- You can make copies of the Extreme Encryption flash drive, BUT...:
- Use Extreme Encryption on a disconnected Windows PC:
- ...And use any computer or device you want for your normal routine:
- Force your Windows PC to show file extensions:
- Set a policy on use of algorithms:
- To text wrap or not to text wrap, that is the question:
- Back up your work:
- Track keys securely:
- Share keys securely:
- Encrypt closed files only:
- Keep encrypted content away from word processors:
It's okay to copy parts of your flash drive onto other flash drives for colleagues. But exercise caution:
- Do not copy all the directories. MyPrivacy, if present, contains the results of encryptions and decryptions that you have done. Don't copy it. Do copy MarpXAAAA (your essential files to run the project) and MarpX Privacy™ (the free version of our technology with "only" 8.1 billion unique keys) onto flash drives for your team members / colleagues.
- Limit copying to as few people as possible, preferably people who demonstrate a real commitment to your group's mission. The fewer that have your set of algorithms, the less likely it is that your team's files and messages could ever be compromised. The algorithms are still encrypted in our 3.5 trillion unique key MarpX Privacy PLUS™ system. But don't give away any protection needlessly.
- Reserve the right to make copies of the flash drive to one person only, typically yourself if you are the purchaser. Others should not make copies for anyone whatsoever.
- Do not even dream of exporting this product. Be aware that passing it within the United States to a national of a sanctioned destination country constitutes export, a serious offence under the Bureau of Industry and Security's Export Administration Regulations. And you might want to familiarize yourself with the federal government's Export Consolidated Screening List.
Think of maintaining a Windows PC in the office for use by anyone who is encrypting or decrypting. Almost any surplus Windows PC will do. If that computer is never connected and has any wireless access blocked, then hackers cannot invade, track, eavesdrop, or do malevolent things. Keystrokes cannot be sent out from a computer disconnected from the Internet. Hackers are cut off from any information.
Incidentally, if all your group members are in the same office, they do not even need copies of the Extreme Encryption flash drive. The MarpxAAAA and MarpxPrivacy directories can be copied directly onto the disconnected Windows PC.
Installation of Extreme Encryption software on a Windows PC dedicated to encryption and decryption means that files and messages need to be carried from and to team member's regular devices and computers, on flash drives or other hardware-based methods. If they routinely use macOS or Chrome OS or Linux or whatever, that's okay. Extreme Encryption handles any file types whatsoever.
Microsoft by default hides file extensions unless you deliberately choose to see them. It's really helpful to know the suffix at the end of a file name. For example, if you see a file simply named "WARNING", double clicking on it may get you useful information if its extension is ".txt", but it can deliver great grief to you if its extension is ".exe" and it was written by a sociopath.
It is important to set that computer so that it shows file extensions. All the instructions and tips about Extreme Encryption™ will make more sense if you do.
To show extensions, go to the Windows start menu (usually in the lower left corner), type "folder options". Choose the "View" tab in the pop-up dialog, and uncheck the box for "Hide extensions for known file types". Click OK at the bottom.
Technically, it is quite possible to use each algorithm for multiple encryptions. But if an algorithm were ever compromised, all the files or messages using that algorithm would be vulnerable. It's a tradeoff between highest security versus convenience and lower cost.
Naturally, we are biased and recommend single use for each algorithm for encryption. This is, after all, a high security product. If you wish to save money, use Extreme Encryption only for your highest security needs, and use the free alternative MarpX Privacy for less sensitive matters where moderate security is sufficient. Its choice among 8 billion keys is not bad. [We do have an intermediate product, MarpX Privacy PLUS, 438 times as strong with a choice among 3.5 trillion keys. We hope to market the PLUS product through a major firm with experience of selling into the cybersecurity market.]
Small messages are routinely wrapped in what is called Base64 text. That is, the message consists totally of letters, digits, and a few punctuation characters. Here is an example, the first sentence of Lincoln's Gettysburg Address, encrypted:
sBeDzP6W jdUvMftY kMcjCktw 7CkOcEu5
xFeSMDM8 wRmCM1kf vL78Vniw QhmeTw9b
BIE7ig4q oWsnynCT bTVBVOcp VOsUTsim
gEXWVWdw 7FAUllZ3 tR4zfuxG ffVYhOEm
9PyJKGxZ mtvup3Xh uMMbORCy D4Sz.4hy
k3H18xoi Nm11Iiv9 vr7sQbYf fu4W8F1e
Base64 text wrapping is commonly used in computing. It brings files to a simple standard (pure text) and removes any immediate threat, since Base64 text files cannot be executed like programs.
Should text wrapping be used for files as well? That depends.
The problem with text wrapping is that it expands content by anywhere from 33 to 50 percent. If your objective is to archive large files, you will use more storage space by text wrapping. It's usually not worth the extra computer cycles. Wrapping is useful, however, if a file is sent as an attachment to email. That's because some -- not all, but some -- email systems make changes in attached files. If characters (other than spaces and line ends) are added to an encrypted file, it will no longer be possible to recover the original content. So the rule of thumb: Do not routinely check the "text wrap" box when encrypting a file, but do check it if the file will be sent as an attachment to email.
Murphy's Law: "That which can go wrong will go wrong." Corollary to Murphy's Law: "Murphy was an optimist." In other words, it's a normal part of everyday life for things not to work out as planned. Therefore, backup is a normal part of using a computer. For encrypted content, the greatest risks are not knowing the key OR unplanned changes in encrypted files. (See the headings that follow.) Therefore it really helps if you have an unencrypted version of every file and message, archived offline where a hacker cannot reach it.
You don't want hackers to know the keys you use. But you sure want to know. And you want intended recipients to know. No key? No decryption.
Paper and pencil records protect nicely against online hackers and eavesdroppers. An online log might be okay, if you remember to encrypt it frequently and erase the plain text version. Warning: If a hacker found an unencrypted log, all files and messages listed would be compromised. We have been hesitant to add an automatic log. You would have to specify a key to be used for its encryption, and the risk is that a hacker or eavesdropper might pick up on that key. [Please use the Feedback button above if you wish to share with us your thoughts on whether an automatic log should be included as part of the program.]
If another person is the intended receiver for an encrypted message or file from you, then that person has to have the same key that you used to encrypt it.
Please, please, please, never ever send passwords or keys by email. Monitoring email packets is the kind of stuff that budding hackers learn to do when they are not yet in their teens. Think of email as public. Think of it as a billboard, just waiting for others to read. And emails are never really deleted. They are likely to turn up somewhere on a server or in some recipient's collection of email.
Telephone is much better. The likelihood of the same gang hacking your computer and eavesdropping on your phone is pretty low. So phone exchanges of keys are fairly reliable. The NATO phonetic alphabet is a good way to transit letter keys by voice. Instead of the letters, use the words... Alfa, Bravo, Charlie, Delta, Echo, Foxtrot, Golf, Hotel, India, Juliett, Kilo, Lima, Mike, November, Oscar, Papa, Quebec, Romeo, Sierra, Tango, Uniform, Victor, Whiskey, X-ray, Yankee, Zulu.
If you are in an office with multiple phone lines, set up one line so that it goes to an answering machine. Then someone who has sent you a file or message can be prompted to leave a phone message along these lines: "This is so-and-so. It's Thursday at 2:30 and I just sent you an email encrypted using key NQGPYED, that is, November - Quebec - Golf - Papa - Yankee - Echo - Delta."
For regular correspondents, you could exchange with your intended recipients a randomly generated list of keys that you will use in various time periods. A schedule might list a new key for each month, week, day, even hour or quarter hour. If you can't find a teenager to write this script for you, use the Feedback button at the top of this page to ask us for a C++ console version. Incidentally, if you send out key schedules, be sure to encrypt them. And the first time, you need to get the key for that first encrypted file to them by some other way -- phone, snail mail, whatever.
Yet another method for key exchange of messages is for each person to include at the end of each message a seven letter key for the recipient to use next time. Example: "When you respond, please privatize your message using for your key RMSVPWK."
When you select a file to be encrypted, choose it from within Windows Explorer (or Windows 10 File Explorer). If the file is open in any other software on your computer and if you select it from within that software, the law of unintended consequences will assert itself. Think Titanic. Think Custer's Last Stand. Think Election Day, or some other suitable disaster. Which leads us directly to the following item.
Among the newly-discovered aboriginal tribes is one that has been found to use computers, but in a very curious way. They run all, repeat all, their programs from within their word processor. This tribe would be an excellent subject for anthropological study. We fear greatly, though, that when they discover MarpX Privacy products, they will become totally confused and depressed. That's because they have not yet learned a fundamental of modern life: Word processors have an insatiable lust to inject their specialized formatting into every file. Unless very carefully controlled, word processors destroy encrypted files. Example: It's okay to open a Base64 text-wrapped encryption, and to copy and paste the entire encrypted content somewhere else. That's fine. But the moment you allow the word processor to "save" that file, it becomes useless for its one and only purpose -- decryption by an intended recipient.
We hope that you have no relatives in this tribe. Why is this "diatribe" (pun intended) included in this page on best security practices? Because we have encountered personally a member of this tribe. Sigh!