Best Practices

  1. Force your Windows PC to show file extensions:
  2. To text wrap or not to text wrap, that is the question:
  3. Back up your work:
  4. Track keys securely:
  5. Share keys securely:
  6. Encrypt closed files only:
  7. Keep encrypted content away from word processors:

Force your Windows PC to show file extensions:

Microsoft by default hides file extensions unless you deliberately choose to see them. It's really helpful to know the suffix at the end of a file name. For example, if you see a file simply named "WARNING", double clicking on it may get you useful information if its extension is ".txt", but it can deliver great grief to you if its extension is ".exe" and it was written by a sociopath.


It is important to set that computer so that it shows file extensions. All the instructions and tips about MarpX Better Privacy™ will make more sense if you do.


To show extensions, go to the Windows start menu (usually in the lower left corner), type "folder options". Choose the "View" tab in the pop-up dialog, and uncheck the box for "Hide extensions for known file types". Click OK at the bottom.


To text wrap or not to text wrap, that is the question:

Small messages are routinely wrapped in what is called Base64 text. That is, the message consists totally of letters, digits, and a few punctuation characters. Here is an example, the first sentence of Lincoln's Gettysburg Address, encrypted:
      sBeDzP6W jdUvMftY kMcjCktw 7CkOcEu5
      xFeSMDM8 wRmCM1kf vL78Vniw QhmeTw9b
      BIE7ig4q oWsnynCT bTVBVOcp VOsUTsim
      gEXWVWdw 7FAUllZ3 tR4zfuxG ffVYhOEm
      9PyJKGxZ mtvup3Xh uMMbORCy D4Sz.4hy
      k3H18xoi Nm11Iiv9 vr7sQbYf fu4W8F1e


Base64 text wrapping is commonly used in computing. It brings files to a simple standard (pure text) and removes any immediate threat, since Base64 text files cannot be executed like programs.


Should text wrapping be used for files as well? That depends.


The problem with text wrapping is that it expands content by anywhere from 33 to 50 percent. If your objective is to archive large files, you will use more storage space by text wrapping. It's usually not worth the extra computer cycles. Wrapping is useful, however, if a file is sent as an attachment to email. That's because some -- not all, but some -- email systems make changes in attached files. If characters (other than spaces and line ends) are added to an encrypted file, it will no longer be possible to recover the original content. So the rule of thumb: Do not routinely check the "text wrap" box when encrypting a file, but do check it if the file will be sent as an attachment to email.


Back up your work:

Murphy's Law: "That which can go wrong will go wrong." Corollary to Murphy's Law: "Murphy was an optimist." In other words, it's a normal part of everyday life for things not to work out as planned. Therefore, backup is a normal part of using a computer. For encrypted content, the greatest risks are not knowing the key OR unplanned changes in encrypted files. (See the headings that follow.) Therefore it really helps if you have an unencrypted version of every file and message, archived offline where a hacker cannot reach it.


Track keys securely:

You don't want hackers to know the keys you use. But you sure want to know. And you want intended recipients to know. No key? No decryption.


Paper and pencil records protect nicely against online hackers and eavesdroppers. An online log might be okay, if you remember to encrypt it frequently and erase the plain text version. Warning: If a hacker found an unencrypted log, all files and messages listed would be compromised. We have been hesitant to add an automatic log. You would have to specify a key to be used for its encryption, and the risk is that a hacker or eavesdropper might pick up on that key. [Please use the Feedback button on most pages at if you wish to share with us your thoughts on whether an automatic log should be included as part of the program.]


Share keys securely:

If another person is the intended receiver for an encrypted message or file from you, then that person has to have the same key that you used to encrypt it.


Please, please, please, never ever send passwords or keys by email. Monitoring email packets is the kind of stuff that budding hackers learn to do when they are not yet in their teens. Think of email as public. Think of it as a billboard, just waiting for others to read. And emails are never really deleted. They are likely to turn up somewhere on a server or in some recipient's collection of email.


Telephone is much better. The likelihood of the same gang hacking your computer and eavesdropping on your phone is pretty low. So phone exchanges of keys are fairly reliable. The NATO phonetic alphabet is a good way to transit letter keys by voice. Instead of the letters, use the words... Alfa, Bravo, Charlie, Delta, Echo, Foxtrot, Golf, Hotel, India, Juliett, Kilo, Lima, Mike, November, Oscar, Papa, Quebec, Romeo, Sierra, Tango, Uniform, Victor, Whiskey, X-ray, Yankee, Zulu.


If you are in an office with multiple phone lines, set up one line so that it goes to an answering machine. Then someone who has sent you a file or message can be prompted to leave a phone message along these lines: "This is so-and-so. It's Thursday at 2:30 and I just sent you an email encrypted using key NQGPYED, that is, November - Quebec - Golf - Papa - Yankee - Echo - Delta."


For regular correspondents, you could exchange with your intended recipients a randomly generated list of keys that you will use in various time periods. A schedule might list a new key for each month, week, day, even hour or quarter hour. If you can't find a teenager to write this script for you, use the Feedback button on most pages at to ask us for a C++ console version. Incidentally, if you send out key schedules, be sure to encrypt them. And the first time, you need to get the key for that first encrypted file to them by some other way -- phone, snail mail, whatever.


Yet another method for key exchange of messages is for each person to include at the end of each message a seven letter key for the recipient to use next time. Example: "When you respond, please privatize your message using for your key RMSVPWK."


Encrypt closed files only:

When you select a file to be encrypted, choose it from within Windows Explorer (or Windows 10 File Explorer). If the file is open in any other software on your computer and if you select it from within that software, the law of unintended consequences will assert itself. Think Titanic. Think Custer's Last Stand. Think Election Day, or some other suitable disaster. Which leads us directly to the following item.


Keep encrypted content away from word processors:

Among the newly-discovered aboriginal tribes is one that has been found to use computers, but in a very curious way. They run all, repeat all, their programs from within their word processor. This tribe would be an excellent subject for anthropological study. We fear greatly, though, that when they discover MarpX Privacy products, they will become totally confused and depressed. That's because they have not yet learned a fundamental of modern life: Word processors have an insatiable lust to inject their specialized formatting into every file. Unless very carefully controlled, word processors destroy encrypted files. Example: It's okay to open a Base64 text-wrapped encryption, and to copy and paste the entire encrypted content somewhere else. That's fine. But the moment you allow the word processor to "save" that file, it becomes useless for its one and only purpose -- decryption by an intended recipient.


We hope that you have no relatives in this tribe. Why is this "diatribe" (pun intended) included in this page on best security practices? Because we have encountered personally a member of this tribe. Sigh!


Site Map         Purchase


MarpX Better Privacy