Editing sensitive data
======================

If you temporarily decrypt your data in order to edit certain files, you
should not simply save the edited files over the original ones in your
working directory if you are seriously concerned about the security of the
data. If an edited file is shorter than the original one, and if you
'overwrite' the original version with the new one, some of the old data may
remain on the disc even after all traces of the new files are securely wiped
from the disc when using !Nuke-it.

In order to guarantee that no traces of the original data remain after
re-encryption, the following procedure is recommended:

1. Before editing any file in your working directory, first *move* it to the
directory 'scrap'. (Do *not* 'copy' it there and then 'delete' the original
file!)

2. After editing the file, save a copy of it once again in your working
directory.

3. Double-click on the application !Nuke-it. After asking for confirmation,
this utility destroys all traces of everything in the directory 'scrap'.

4. Double-click on !Lock to re-encrypt your data.

If you want to save a file several times during the editing process, simply
repeat steps 1-3 as many times as necessary.

If for any reason you accidentally lose your data while performing these
steps, remember that you can always find a backup of your previously
encrypted file, as described in !Help.


Other precautions
=================

To ensure the absolute security of your data, you must guard against any
operations which 'delete' files or create extra copies. For example, you
should disable any utility which periodically performs automatic 'autosave'
operations.

If sensitive files are to be moved between different discs or filing
systems, you can first copy them and then destroy the copy in the original
location by means of Tony Hopstaken's utility !Nuke, available from the same
URL as !Q-Lock. You can also use !Nuke to erase all the free space on a disc
if you have already 'deleted' any sensitive files or if for some reason you
failed to follow the recommended procedure for editing sensitive files.

Even if all the precautions described above are taken, it is best to prevent
any unauthorised access to your computer. A serious snooper could, for
example, install a hidden program which captures your passphrase whenever
you use !Q-Lock, or which records all keystrokes.


'True Military' nuking
======================

This option can be safely ignored by most users. It may be useful to you
only if you are extremely paranoid about security and/or if you need to
protect sensitive data against the most serious types of attack.

When using any of the applications !Lock, !Unlock, !WipeDir or !Nuke-it
inside !Q-Lock, certain files which might reveal sensitive information are
securely wiped with 'military' security (by default, using the '-m' option
of Sergio Monesi's Nuke).

The use of Nuke's '-m' option is extremely secure for all ordinary purposes
and is likely to prevent even expert hackers from recovering any data.

However, there is reason to believe that highly sensitive disc recovery
equipment, such as that used by government intelligence services, may be
capable of recovering even data that has been overwritten many times on a
disc. In order to provide the highest possible wiping security, !Q-Lock can
make use of Nuke's 'True Military' (-M) option, which overwrites the
relevant disc sectors 35 times with certain specially designed patterns.

'True Military' nuking can be much slower than the ordinary 'military' mode
used by default in !Q-Lock, especially for very large working directories,
and it is therefore recommended that it be used only in exceptional
circumstances. If you really need to use it, this can be done as follows:

When you run !Lock, !Unlock or !WipeDir, you are asked to specify a working
directory. To select the 'True Military' option, you must type "M" (followed
by <Return>) at that point. (Note that this must be a *capital* "M".) The
program will then ask you once again to specify a working directory.    

When you run !Nuke-it to destroy the contents of the special directory
'scrap', you are asked a 'y/n' question in order to confirm your intentions.
To select the 'True Military' option, you must type capital "M" (followed by
<Return>) at that point. The program will then present you with the y/n
question once again.

Note that in all these cases the 'True Military' mode is used only in one
particular operation of !Lock, !Unlock, !WipeDir or !Nuke-it. !Q-Lock will
automatically revert to the default 'military' mode after completing the
operation. If you want to use the 'True Military' option again, you must
specify it again next time.