Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Encrypting Using LockNote

LockNote is kind of a fun little application that's really good at doing
what it was designed to do: encrypt and decrypt a text 'note' and make it easy
to share with other Windows users.

In this video excerpt from an Ask Leo! webinar, I'll
walk through using LockNote.

]]>

View in HD (1280x720)

Transcript

LockNote is kind of a fun little application that... I know it has limited utility as you'll see shortly, but it's really good for the scenario that it covers.

So, this is LockNote; it's at Steganos.com. For whatever reason, I had to click on the 'Overview' button to get the download to 'download'. This is locknote.exe and in this particular case, I'm going to save it and you'll see why in a moment. And we're going to open the folder where it is.

So, here it is in Downloads: locknote.exe. Double-click on it and we're sure we're not always going to 'ask before running this', and we'll go ahead and run it and there it is. LockNote has a note in it - imagine that!

So, the note is worth looking at the first time you run it. What I'm going to put in here is basically paragraphs and paragraphs of secret information. I'm then going to 'Save' - actually, no. Then I'm going to 'close'; I do want to save my changes. It's asking for a password so we give a password (the same one that I've been using for my demonstrations) and 'poof' - that's it! Nothing changed except for locknote.exe itself. The trick behind locknote.exe is that it contains the encrypted information.

So if I now run locknote.exe again, it says 'Oh, you need a password' - 1234. Poof - there's what I typed in. If I want to change it, I can now change it; I can exit again. You already have the password; the size will have changed a little bit; the timestamp will have changed a little bit. The actual locknote.exe .exe file has changed to contain 'the note'. That's why, if you do a file 'Save As' (and we're going to say 'secretnote') and give it a new password. So presumably over here in My Documents, I now have secretnote.exe. It is LockNote and it contains 'the note'. The reason this one kind of, I don't know, it tickles my fancy is I think it's kind of cute is that it's a single file that contains your encrypted data. You put your encrypted data in this single file; you share it with whoever you want to share it with; you give them this password - all they need to do to see this information you've given them is run the program. That's it; it's very simple and very cute.

It has interesting applications. The scenario that I kind of look at is like 'Oh, I need to send somebody some confidential documentation; it's all in text format. I can just send them this .exe file because I know they run Windows and I give them the password and they've got everything right there with no 'muss or fuss'; there's no extra steps of having to go through and then encrypt anything. We just copied them the text data.

Now, the downside to LockNote is that it's all about text; you can't throw in graphics; you can't throw in files. It's all about locking a note but it's a very convenient, very quick way to doing exactly that. So I just wanted to share that with you. Maybe it's one of those things you may have a use for at some point, and it's one of those little utilities that I now also carry around with me all of the time.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

8 comments on “Encrypting Using LockNote”

  1. I would have thought the downside is, it runs contrary to the pretty much universal precautionary advice to NEVER run an executable that comes to you by e-mail or other non-official source. There are already way too many malware-affected PCs out there.

    Of course caution is warranted, but there are many scenarios where the file can be exchanged in such a way as to be trusted by the recipient.

    Leo
    31-Aug-2011

    Reply
  2. FYI – if LockNote is kind of a fun little application, you’ll love “Hide In Picture” (HIP). It is a program that allows you to “hide” any kind of file inside standard bitmap pictures. via GUI application (drag and drop the file into the picture).

    While it’s fun, easy, and even cute, strong security remains a primary concern. The “Read Me” alone is worth getting the download. The information behind this small package, and additional security recommendations allows one to better appreciate it. And it really works.
    http://hide-in-picture.sf.net/.

    Reply
  3. Most services refuse .exe emails. These days passing flash drives back and forth is a waste of time. I would have suggested that you remark to the exe thing in emails and told the viewer to change the extension or drop a letter from exe to ex or whatever.

    Reply
  4. Again — as I’ve said before in articles on encryption — knowing which encryption algorithm is involved is key (no pun intended). Without knowing that, LockNote may be “cute” but it might as also be (and indeed, it probably is) “snake oil” — i.e., insecure.

    “probably is” seems like a case of jumping to an unwarrented conclusion. The website’s pretty clear: AES 256. It’s also open source if you need to verify that.

    Leo
    07-Sep-2011
    Reply
  5. I think the greatest asset of a program like this isn’t to encrypt potentially sensitive information, but to “hide it in plain sight”.
    Once ‘saved as’, the file could have ANY name at all. The only giveaway would be file’s icon (unless there is a way of changing that too).

    Reply
  6. I have over 5,000 images saved and edited on my machine. I don’t think I’ve Ever used bitmap format. If someone was looking for an HIP file on my machine, I would think it would be pretty easy to find. Am I looking at something wrong? If so, this sounds like a good way to hide things that aren’t overly important. i.e., girly pics, but not financial records.

    Reply
  7. O.K., Leo, I’ll admit that my previous criticism was hasty. On the other hand, you  were the one reviewing the product, not I. You might have been a tad more proactive in mentioning the AES algorithm, surely an important consideration. Perhaps the blame in this case might be shared?

    In any event, I’ll not only stand by, but repeat, this very important assertion: Always  suspect, as “snake-oil”, ANY  encryption program which doesn’t name the algorithm it uses (the more prominently it names it, the better)… and particularly  distrust those programs which insist upon using “proprietary” (i.e., secret) algorithms. Reputable  encryption companies use known  algorithms, and have nothing to hide.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.