Alternatives to File Lock PEA

The advantage of the File Lock PEA compared to other programs is mainly the platform independence and the more robust key derivation functions. But perhaps other properties are more important for you. Here is a list of other file encryption programs.


AxCrypt

The open source version 1.x of the program AxCrypt was once a popular and often praised program for file encryption. Unfortunately, today's version 2.x no longer has much in common with it. The history of AxCrypt is a typical story of commercialization, where security has suffered the most.

It's not just that the source code is no longer open. Users complained that AxCrypt installed a toolbar on Firefox and IE browsers without being asked, which could not be removed easily and triggered "May contain adware" in the security software. These "features" are probably no longer implemented by now, but they didn't exactly inspire confidence.

In addition, asymmetric cryptography for the sharing of encrypted files among users was introduced. This raises the question of whether AxCrypt potentially has access to the encrypted data - especially if the private key is on the server, which is the case here. It also remains unclear whether the password is sent to the server or not. The advertised strong security provided by AES is of little help if the encryption is simply bypassed.

The weak key derivation version of version 1.x (AES Key Wrap) was supplemented with PBKDF2. This is not exactly up to date, since it does not provide security against custom hardware attacks.

Conclusion: Version 1 is no longer maintained and I see definitely no reason to use the new version.


7-Zip

7-Zip is a compression program available for various operating systems. It is open source (code on Sourceforge) and especially popular among Windows users.

Besides compression, files can also be encrypted in archives. Since 7-Zip is already used as a compression program, it is obvious to use it for file encryption as well.

Josef HuĊĦek took a look at its cryptography in his bachelor thesis "The use of cryptography in 7-zip". To sum it up briefly: The implementation is at least dubious.

7-Zip derives the key in a non standard way using the hash function SHA-256 in a constant number of iterations without a salt. Deriving a key from the password is supposed to slow down the trial and error (cracking) process. If no salt is implemented, passwords can be calculated in advance in so-called rainbow tables. During cracking, the slowing down derivation function then does not have to be executed at all. Breaking passwords thus becomes a matter of seconds.

If you use a randomly generated password that is long enough, 7-Zip is secure, but that is likely to be the exception.

Conclusion: Do not use 7-Zip encryption if the data is critical.


GnuPG or GPG

Screenshot of Tutanota Calendar

GPG is a widely used, long-proven program used primarily, but not exclusively, for encrypting mail. It implements the Open PGP standard and is available on almost all operating systems. Instructions and help are provided in many languages. Password encryption is mainly used to protect the private keys. However, file encryption with PGP is also possible and since the program is often already installed anyway, it is often used for this as well.

A major advantage of the program is that due to its widespread use, the source code is "under general observation", so to speak, and vulnerabilities and errors are discovered quickly. Developers, cryptographers and security experts actually read the source code. This benefit should not be underestimated, because many attacks merely exploit vulnerabilities if they are not closed immediately.

A big disadvantage is that due to the standardization, changes of the algorithms are done cumbersomely and late. The source code of a single program can easily be modified if the recommendations for cryptographic algorithms change. But many years may pass before innovations find their way into standards. There was a late change to AES-256 as the standard, and the key derivation function (S2K) is still at the discussion stage from the end of the 1990s, when no attacks with custom hardware were known.

Files encrypted with GPG can be broken quite easily if the password is not extremely strong. This is especially true if secret services or professional criminals with the appropriate hardware are involved.

Conclusion: GPG is not as unreservedly recommended for file encryption as it is for mail encryption, but it is often already installed.


Cryptomator

Screenshot of Tutanota Calendar

Cryptomator is a program that encrypts files that can then be stored protected in the cloud. The file names are also encrypted. These files are managed in a virtual drive, which makes it easy to use. It is Open Source (code on GitHub), available for Linux, Android, Windows, macOS and iOS and requires no registration.

The cryptographic algorithms used are are a good choice and not outdated like other programs here: AES-256 for encryption and Scrypt for key derivation.

It also looks sympathetic that the developers offer a way to install the Android app without a Google account. This indicates that they actually care about privacy.

Conclusion: unreservedly recommendable.




Menu of PeaFactory