand EFS if you want to successfully or safely use

it. But it does rely on being able to log into the account, so if you set

your PC to log in automatically, you've bypassed all the protection that

encryption might offer in case of theft.

 

You must have strong passwords on the encrypted account, and you cannot have

them set to be remembered.

 

And yes, you absolutely must export the certificates and understand how to

re-import them. If you change the account, you must repeat this.

 

HTH

-pk

Guest Lem

Guest Lem

Posted
Posted

Re: Compression and encryption

 

David Walker wrote:

> I will be using a system that's running Windows XP Pro (SP3) as a backup

> target, probably using an FTP server, to back up some home and work files

> -- the computer will be in a remote location (across town).

>

> I would like to have both encryption (in case the computer gets stolen) and

> compression active on the folders that the data gets backed up to. I would

> prefer not to Zip the files for various reasons (such as, I don't want to

> have to mass-unzip them in case the source computer loses a hard drive).

>

> I could tell Windows to compress the files that get written to the folder,

> and use a third-party folder encryption program, OR I could tell Windows to

> encrypt the files, but then I would have to use something else to compress

> them.

>

> (Mode-Z for FTP only compresses the data during transfer, right? Once it's

> written to the target disk, it will be stored "normally" I think.)

>

> I would appreciate any suggestions anyone has. Thanks.

>

>

> David Walker

 

This bears repeating a third time: make sure to export your

certificates to removable media.

See "Best practices for the Encrypting File System"

http://support.microsoft.com/kb/223316/en-us

 

And you are correct that NTFS does not support compression and

encryption at the same time. Given the current low cost of hard drives,

why even bother with compression?

 

--

Lem -- MS-MVP

 

To the moon and back with 2K words of RAM and 36K words of ROM.

http://en.wikipedia.org/wiki/Apollo_Guidance_Computer

http://history.nasa.gov/afj/compessay.htm

Guest David Walker

Guest David Walker

Posted
Posted

Re: Compression and encryption

 

VanguardLH <V@nguard.LH> wrote in

news:Tpidnfwg_qtH-ObVnZ2dnUVZ_qTinZ2d@comcast.com:

> David Walker wrote:

>

>> I will be using a system that's running Windows XP Pro (SP3) as a

>> backup target, probably using an FTP server, to back up some home and

>> work files -- the computer will be in a remote location (across

>> town).

>>

>> I would like to have both encryption (in case the computer gets

>> stolen) and compression active on the folders that the data gets

>> backed up to. I would prefer not to Zip the files for various

>> reasons (such as, I don't want to have to mass-unzip them in case the

>> source computer loses a hard drive).

>>

>> I could tell Windows to compress the files that get written to the

>> folder, and use a third-party folder encryption program, OR I could

>> tell Windows to encrypt the files, but then I would have to use

>> something else to compress them.

>>

>> (Mode-Z for FTP only compresses the data during transfer, right?

>> Once it's written to the target disk, it will be stored "normally" I

>> think.)

>>

>> I would appreciate any suggestions anyone has. Thanks.

>>

>> David Walker

>

> Windows XP Pro comes with EFS (encrypting file system). Be sure to

> export the EFC certificate to removable media so you have it should

> you ever have to reinstall the OS. You'll need to import that cert to

> regain access to the encrypted file created under the old instance of

> Windows that used that cert. Read all the included help (Start ->

> Help and Support) on EFS before using it. The EFS cert is available

> when you login, so be sure to use *strong* login credentials for

> whatever account under which you use EFS. If you use any auto-login

> utility then you choose to eliminate any security since anyone

> powering up that host will login under your account and have access as

> yourself to those EFS protected files.

>

> Truecrypt (free) can encrypt using file containers or an entire

> partition. However, you'll need to enter the password when you boot

> the remote host to open the Truecrypt container so you can read/write

> to it. You won't have access to the encrypted container until you

> provide the password, and the same for anyone else that cracks your

> Windows login.

 

I have used EFS, and I do understand it. HOWEVER, that doesn't really

answer my question: I want both compression and encryption.

 

Thanks.

 

 

David Walker

Guest David Walker

Guest David Walker

Posted
Posted

Re: Compression and encryption

 

Lem <lemp40@unknownhost> wrote in

news:Oq#KExf5IHA.1204@TK2MSFTNGP04.phx.gbl:

> David Walker wrote:

>> I will be using a system that's running Windows XP Pro (SP3) as a

>> backup target, probably using an FTP server, to back up some home and

>> work files -- the computer will be in a remote location (across

>> town).

>>

>> I would like to have both encryption (in case the computer gets

>> stolen) and compression active on the folders that the data gets

>> backed up to. I would prefer not to Zip the files for various

>> reasons (such as, I don't want to have to mass-unzip them in case the

>> source computer loses a hard drive).

>>

>> I could tell Windows to compress the files that get written to the

>> folder, and use a third-party folder encryption program, OR I could

>> tell Windows to encrypt the files, but then I would have to use

>> something else to compress them.

>>

>> (Mode-Z for FTP only compresses the data during transfer, right?

>> Once it's written to the target disk, it will be stored "normally" I

>> think.)

>>

>> I would appreciate any suggestions anyone has. Thanks.

>>

>>

>> David Walker

>

> This bears repeating a third time: make sure to export your

> certificates to removable media.

> See "Best practices for the Encrypting File System"

> http://support.microsoft.com/kb/223316/en-us

>

> And you are correct that NTFS does not support compression and

> encryption at the same time. Given the current low cost of hard

> drives, why even bother with compression?

>

 

I would bother with compresseion because I want to eventually back up

data from several local companies that I work with, and much of the data

is very compressible.

 

Thanks.

 

David Walker

Guest David Walker

Guest David Walker

Posted
Posted

Re: Compression and encryption

 

"Patrick Keenan" <test@dev.null> wrote in

news:#QIdbDf5IHA.2332@TK2MSFTNGP03.phx.gbl:

> "David Walker" <none@none.com> wrote in message

> news:Xns9ADB568DE4CC4DavidWalker@207.46.248.16...

>>I will be using a system that's running Windows XP Pro (SP3) as a

>>backup

>> target, probably using an FTP server, to back up some home and work

>> files -- the computer will be in a remote location (across town).

>>

>> I would like to have both encryption (in case the computer gets

>> stolen) and

>> compression active on the folders that the data gets backed up to. I

>> would

>> prefer not to Zip the files for various reasons (such as, I don't

>> want to have to mass-unzip them in case the source computer loses a

>> hard drive).

>>

>> I could tell Windows to compress the files that get written to the

>> folder, and use a third-party folder encryption program, OR I could

>> tell Windows to

>> encrypt the files, but then I would have to use something else to

>> compress them.

>>

>> (Mode-Z for FTP only compresses the data during transfer, right?

>> Once it's

>> written to the target disk, it will be stored "normally" I think.)

>>

>> I would appreciate any suggestions anyone has. Thanks.

>>

>>

>> David Walker

>

> As noted, you must understand EFS if you want to successfully or

> safely use it. But it does rely on being able to log into the

> account, so if you set your PC to log in automatically, you've

> bypassed all the protection that encryption might offer in case of

> theft.

>

> You must have strong passwords on the encrypted account, and you

> cannot have them set to be remembered.

>

> And yes, you absolutely must export the certificates and understand

> how to re-import them. If you change the account, you must repeat

> this.

>

> HTH

> -pk

>

 

Thanks; I never have any of my systems set to log on automatically, and

I do have the certificates for the systems that use EFS, exported to a

couple of places (other than the original systems).

 

David

Guest Edric

Guest Edric

Posted
Posted

Re: Compression and encryption

 

On Mon, 14 Jul 2008 15:04:12 -0700, David Walker <none@none.com>

wrote:

>Lem <lemp40@unknownhost> wrote in

>news:Oq#KExf5IHA.1204@TK2MSFTNGP04.phx.gbl:

>

>> David Walker wrote:

>>> I will be using a system that's running Windows XP Pro (SP3) as a

>>> backup target, probably using an FTP server, to back up some home and

>>> work files -- the computer will be in a remote location (across

>>> town).

>>>

>>> I would like to have both encryption (in case the computer gets

>>> stolen) and compression active on the folders that the data gets

>>> backed up to. I would prefer not to Zip the files for various

>>> reasons (such as, I don't want to have to mass-unzip them in case the

>>> source computer loses a hard drive).

>>>

>>> I could tell Windows to compress the files that get written to the

>>> folder, and use a third-party folder encryption program, OR I could

>>> tell Windows to encrypt the files, but then I would have to use

>>> something else to compress them.

>>>

>>> (Mode-Z for FTP only compresses the data during transfer, right?

>>> Once it's written to the target disk, it will be stored "normally" I

>>> think.)

>>>

>>> I would appreciate any suggestions anyone has. Thanks.

>>>

>>>

>>> David Walker

>>

>> This bears repeating a third time: make sure to export your

>> certificates to removable media.

>> See "Best practices for the Encrypting File System"

>> http://support.microsoft.com/kb/223316/en-us

>>

>> And you are correct that NTFS does not support compression and

>> encryption at the same time. Given the current low cost of hard

>> drives, why even bother with compression?

>>

>

>I would bother with compresseion because I want to eventually back up

>data from several local companies that I work with, and much of the data

>is very compressible.

>

>Thanks.

>

>David Walker

There are plenty of Backup programs out there that will compress the

files as they do their job. Let THEM do the compression for you. As

mentioned many times, the OS will NOT do both for your.

Guest David Walker

Guest David Walker

Posted
Posted

Re: Compression and encryption

 

Edric <none@nobody.net> wrote in

news:kfsn74d905ft4s12am2av7hri24bt9ejtr@4ax.com:

> On Mon, 14 Jul 2008 15:04:12 -0700, David Walker <none@none.com>

> wrote:

>

>>Lem <lemp40@unknownhost> wrote in

>>news:Oq#KExf5IHA.1204@TK2MSFTNGP04.phx.gbl:

>>

>>> David Walker wrote:

>>>> I will be using a system that's running Windows XP Pro (SP3) as a

>>>> backup target, probably using an FTP server, to back up some home

and

>>>> work files -- the computer will be in a remote location (across

>>>> town).

>>>>

>>>> I would like to have both encryption (in case the computer gets

>>>> stolen) and compression active on the folders that the data gets

>>>> backed up to. I would prefer not to Zip the files for various

>>>> reasons (such as, I don't want to have to mass-unzip them in case

the

>>>> source computer loses a hard drive).

>>>>

>>>> I could tell Windows to compress the files that get written to the

>>>> folder, and use a third-party folder encryption program, OR I could

>>>> tell Windows to encrypt the files, but then I would have to use

>>>> something else to compress them.

>>>>

>>>> (Mode-Z for FTP only compresses the data during transfer, right?

>>>> Once it's written to the target disk, it will be stored "normally"

I

>>>> think.)

>>>>

>>>> I would appreciate any suggestions anyone has. Thanks.

>>>>

>>>>

>>>> David Walker

>>>

>>> This bears repeating a third time: make sure to export your

>>> certificates to removable media.

>>> See "Best practices for the Encrypting File System"

>>> http://support.microsoft.com/kb/223316/en-us

>>>

>>> And you are correct that NTFS does not support compression and

>>> encryption at the same time. Given the current low cost of hard

>>> drives, why even bother with compression?

>>>

>>

>>I would bother with compresseion because I want to eventually back up

>>data from several local companies that I work with, and much of the

data

>>is very compressible.

>>

>>Thanks.

>>

>>David Walker

> There are plenty of Backup programs out there that will compress the

> files as they do their job. Let THEM do the compression for you. As

> mentioned many times, the OS will NOT do both for your.

>

 

Well, it wasn't really mentioned "many times", although *I* mentioned it

in my first post. Lem mentioned it once.

 

Backup programs that compress the files generally make Zip files out of

the files they are backing up, since that's just about the only way to

accomplish this.

 

I think I'll end up with a third-party encryption program, such as

TrueCrypt, and Windows' built-in compression.

 

 

David

Guest VanguardLH

Guest VanguardLH

Posted
Posted

Re: Compression and encryption

 

David Walker wrote:

> VanguardLH <V@nguard.LH> wrote in

> news:Tpidnfwg_qtH-ObVnZ2dnUVZ_qTinZ2d@comcast.com:

>

>> David Walker wrote:

>>

>>> I will be using a system that's running Windows XP Pro (SP3) as a

>>> backup target, probably using an FTP server, to back up some home and

>>> work files -- the computer will be in a remote location (across

>>> town).

>>>

>>> I would like to have both encryption (in case the computer gets

>>> stolen) and compression active on the folders that the data gets

>>> backed up to. I would prefer not to Zip the files for various

>>> reasons (such as, I don't want to have to mass-unzip them in case the

>>> source computer loses a hard drive).

>>>

>>> I could tell Windows to compress the files that get written to the

>>> folder, and use a third-party folder encryption program, OR I could

>>> tell Windows to encrypt the files, but then I would have to use

>>> something else to compress them.

>>>

>>> (Mode-Z for FTP only compresses the data during transfer, right?

>>> Once it's written to the target disk, it will be stored "normally" I

>>> think.)

>>>

>>> I would appreciate any suggestions anyone has. Thanks.

>>>

>>> David Walker

>>

>> Windows XP Pro comes with EFS (encrypting file system). Be sure to

>> export the EFC certificate to removable media so you have it should

>> you ever have to reinstall the OS. You'll need to import that cert to

>> regain access to the encrypted file created under the old instance of

>> Windows that used that cert. Read all the included help (Start ->

>> Help and Support) on EFS before using it. The EFS cert is available

>> when you login, so be sure to use *strong* login credentials for

>> whatever account under which you use EFS. If you use any auto-login

>> utility then you choose to eliminate any security since anyone

>> powering up that host will login under your account and have access as

>> yourself to those EFS protected files.

>>

>> Truecrypt (free) can encrypt using file containers or an entire

>> partition. However, you'll need to enter the password when you boot

>> the remote host to open the Truecrypt container so you can read/write

>> to it. You won't have access to the encrypted container until you

>> provide the password, and the same for anyone else that cracks your

>> Windows login.

>

> I have used EFS, and I do understand it. HOWEVER, that doesn't really

> answer my question: I want both compression and encryption.

>

> Thanks.

>

> David Walker

 

Compression doesn't work very well with encryption. Why? Because after

being encrypted, there aren't enough repeat patterns to resolve into a

shorter byte string. Encryption pretty much randomizes the sequence of

bytes so compression can't do much more with it. You have to encrypt

before compress, and once encrypted you won't get much, if any,

compression.

 

You need to make a choice: encryption or compression. If you choose

encryption, you obviate compresion, so make sure you have lots if disk

space to store all the files and do so in the future. If you choose

compression, you obviate encryption (because compression already

pseudo-randomizes the byte strings since the originals aren't there

anymore - AND you can use uncommon compression schemes OR you can

password-protect the compression archive file which adds further

manipulation of the compression strings).

Guest John Wunderlich

Guest John Wunderlich

Posted
Posted

Re: Compression and encryption

 

VanguardLH <V@nguard.LH> wrote in

news:AoOdncsTZ_NWbuHVnZ2dnUVZ_r3inZ2d@comcast.com:

> Compression doesn't work very well with encryption. Why? Because

> after being encrypted, there aren't enough repeat patterns to

> resolve into a shorter byte string. Encryption pretty much

> randomizes the sequence of bytes so compression can't do much more

> with it. You have to encrypt before compress, and once encrypted

> you won't get much, if any, compression.

>

> You need to make a choice: encryption or compression.

 

This is not true.

 

What you describe is encryption and THEN compression (which, as you

state, doesn't work well). Compression FIRST followed by encryption

works very well and is done by default by most OpenPGP compatible

applications. In fact, the compression randomizes the data to be

encrypted making it harder to break the encryption.

 

Probably the best solution would be to use a program like Truecrypt

along with the Windows built-in compression. Windows would compress

the unencrypted file, then Truecrypt would encrypt the compressed file

for storage.

 

FWIW

-- John

Guest Patrick Keenan

Guest Patrick Keenan

Posted
Posted

Re: Compression and encryption

 

"David Walker" <none@none.com> wrote in message

news:Xns9ADBA3A8167E0DavidWalker@207.46.248.16...

> "Patrick Keenan" <test@dev.null> wrote in

> news:#QIdbDf5IHA.2332@TK2MSFTNGP03.phx.gbl:

>

>> "David Walker" <none@none.com> wrote in message

>> news:Xns9ADB568DE4CC4DavidWalker@207.46.248.16...

>>>I will be using a system that's running Windows XP Pro (SP3) as a

>>>backup

>>> target, probably using an FTP server, to back up some home and work

>>> files -- the computer will be in a remote location (across town).

>>>

>>> I would like to have both encryption (in case the computer gets

>>> stolen) and

>>> compression active on the folders that the data gets backed up to. I

>>> would

>>> prefer not to Zip the files for various reasons (such as, I don't

>>> want to have to mass-unzip them in case the source computer loses a

>>> hard drive).

>>>

>>> I could tell Windows to compress the files that get written to the

>>> folder, and use a third-party folder encryption program, OR I could

>>> tell Windows to

>>> encrypt the files, but then I would have to use something else to

>>> compress them.

>>>

>>> (Mode-Z for FTP only compresses the data during transfer, right?

>>> Once it's

>>> written to the target disk, it will be stored "normally" I think.)

>>>

>>> I would appreciate any suggestions anyone has. Thanks.

>>>

>>>

>>> David Walker

>>

>> As noted, you must understand EFS if you want to successfully or

>> safely use it. But it does rely on being able to log into the

>> account, so if you set your PC to log in automatically, you've

>> bypassed all the protection that encryption might offer in case of

>> theft.

>>

>> You must have strong passwords on the encrypted account, and you

>> cannot have them set to be remembered.

>>

>> And yes, you absolutely must export the certificates and understand

>> how to re-import them. If you change the account, you must repeat

>> this.

>>

>> HTH

>> -pk

>>

>

> Thanks; I never have any of my systems set to log on automatically, and

> I do have the certificates for the systems that use EFS, exported to a

> couple of places (other than the original systems).

>

> David

 

Glad to hear it. As you probably know, most of the time people post here

about encryption is when they are wondering what to do when they didn't

follow those steps.

 

-pk

Guest David Walker

Guest David Walker

Posted
Posted

Re: Compression and encryption

 

John Wunderlich <jwunderlich@lycos.com> wrote in

news:Xns9ADC80E7475D9wunderpsdrscray@138.126.254.210:

> VanguardLH <V@nguard.LH> wrote in

> news:AoOdncsTZ_NWbuHVnZ2dnUVZ_r3inZ2d@comcast.com:

>

>> Compression doesn't work very well with encryption. Why? Because

>> after being encrypted, there aren't enough repeat patterns to

>> resolve into a shorter byte string. Encryption pretty much

>> randomizes the sequence of bytes so compression can't do much more

>> with it. You have to encrypt before compress, and once encrypted

>> you won't get much, if any, compression.

>>

>> You need to make a choice: encryption or compression.

>

> This is not true.

>

> What you describe is encryption and THEN compression (which, as you

> state, doesn't work well). Compression FIRST followed by encryption

> works very well and is done by default by most OpenPGP compatible

> applications. In fact, the compression randomizes the data to be

> encrypted making it harder to break the encryption.

>

> Probably the best solution would be to use a program like Truecrypt

> along with the Windows built-in compression. Windows would compress

> the unencrypted file, then Truecrypt would encrypt the compressed file

> for storage.

>

> FWIW

> -- John

 

Thanks, that was helpful. That sounds like what I want (because yes,

the compression should happen before the encryption). I have looked at

TrueCrypt a little bit; not much yet, but I'll look at it harder. :-)

 

Thanks again.

 

David Walker

 Share
Go to topic listing
×
×
  • Create New...