Page 1 of 1

Several AES Crypt Questions?

Posted: Mon Jan 25, 2016 9:16 pm
by Tom
Hi, I downloaded AES for Mac yesterday and all went well. I tested AES on one file and the process is very straightforward, easy and fast. A few questions: 1. What is the best way to completely erase a file image from the hard drive (no recoverable hard drive image, no image in trash) after it has been encrypted? 2. Is there a way to determine the length of the key that a password resolves to? I’d like to use a password that resolves to a 256 bit key. Does AES have any “Preferences” that can be set e.g. 265 bit key? Thanks, Tom

Re: Several AES Crypt Questions?

Posted: Tue Jan 26, 2016 5:52 am
by paulej
I'm not sure what the best tool is for a Mac to securely erase files. However, do beware that there is no guarantee when using SSD drives that a file can be securely erased. Some drives won't write over old data, but will just write in a new place.

AES Crypt always uses a 256 bit key. The password you provide is hashed using SHA256 to create a 256 bit key that's used to encrypt a session key. That session key is entirely random data.

Re: Several AES Crypt Questions?

Posted: Tue Jan 26, 2016 8:15 pm
by Tom
Thanks. The first part of the reply is disappointing. If I can't securely erase an original unencrypted file, then encrypting it doesn't make a lot of sense, I must be missing something. Help please.
I'm happy w/ the second part of the reply. If I understand correctly, any length password will resolve to a 256 bit AES key. Right?

Re: Several AES Crypt Questions?

Posted: Thu Jan 28, 2016 8:07 am
by paulej
I don't have an suggestion for the first part. A reason for encrypting files is so they can be emailed, stored on external storage, or in the cloud with anyone being able to read them. Hiding data on the local computer is actually a bit of a challenge. Consider Microsoft Word. If you open the document, it creates another copy where all changes are recorded. Sometimes, Word crashes. When that happens, the plaintext is left somewhere on your drive. You'd need to securely erase this copies, too.

All keys are 256 bits, even if the password is "x". But, that doesn't mean the file can't be cracked. You must select reasonably strong passwords. I use a minimum of 16 random characters, myself. You really need at least that much randomness. On data backups, I use strings that are about 384 characters long. I just want lots of random bits.

Re: Several AES Crypt Questions?

Posted: Thu Jan 28, 2016 9:00 pm
by Tom
Thanks for your answers to my questions.
I am now considering using Apple's "File Vault" to encrypt my hard drive. That will satisfy my interest in encrypting my local files. I will use AES for files "in-flight".
I also want to find a solution for securely "cleaning" my free space. Apple use to have a Disk Utility tool that would do that but that tool was eliminated in El Capitan, Apple's latest OS X.
Thanks again for your help.
Tom