LockNote is kind of a fun little application that's really good at doing
what it was designed to do: encrypt and decrypt a text 'note' and make it easy
to share with other Windows users.
In this video excerpt from an Ask Leo! webinar, I'll
walk through using LockNote.
]]>
Transcript
LockNote is kind of a fun little application that... I know it has limited utility as you'll see shortly, but it's really good for the scenario that it covers.
So, this is LockNote; it's at Steganos.com. For whatever reason, I had to click on the 'Overview' button to get the download to 'download'. This is locknote.exe and in this particular case, I'm going to save it and you'll see why in a moment. And we're going to open the folder where it is.
So, here it is in Downloads: locknote.exe. Double-click on it and we're sure we're not always going to 'ask before running this', and we'll go ahead and run it and there it is. LockNote has a note in it - imagine that!
So, the note is worth looking at the first time you run it. What I'm going to put in here is basically paragraphs and paragraphs of secret information. I'm then going to 'Save' - actually, no. Then I'm going to 'close'; I do want to save my changes. It's asking for a password so we give a password (the same one that I've been using for my demonstrations) and 'poof' - that's it! Nothing changed except for locknote.exe itself. The trick behind locknote.exe is that it contains the encrypted information.
So if I now run locknote.exe again, it says 'Oh, you need a password' - 1234. Poof - there's what I typed in. If I want to change it, I can now change it; I can exit again. You already have the password; the size will have changed a little bit; the timestamp will have changed a little bit. The actual locknote.exe .exe file has changed to contain 'the note'. That's why, if you do a file 'Save As' (and we're going to say 'secretnote') and give it a new password. So presumably over here in My Documents, I now have secretnote.exe. It is LockNote and it contains 'the note'. The reason this one kind of, I don't know, it tickles my fancy is I think it's kind of cute is that it's a single file that contains your encrypted data. You put your encrypted data in this single file; you share it with whoever you want to share it with; you give them this password - all they need to do to see this information you've given them is run the program. That's it; it's very simple and very cute.
It has interesting applications. The scenario that I kind of look at is like 'Oh, I need to send somebody some confidential documentation; it's all in text format. I can just send them this .exe file because I know they run Windows and I give them the password and they've got everything right there with no 'muss or fuss'; there's no extra steps of having to go through and then encrypt anything. We just copied them the text data.
Now, the downside to LockNote is that it's all about text; you can't throw in graphics; you can't throw in files. It's all about locking a note but it's a very convenient, very quick way to doing exactly that. So I just wanted to share that with you. Maybe it's one of those things you may have a use for at some point, and it's one of those little utilities that I now also carry around with me all of the time.
I would have thought the downside is, it runs contrary to the pretty much universal precautionary advice to NEVER run an executable that comes to you by e-mail or other non-official source. There are already way too many malware-affected PCs out there.
31-Aug-2011
FYI – if LockNote is kind of a fun little application, you’ll love “Hide In Picture” (HIP). It is a program that allows you to “hide” any kind of file inside standard bitmap pictures. via GUI application (drag and drop the file into the picture).
While it’s fun, easy, and even cute, strong security remains a primary concern. The “Read Me” alone is worth getting the download. The information behind this small package, and additional security recommendations allows one to better appreciate it. And it really works.
http://hide-in-picture.sf.net/.
Most services refuse .exe emails. These days passing flash drives back and forth is a waste of time. I would have suggested that you remark to the exe thing in emails and told the viewer to change the extension or drop a letter from exe to ex or whatever.
Again — as I’ve said before in articles on encryption — knowing which encryption algorithm is involved is key (no pun intended). Without knowing that, LockNote may be “cute” but it might as also be (and indeed, it probably is) “snake oil” — i.e., insecure.
07-Sep-2011
I think the greatest asset of a program like this isn’t to encrypt potentially sensitive information, but to “hide it in plain sight”.
Once ‘saved as’, the file could have ANY name at all. The only giveaway would be file’s icon (unless there is a way of changing that too).
I have over 5,000 images saved and edited on my machine. I don’t think I’ve Ever used bitmap format. If someone was looking for an HIP file on my machine, I would think it would be pretty easy to find. Am I looking at something wrong? If so, this sounds like a good way to hide things that aren’t overly important. i.e., girly pics, but not financial records.
O.K., Leo, I’ll admit that my previous criticism was hasty. On the other hand, you were the one reviewing the product, not I. You might have been a tad more proactive in mentioning the AES algorithm, surely an important consideration. Perhaps the blame in this case might be shared?
In any event, I’ll not only stand by, but repeat, this very important assertion: Always suspect, as “snake-oil”, ANY encryption program which doesn’t name the algorithm it uses (the more prominently it names it, the better)… and particularly distrust those programs which insist upon using “proprietary” (i.e., secret) algorithms. Reputable encryption companies use known algorithms, and have nothing to hide.
HIP doesn’t work with jpg format which is the format used for almost all pictures.