Data Protection and Privacy Aspects of PEAs
Governments, multinational IT companies and all kinds of criminals are trying to gather masses of confidential information about everyone. And often the collected data is exchanged between these players - voluntary or involuntary.
It's not just about confidentiality itself.
This data can then be used in a variety of ways: Accusations against dissidents, manipulation of consumer behaviour, blackmail, exposure, identity theft, or even directly by emptying bank accounts with account data.
All PEAs (PEA = Password Encrypting Archive) are intended to protect our data from unauthorized access.
In addition, the effort of these protective measures for the users should be kept as small as possible, so that they remain suitable for everyday use.
Every application must find a suitable balance between effort and safety. The PEAs try to reduce the effort in normal use to just entering a password.Meanwhile, many processes run in the background that are invisible to the user:
Sources of entropy, both those of the system and those of mouse movements and the like,
will be developed in order to obtain random values for cryptographic algorithms.
Your password will be checked for quality. The strength of the password is reported to the user by colored bars.
A memory-intensive function derives a cryptographic key from the password.
Unfortunately, this process takes a little time.
The content is decrypted with the cryptographic key.
The program checks whether the content has been manipulated
File encryption programs like the File Lock PEA encrypt and decrypt files on the device. This can be used universally for all files, but it carries some risks.
It is quite easy for malicious spyware to access files on the hard disk once it has been installed. It is significantly more difficult to extract file contents from the random-access memory (RAM). Even if it is successful to get to a memory dump and transfer it despite its size - which is much more challenging than copying files from a hard disk - the data in this large bulk is disordered.
In addition, stored information in the RAM is lost after a short time if power is removed - whether due to terminating the system or a crash.
Decrypting data exclusively in memory requires dedicated software to view and modify this data. Calendar Lock PEA, Notebook PEA and Image Lock PEA are software that has been developed precisely for this purpose.
All PEAs contain the option of transferring the encrypted data into unencrypted files, so that they can be used in other applications, for example. But this requires the explicit action of the user who exports the data.