Comparison of disk encryption software

From HandWiki
Short description: None

This is a technical feature comparison of different disk encryption software.

Background information

Name Developer First released Licensing Maintained?
Aloaha Crypt Disk Aloaha 2008 Source Auditable for Commercial Customers Yes
ArchiCrypt Live Softwaredevelopment Remus ArchiCrypt 1998 Proprietary Yes
BestCrypt Jetico 1993[1] Proprietary Yes
BitArmor DataControl BitArmor Systems Inc. 2008-05 Proprietary Yes
BitLocker Microsoft 2006 Proprietary Yes
Bloombase StoreSafe Bloombase 2012 Proprietary No[2]
Boxcryptor Secomba GmbH 2011 Proprietary No
CGD Roland C. Dowdeswell 2002-10-04[3] BSD Yes
CenterTools DriveLock CenterTools 2008 Proprietary Yes
Check Point Full Disk Encryption Check Point Software Technologies Ltd 1999[4][5][6] Proprietary Yes
CipherShed CipherShed Project 2014[7] TrueCrypt License Version 3.0[8] No
CrossCrypt Steven Scherrer 2004-02-10[9] GPL No
CryFS Sebastian Messmer 2015 LGPLv3 Yes
Cryhod Prim'X Technologies 2010 Proprietary Yes
Cryptainer Cypherix Software 1998 Proprietary Yes
Cryptic Disk Exlade 2003 Proprietary Yes
CryptArchiver WinEncrypt ? Proprietary Yes
Cryptoloop ? 2003-07-02[10] GPL No
Cryptomator Skymatic UG (haftungsbeschränkt) 2016-03-09[11] GPLv3 Yes
CryptoPro Secure Disk Enterprise cpsd it-services GmbH 2010 Proprietary Yes
CryptoPro Secure Disk for BitLocker cpsd it-services GmbH 2012 Proprietary Yes
CryptSync Stefan Küng 2012 GPL v2 Yes
Discryptor Cosect Ltd. 2008 Proprietary No
DiskCryptor ntldr, David Xanatos 2007 GPL No[12]
DISK Protect Becrypt Ltd 2001 Proprietary Yes
Cryptsetup / Dmsetup Christophe Saout 2004-03-11[13] GPL Yes
Dm-crypt / LUKS Clemens Fruhwirth (LUKS) 2005-02-05[14] GPL Yes
DriveSentry GoAnywhere 2 DriveSentry 2008 Proprietary No
E4M Paul Le Roux 1998-12-18[15] Open source No
e-Capsule Private Safe EISST Ltd. 2005 Proprietary Yes
eCryptfs Dustin Kirkland, Tyler Hicks, (formerly Mike Halcrow) 2005[16] GPL Yes
EgoSecure HDD Encryption EgoSecure GmbH 2006 Proprietary Yes
EncFS Valient Gough 2003[17] LGPLv3 No
EncryptStick ENC Security Systems 2009 Proprietary Yes
FileVault Apple Inc. 2003-10-24 Proprietary Yes
FileVault 2 Apple Inc. 2011-07-20 Proprietary Yes
FREE CompuSec CE-Infosys 2002 Proprietary Yes
FreeOTFE Sarah Dean 2004-10-10[18] Open source No
GBDE Poul-Henning Kamp 2002-10-19[19] BSD No
GELI Pawel Jakub Dawidek 2005-04-11[20] BSD Yes
GnuPG Werner Koch 1999-09-07[21] GPL Yes
gocryptfs Jakob Unterwurzacher 2015-10-07[22] MIT / X Consortium License Yes
Knox AgileBits 2010 Proprietary Yes
KryptOS The MorphOS Development Team 2010 Proprietary Yes
LibreCrypt tdk 2014-06-19[23] Open source No
Loop-AES Jari Ruusu 2001-04-11 GPL Yes
McAfee Drive Encryption (SafeBoot) McAfee, LLC 2007[24] Proprietary Yes
n-Crypt Pro n-Trance Security Ltd 2005 Proprietary Yes
PGPDisk PGP Corporation (acquired by Symantec in 2010) 1998-09-01[25] Proprietary Yes
Private Disk Dekart 1993[26] Proprietary Yes
ProxyCrypt v77 2013 Open source Yes
R-Crypto R-Tools Technology Inc 2008 Proprietary Yes
SafeGuard Easy Sophos (Utimaco) 1993[27] Proprietary Yes
SafeGuard Enterprise Sophos (Utimaco) 2007[28] Proprietary Yes
SafeGuard PrivateDisk Sophos (Utimaco)[29] 2000 Proprietary Yes
SafeHouse Professional PC Dynamics, Inc. 1992 Proprietary Yes
Scramdisk Shaun Hollingworth 1997-07-01 Open source No
Scramdisk 4 Linux Hans-Ulrich Juettner 2005-08-06[30] GPL No
SecuBox Aiko Solutions 2007-02-19 Proprietary Yes
SECUDE Secure Notebook SECUDE 2003 Proprietary Yes
Seqrite Encryption Manager Quick Heal Technologies Ltd. 2017 Proprietary Yes
Sentry 2020 SoftWinter 1998[31] Proprietary No
Softraid / RAID C OpenBSD 2007-11-01[32] BSD Yes
SpyProof! Information Security Corp. 2002 Proprietary Yes
Svnd / Vnconfig OpenBSD 2000-12-01[33] BSD Yes
Symantec Endpoint Encryption Symantec Corporation 2008 Proprietary Yes
Tcplay Alex Hornung 2012-01-28[34] BSD No[35]
Trend Micro Endpoint Encryption (Mobile Armor) Trend Micro[36] 2004 or earlier[37] Proprietary Yes
TrueCrypt TrueCrypt Foundation 2004-02-02[38] TrueCrypt License 3.1[39] No
USBCrypt WinAbility Software Corp. 2010 Proprietary Yes
VeraCrypt IDRIX 2013-06-22[40] Apache License 2.0[41]

TrueCrypt License Version 3.0 (legacy code only)

Yes
CyberSafe Top Secret CyberSoft 2013 Proprietary Yes
Name Developer First released Licensing Maintained?
ZzEnc IMDTech 2013 Commercial

Operating systems

Name Android Windows NT iOS Mac OS X Linux FreeBSD OpenBSD NetBSD
Aloaha Crypt Disk ? Yes ? No No No No No
BestCrypt Volume Encryption ? Yes ? Yes No[42] No No No
BitArmor DataControl ? Yes ? No No No No No
BitLocker No Yes ? Partial[43] Partial[43] No No No
Bloombase StoreSafe ? Yes ? Yes Yes Yes Yes Yes
Boxcryptor Yes Yes Yes Yes Yes No No No
CenterTools DriveLock ? Yes ? No No No No No
CGD ? No ? No No No No Yes
Check Point Full Disk Encryption ? Yes ? Yes Yes[44] No No No
CipherShed Yes[45] Yes ? Yes Yes No[46] No No
CrossCrypt No Yes[47] ? No No No No No
CryFS No Yes ? Yes Yes Yes No Yes
Cryhod ? Yes ? No Yes No No No
Cryptainer ? Yes ? No No No No No
CryptArchiver ? Yes ? No No No No No
Cryptic Disk No Yes No No No No No No
Cryptoloop ? Yes[48] ? No Yes No No No
Cryptomator Yes Yes[49] Yes Yes Yes No No No
CryptoPro Secure Disk Enterprise No Yes ? No No No No No
CryptoPro Secure Disk for BitLocker No Yes ? No No No No No
Cryptsetup / Dmsetup ? Yes[48] ? No Yes No No No
CryptSync No Yes ? Yes Yes No No No
Discryptor ? No ? No No No No No
DiskCryptor ? Yes ? No No No No No
DISK Protect ? Yes ? No No No No No
Dm-crypt / LUKS ? Yes[48] ? No Yes No No No
DriveSentry GoAnywhere 2 ? Yes ? No No No No No
E4M ? Yes ? No No No No No
e-Capsule Private Safe ? Yes ? No No No No No
eCryptfs ? No ? No Yes No No No
EgoSecure HDD Encryption ? Yes ? No No No No No
EncFS Yes[50] Yes[51] ? Yes[51] Yes (FUSE) Yes (FUSE) Yes (FUSE) Yes (FUSE)
EncryptStick ? Yes ? Yes Yes No No No
EncryptUSB ? Yes ? Yes No No No No
FileVault ? No ? Yes No No No No
FileVault 2 ? No ? Yes Partial[52] No No No
FREE CompuSec ? Yes ? No No No No No
FreeOTFE No Yes ? No Partial[53] No No No
GBDE ? No ? No No Yes No No
GELI ? No ? No No Yes No No
Knox ? No ? Yes No No No No
LibreCrypt Yes[54] Yes ? No Partial[55] No No No
Loop-AES ? No ? No Yes No No No
McAfee Drive Encryption (SafeBoot) ? Yes ? Yes No No No No
n-Crypt Pro ? Yes ? No No No No No
PGPDisk ? Yes ? Yes No No No No
PGP Whole Disk Encryption ? Yes ? Yes Yes No No No
Private Disk ? Yes ? No No No No No
ProxyCrypt No Yes ? No No No No No
R-Crypto ? Yes ? No No No No No
SafeGuard Easy ? Yes ? No No No No No
SafeGuard Enterprise ? Yes ? Yes No No No No
SafeGuard PrivateDisk ? Yes ? No No No No No
SafeHouse Professional ? Yes ? No No No No No
Scramdisk ? Yes ? No Yes No No No
Scramdisk 4 Linux ? No ? No Yes No No No
SecuBox ? No ? No No No No No
SecureDoc ? Yes ? Yes Yes No No No
Sentry 2020 ? Yes ? No No No No No
Seqrite Volume Encryption No Yes No No No No No No
Softraid / RAID C ? No ? No No No Yes No
SpyProof! ? Yes ? No No No No No
Svnd / Vnconfig ? No ? No No No Yes No
Symantec Endpoint Encryption ? Yes ? Yes No[56] No No No
Tcplay No No ? No Yes No No No
Trend Micro Endpoint Encryption No Yes ? Yes No No No No
TrueCrypt Yes[45] Yes Yes Yes Yes No[57] No No
USBCrypt No Yes ? No No No No No
VeraCrypt Yes[58] Yes Yes[59] Yes Yes Yes No No
CyberSafe Top Secret Yes Yes ? No No No No No
Name Android Windows NT iOS Mac OS X Linux FreeBSD OpenBSD NetBSD

Features

  • Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established)[60] can be created for deniable encryption. Note that some modes of operation like CBC with a plain IV can be more prone to watermarking attacks than others.
  • Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk.
  • Single sign-on: Whether credentials provided during pre-boot authentication will automatically log the user into the host operating system, thus preventing password fatigue and reducing the need to remember multiple passwords.
  • Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications.[clarification needed]
  • Multiple keys: Whether an encrypted volume can have more than one active key.
  • Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2.
  • Hardware acceleration: Whether dedicated cryptographic accelerator expansion cards can be taken advantage of.
  • Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor.
  • Filesystems: What filesystems are supported.
  • Two-factor authentication: Whether optional security tokens (hardware security modules, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11)
Name Hidden containers Pre-boot authentication Single sign-on Custom authentication Multiple keys Passphrase strengthening Hardware acceleration TPM Filesystems Two-factor authentication
Aloaha Secure Stick Yes No N/A Yes Yes No No No NTFS, FAT32 Yes
ArchiCrypt Live Yes[61] No N/A No Yes[61][62] No No No ? Yes[61][63]
BestCrypt Yes Yes Yes Yes Yes[64] Yes Yes Yes Any supported by OS Yes[65]
BitArmor DataControl No Yes ? No Yes Yes No No NTFS, FAT32 on non-system volumes No
BitLocker No Yes[66] No Yes[67] Yes[68] Yes[69] Yes Yes[68] Chiefly NTFS [Note 1] Yes [Note 2]
Bloombase StoreSafe No No N/A Yes Yes Yes Yes No Any supported by OS Yes
CGD No No N/A Yes[70] Yes[71] Yes[70] No No Any supported by OS Yes[70]
CenterTools DriveLock No Yes Yes No No Yes No No Any supported by OS Yes
Check Point Full Disk Encryption Yes Yes Yes Yes Yes Yes Yes Yes NTFS, FAT32 Yes
CipherShed Yes
(limited to one per
"outer" container)
only on Windows[72] ? No yes with multiple keyfiles[73][74] Yes Yes No[75] Yes
CryFS No No N/A No No Yes[76] No No Any supported by OS No
CrossCrypt No No N/A No No No No No ? No
CryptArchiver No No N/A No No ? No No ? ?
Cryptic Disk Yes No No No Yes Yes Yes No Any supported by OS Yes
Cryhod No Yes Yes No Yes Yes Yes No Any supported by OS Yes
Cryptoloop No Yes[77] ? Yes No No No Any supported by OS ?
Cryptomator No No N/A No No Yes Yes No Any supported by OS No
CryptoPro Secure Disk Enterprise Yes with add-on Secure Device Yes Yes Yes Yes Yes Yes Yes Any supported by OS Yes
CryptoPro Secure Disk for BitLocker Yes with add-on Secure Device Yes Yes Yes Yes Yes Yes Yes Any supported by OS Yes
Cryptsetup / Dmsetup No Yes[77] ? Yes No No Yes No Any supported by OS Yes
DiskCryptor No Yes ? No No No Yes[78] No Windows volumes on MBR and UEFI GPT drives, ReFs any FS supported by OS[79] Yes[78]
DISK Protect No Yes[80] Yes No Yes[80] No Yes Yes NTFS, FAT32 Yes
Dm-crypt / LUKS No Yes[77] ? Yes Yes Yes Yes Partial[81] [Note 3] Any supported by OS Yes
DriveSentry GoAnywhere 2 No No N/A Yes No Yes No ? Any supported by OS Yes
E4M No No N/A No No ? No No ? No
e-Capsule Private Safe Yes[82] No N/A No Yes[82] No Yes No ? ?
eCryptfs No No N/A Yes Yes Yes Yes Yes Yes[83] Yes
EgoSecure HDD Encryption No Yes Yes Yes Yes Yes Yes[84] Yes NTFS, FAT32 Yes
EncryptUSB No No No No No Yes No No NTFS, FAT32, exFAT No
FileVault No No N/A No Two passwords[85] Yes[85] ? No HFS+, possibly others No
FileVault 2 No Yes Yes No Yes Yes Yes[86] No HFS+, possibly others No
FREE CompuSec No Yes ? No No No No No Any supported by OS No
FreeOTFE Yes No N/A Yes[87] Yes[88] Yes Yes No Any supported by OS Yes
GBDE No No[89] N/A Yes No[90] No[89] No Any supported by OS Yes
GELI No Yes[89] ? Yes Yes[91] Yes[91] Yes[89] No Any supported by OS Yes
Loop-AES No Yes[92] ? Yes[92] Yes[92] Yes[92] Yes[92] No Any supported by OS Yes[93]
McAfee Drive Encryption (SafeBoot) Yes Yes Yes Yes Yes Yes Yes[84][94] Yes Any supported by OS Yes
n-Crypt Pro No No N/A No No N/A[95] No No ? ?
PGPDisk No Yes[96] Yes ? Yes Yes[97] ? Yes ? Yes
Private Disk No No N/A No Yes Yes No No Any supported by OS Yes
ProxyCrypt Yes No No No No Yes Yes No Any supported by OS Yes
R-Crypto ? No N/A ? ? ? ? ? Any supported by OS ?
SafeGuard Easy No Yes ? No Yes Yes No Yes[98] Any supported by OS Yes
SafeGuard Enterprise No Yes Yes No Yes Yes No Yes[98] Any supported by OS Yes
SafeGuard PrivateDisk No No N/A No Yes Yes No Yes[99] Any supported by OS Yes
SafeHouse Professional No No N/A Yes Yes Yes No No Any supported by OS Yes
Scramdisk Yes No N/A No No No No No ? Last update to web site 2009-07-02
Scramdisk 4 Linux Yes[100] No N/A No No Yes[100] No No ext2, ext3, reiserfs, minix, ntfs, vfat/msdos No
SecuBox No No N/A No No Yes No No ? No
SecureDoc No Yes[101] ? Yes Yes Yes Yes Yes ? Yes
Seqrite Encryption Manager No Yes Yes No Yes Yes Yes No Any supported by OS No
Sentry 2020 No No ? No No No No No ? No
Softraid / RAID C No No ? ? ? ? Yes ? Any supported by OS ?
Svnd / Vnconfig No No N/A No No Yes[102] Yes ? Any supported by OS ?
Symantec Endpoint Encryption No Yes Yes Yes Yes Yes No No NTFS, FAT32 Yes
Trend Micro Endpoint Encryption No Yes Yes Yes Yes Yes[103] Yes[104] No Any supported by OS Yes[105]
TrueCrypt [Note 4] Yes
(limited to one per
"outer" container)
only on Windows[106] ? No yes with multiple keyfiles[74][107] Yes Yes No[75] Yes
VeraCrypt Yes
(limited to one per
"outer" container)
only on Windows[108] No No yes with multiple keyfiles Yes Yes No Windows on both MBR and UEFI GPT drives; dynamic drives discouraged Yes
CyberSafe Top Secret Yes No No No Yes Yes Yes No Only Windows MBR volumes; no UEFI GPT drives, and dynamic drives discouraged Yes
Name Hidden containers Pre-boot authentication Single sign-on Custom authentication Multiple keys Passphrase strengthening Hardware acceleration TPM Filesystems Two-factor authentication
ZzEnc No Yes Yes Yes Yes Yes No No Windows, Legacy BIOS & UEFI In UEFI with removable keys store on USB-flash
  1. Windows 7 introduces Bitlocker-To-Go which supports NTFS, FAT32 or exFAT, however for hard drive encryption, Windows Vista and later are limited to be installable only on NTFS volumes
  2. BitLocker can be used with a TPM PIN + external USB key for two-factor authentication
  3. An external tool can be used to read the key from the TPM and then have the key passed on to dm-crypt/LUKS via the standard input
  4. The current situation around TrueCrypt project is controversial. On 28.05.2014 after many years of development and broad usage the open-source (although anonymous) project was suddenly stopped, and all previous official materials and complete (encrypt/decrypt) binaries were withdrawn from its website citing some "unfixed security issues" and Windows XP end of support. The technical information herein is valid only for previous versions of TrueCrypt (v7.1a and some earlier). The latest available version (v7.2) is decrypt only, its authenticity and actual reasons behind the move are unclear, and its usage is not recommended. http://www.zdnet.com/truecrypt-quits-inexplicable-7000029994/

Layering

  • Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to pre-boot authentication in the features comparison table.
  • Partition: Whether individual disk partitions can be encrypted.
  • File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices).
  • Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly.
  • Hibernation file: Whether the hibernation file is encrypted (if hibernation is supported).
Name Whole disk Partition File Swap space Hibernation file RAID
Aloaha Secure Stick No No Yes No No ?
ArchiCrypt Live Yes
(except for the boot volume)
Yes Yes No No ?
BestCrypt Yes Yes Yes Yes Yes[109] ?
BitArmor DataControl No Yes No Yes Yes ?
BitLocker Yes
(except for the boot volume)
Yes Yes[110] Yes
(parent volume is encrypted)
Yes
(parent volume is encrypted)
?
Bloombase StoreSafe Yes Yes Yes Yes No Yes
CenterTools DriveLock Yes Yes Yes Yes Yes ?
CGD Yes Yes Yes[70] Yes No ?
Check Point Full Disk Encryption Yes Yes Yes Yes Yes ?
CipherShed Yes Yes Yes Yes only on Windows ?
CrossCrypt No No Yes No No ?
CryFS No No No No No ?
CryptArchiver No No Yes No No ?
Cryptic Disk No Yes Yes No No ?
Cryhod No Yes No Yes Yes
(parent volume is encrypted)
?
Cryptoloop Yes Yes Yes Yes No ?
Cryptomill Yes N/A Yes N/A N/A ?
CryptoPro Secure Disk Enterprise Yes Yes Yes
(add-on Secure Device)
Yes Yes ?
CryptoPro Secure Disk for BitLocker Yes Yes Yes Yes Yes ?
DiskCryptor No Yes No Yes Yes ?
Disk Protect Yes No No Yes Yes ?
Dm-crypt / LUKS Yes Yes Yes[111] Yes Yes[112] ?
DriveSentry GoAnywhere 2 No Yes Yes No No ?
E4M No Yes Yes No No ?
e-Capsule Private Safe No No Yes[113] No No ?
eCryptfs No No Yes No No ?
EgoSecure HDD Encryption Yes Yes Yes Yes Yes ?
EncryptUSB No No Yes No No ?
FileVault No No Yes[85] Yes[114][85] Yes[114][115]
FileVault 2 Yes[116] Yes[86] No Yes Yes ?
FREE CompuSec Yes No Yes Yes Yes ?
FreeOTFE Yes
(except for the boot volume)
Yes Yes No No ?
GBDE Yes Yes Yes[117] Yes No ?
GELI Yes Yes Yes[117] Yes No ?
Loop-AES Yes Yes[92] Yes[92] Yes[92] Yes[92] ?
McAfee Drive Encryption (SafeBoot) Yes Yes Yes Yes Yes[118] ?
n-Crypt Pro Yes Yes Yes No No ?
PGPDisk Yes Yes Yes Yes only on Windows ?
Private Disk No No Yes No No ?
ProxyCrypt Yes Yes Yes No No ?
R-Crypto No No Yes No No ?
SafeGuard Easy Yes Yes extra module Yes Each sector on disk is encrypted ?
SafeGuard Enterprise Yes Yes Yes Yes Each sector on disk is encrypted ?
SafeGuard PrivateDisk No No Yes No No ?
SafeHouse Professional No No Yes No No ?
Scramdisk No Yes Yes No No ?
Scramdisk 4 Linux Yes Yes Yes Yes No ?
SecuBox No No Yes N/A No ?
Sentry 2020 No No Yes No No ?
Seqrite Encryption Manager Yes Yes Yes Yes Yes RAID-5
Softraid / RAID C Yes Yes No Yes (encrypted by default in OpenBSD)[119] No ?
Svnd / Vnconfig ? Yes Yes Yes (encrypted by default in OpenBSD) ? ?
SpyProof! No Yes Yes No No ?
Symantec Endpoint Encryption Yes Yes Yes Yes Yes ?
Trend Micro Endpoint Encryption Yes Yes Yes Yes Yes ?
TrueCrypt Yes[120] Yes Yes Yes only on Windows[106] ?
VeraCrypt Yes Yes Yes Yes only on Windows[106] ?
CyberSafe Top Secret No Yes Yes No No ?
Name Whole disk Partition File Swap space Hibernation file RAID

Modes of operation

Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.

  • CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks.
  • CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
  • CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details)
  • LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.[121]
  • XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWG (IEEE P1619) standard for disk encryption.
  • Authenticated encryption: Protection against ciphertext modification by an attacker
Name CBC w/ predictable IVs CBC w/ secret IVs CBC w/ random per-sector keys LRW XTS Authenticated encryption
Aloaha Crypt Disk No No No Yes Yes ?
ArchiCrypt Live No No No Legacy support[122] Yes ?
BestCrypt No Yes No Yes[123] Yes[124] ?
BitArmor DataControl No Yes Plumb-IV No No ?
BitLocker No[125] Yes[125] No No Yes, Windows 10 10547+ ?
Bloombase StoreSafe Yes Yes Yes Yes Yes ?
CGD No Yes[126] No No No ?
CenterTools DriveLock ? ? ? ? ? ?
Check Point Full Disk Encryption No No Yes Yes Yes ?
CipherShed Legacy support[127] No No Legacy support[128] Yes[129] ?
CrossCrypt Yes No No No No ?
CryFS No No Yes No No ?
CryptArchiver ? ? ? ? ? ?
Cryptic Disk No No No No Yes No
Cryhod No Yes No No No ?
Cryptoloop Yes No No No No No
DiskCryptor No No No No Yes ?
Dm-crypt / LUKS Yes Yes No Yes, using *-lrw-benbi[130] Yes, using *-xts-plain Yes, using --integrity mode[131]
DriveSentry GoAnywhere 2 ? ? ? ? ? ?
E4M ? ? ? No No ?
e-Capsule Private Safe ? ? ? ? ? ?
eCryptfs No Yes ? No No ?
EgoSecure HDD Encryption No Yes No No No ?
FileVault Yes[85] No No No No ?
FileVault 2 No No No No Yes[132] ?
FREE CompuSec Yes No No No No ?
FreeOTFE Yes Yes No Yes Yes No
GBDE No No Yes[90] No No ?
GELI No Yes[133] No No Yes Yes, using -a option[134]
Loop-AES single-key, multi-key-v2 modes[92] multi-key-v3 mode[92] No No No No
McAfee Drive Encryption (SafeBoot) No Yes No No No ?
n-Crypt Pro ? ? No No No ?
PGPDisk ? ? ? ? ? ?
Private Disk No Yes No No No ?
ProxyCrypt No No No No Yes ?
R-Crypto ? ? ? ? ? ?
SafeGuard Easy ? ? ? ? ? ?
SafeGuard Enterprise ? ? ? ? ? ?
SafeGuard PrivateDisk ? ? ? ? ? ?
SafeHouse Professional Yes No No No No ?
Scramdisk No Yes No No No ?
Scramdisk 4 Linux No Yes[135] No Yes[136] Yes[137] ?
SecuBox Yes No No No No ?
SecureDoc ? ? ? ? ? ?
Sentry 2020 ? ? ? ? ? ?
Seqrite Encryption Manager No Yes No Yes Yes ?
Softraid / RAID C ? ? ? ? Yes[138] ?
Svnd / Vnconfig ? ? ? ? ? ?
Symantec Endpoint Encryption No No Yes No No ?
TrueCrypt Legacy support[127] No No Legacy support[128] Yes[139] No
USBCrypt No Yes No No Yes ?
VeraCrypt No No No No Yes ?
CyberSafe Top Secret No No No No Yes ?
Name CBC w/ predictable IVs CBC w/ secret IVs CBC w/ random per-sector keys LRW XTS Authenticated encryption

See also

Notes and references

  1. "Jetico Mission". Jetico. https://www.jetico.com/about-jetico/mission-story. 
  2. "Bloombase StoreSafe". Bloombase. https://www.bloombase.com/products/storesafe. 
  3. Roland Dowdeswell (2002-10-04). "CryptoGraphic Disk". mailing list announcement. http://mail-index.netbsd.org/current-users/2002/10/04/0008.html. 
  4. "Protect guards laptop and desktop data". http://www.infoworld.com/cgi-bin/displayArchive.pl?/99/25/c05-25.48.htm. 
  5. Company and product name change to Pointsec "Protect Data Security Inc. changes name to Pointsec Mobile Technologies Inc.". http://www.pointsec.com/news/news.asp?newsid=85. 
  6. "Check Point Completes the Offer for Protect Data with Substantial Acceptance of 87.1 Percent". http://www.checkpoint.com/press/2007/protectdataacquisition011107.html. 
  7. Niklas Lemcke (2014-12-15). "Pre-Alpha testing started". https://ciphershed.org/pre-alpha-testing-started/. 
  8. "TrueCrypt License Version 3.0". TrueCrypt Foundation. 2012-02-07. https://github.com/CipherShed/CipherShed/blob/master/src/License.txt. 
  9. Sarah Dean (2004-02-10). "OTFEDB entry". http://otfedb.sdean12.org/cgi-bin/pub_factsheet.cgi?SYSTEM_ID=46. 
  10. Initial cryptoloop patches for the Linux 2.5 development kernel: "Archived copy". http://uwsg.iu.edu/hypermail/linux/kernel/0307.0/0348.html. 
  11. "Home". http://www.cryptomator.org/. 
  12. "Releases · DavidXanatos/DiskCryptor". https://github.com/DavidXanatos/DiskCryptor/releases. 
  13. dm-crypt was first included in Linux kernel version 2.6.4: https://lwn.net/Articles/75404/
  14. Clemens Fruhwirth. "LUKS version history". http://luks.endorphin.org/dm-crypt. 
  15. "archived E4M documentation". http://www.e4m.net/news.html. 
  16. "eCryptfs". http://ecryptfs.sourceforge.net. 
  17. Valient Gough (2003). "EncFS - an Encrypted Filesystem". README.md file. https://github.com/vgough/encfs. 
  18. "FreeOTFE version history". http://www.freeotfe.org/docs/version_history.htm#version_history. 
  19. "gbde(4) man page in FreeBSD 4.11". GBDE manual page as it appeared in FreeBSD 4.11. http://www.freebsd.org/cgi/man.cgi?query=gbde&apropos=0&sektion=4&manpath=FreeBSD+5.0-RELEASE&format=html. 
  20. "geli(8) man page in FreeBSD 6.0". GELI manual page as it first appeared in FreeBSD 6.0. http://www.freebsd.org/cgi/man.cgi?query=geli&apropos=0&sektion=0&manpath=FreeBSD+6.0-RELEASE&format=html. 
  21. Release Notes. GnuPG
  22. "gocryptfs changelog on github". https://github.com/rfjakob/gocryptfs#changelog. 
  23. "as received from FreeOTFE version v5.21 with small changes". 2014-06-20. https://github.com/t-d-k/LibreCrypt/commit/a395620545beff7736427dfc3b508b4f67609396. 
  24. "McAfee Drive Encryption". product description. McAfee. https://www.mcafee.com/enterprise/en-us/products/technologies/drive-encryption.html. 
  25. "PGP 6.0 Freeware released- any int'l links?". Newsgroupcomp.security.pgp. Usenet: 6sh4vm$jbf$1@news.cybercity.dk. Retrieved 2007-01-04.
  26. "Dekart Encryption software timeline". Dekart. http://www.lazybit.com/index.php/a/2007/04/19/dekart_private_disk_timeline. 
  27. "SafeGuard Easy 4.5 Technical Whitepaper". Utimaco. http://www.sophos.com/sophos/docs/eng/factshts/sophos-safeguard-easy-dsus.pdf. 
  28. "SafeGuard Enterprise Technical Whitepaper". Utimaco. http://www.sophos.com/sophos/docs/eng/factshts/sophos-safeguard-enterprise-dsus.pdf. 
  29. Rebranded as ThinkVantage Client Security "ThinkVantage Technologies Deployment Guide". Lenovo. ftp://ftp.software.ibm.com/pc/pccbbs/thinkcentre_pdf/rr30mst.pdf. [yes|permanent dead link|dead link}}]
  30. "ScramDisk 4 Linux Releases". http://sourceforge.net/project/showfiles.php?group_id=101952&package_id=109447. 
  31. "Sentry 2020 news". http://www.softwinter.com/. 
  32. "OpenBSD 4.2 Changelog". http://www.openbsd.org/plus42.html. 
  33. "OpenBSD 2.8 Changelog". http://www.openbsd.org/plus28.html. 
  34. "bwalex/tc-play". 2019-08-27. https://github.com/bwalex/tc-play/releases. 
  35. Last update: 2020-03-02 "bwalex/tc-play". Github. 2023-04-03. https://github.com/bwalex/tc-play. 
  36. Trend Micro
  37. "Mobile Armor: Your Data.Secure. Everywhere.". 4 September 2004. http://www.mobilearmor.com/products.html. 
  38. "TrueCrypt". http://www.truecrypt.org/docs/?s=version-history2. 
  39. "TrueCrypt License Version 3.1". TrueCrypt Foundation. 2014-05-28. https://github.com/warewolf/truecrypt/compare/master...7.2#diff-dc5cde275269b574b34b1204b9221cb2L1. 
  40. "VeraCrypt". https://veracrypt.codeplex.com/SourceControl/list/changesets?page=8. 
  41. "Apache License 2.0". IDRIX. 2015-06-28. https://veracrypt.codeplex.com/license. 
  42. "Whole Hard Disk Encryption Software - BestCrypt Volume Encryption - Jetico Inc. Oy". http://www.jetico.com/products/enterprise-data-protection/bestcrypt-volume-encryption. 
  43. 43.0 43.1 https://github.com/Aorimn/dislocker FUSE driver to read/write Windows BitLocker-ed volumes under Linux / Mac OSX
  44. "Archived copy". http://www.checkpoint.com/products/full-disk-encryption/DS_FullDisk_Encryption_120614.pdf. 
  45. 45.0 45.1 https://play.google.com/store/apps/details?id=com.sovworks.edslite Third party app allows to open containers encryptes with AES-256, SHA-512 hash and FAT file system
  46. http://www.truecrypt.org/misc/freebsd Although CipherShed can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when CipherShed is attempted to be used
  47. CrossCrypt - Only for the Microsoft Windows XP/2000 operating systems
  48. 48.0 48.1 48.2 http://www.freeotfe.org/docs/Main/Linux_volumes.htm FreeOTFE supports cryptoloop, dm-crypt/cryptsetup/dmsetup, and dm-crypt/LUKS volumes
  49. "Cryptomator - Free Cloud Encryption". http://www.cryptomator.org. 
  50. "Boxcryptor - Encryption for cloud storage - Window, Mac, Android, iOS". https://www.boxcryptor.com/. 
  51. 51.0 51.1 "Safe - Protect Your Files". http://www.getsafe.org/. 
  52. https://code.google.com/p/libfvde/ libfvde supports reading FileVault2 Drive Encryption (FVDE) encrypted volumes
  53. http://www.freeotfe.org/docs/Main/Linux_volumes.htm Supports Linux volumes
  54. https://play.google.com/store/apps/details?id=com.nemesis2.luksmanager&hl=en_GB Third party app allows a user to open LibreCrypt compatible LUKS containers
  55. https://github.com/t-d-k/LibreCrypt/blob/master/docs/Linux_volumes.md Supports Linux volumes
  56. "Endpoint Encryption Powered by PGP Technology - Symantec". http://www.symantec.com/endpoint-encryption/system-requirements/. 
  57. http://www.truecrypt.org/misc/freebsd Although TrueCrypt can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when TrueCrypt is attempted to be used
  58. https://play.google.com/store/apps/details?id=com.sovworks.eds.android Third party app allows to encrypt and decrypt VeraCrypt containers (only available in the paid version)
  59. https://apps.apple.com/de/app/disk-decipher/id516538625 Third party app allows to encrypt and decrypt VeraCrypt containers (only available in the paid version)
  60. http://www.jetico.com/linux/bcrypt-help/c_hiddn.htm Hidden containers description from Jetico (BestCrypt)
  61. 61.0 61.1 61.2 Secret-containers and Camouflage files ArchiCrypt Live Description
  62. Supports "Guest" keys
  63. Using "Archicrypt Card"
  64. Supported by the BestCrypt container format; see BestCrypt SDK
  65. Supported by the BestCrypt Volume Encryption software
  66. With PIN or USB key
  67. BitLocker Drive Encryption: Value Add Extensibility Options
  68. 68.0 68.1 "BitLocker Drive Encryption Technical Overview". Microsoft. http://technet2.microsoft.com/windowsserver2008/en/library/ce4d5a2e-59a5-4742-89cc-ef9f5908b4731033.mspx?mfr=true. 
  69. Recovery keys only.
  70. 70.0 70.1 70.2 70.3 Roland C. Dowdeswell, John Ioannidis. "The CryptoGraphic Disk Driver". CGD Design Paper. http://www.imrryr.org/~elric/cgd/cgd.pdf. Retrieved 2006-12-24. 
  71. Federico Biancuzzi (2005-12-21). "Inside NetBSD's CGD". interview with Roland Dowdeswell. ONLamp.com. http://www.onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html?page=1. 
  72. "Operating Systems Supported for System Encryption". CipherShed Documentation. CipherShed Project. https://github.com/CipherShed/CipherShed/blob/v0.7.3.0-dev/doc/userdocs/guide/CipherShed-User-Guide-0.7.3.0.pdf. 
  73. Although each volume encrypted with CipherShed can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (cf. TrueCrypt FAQ: Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?)
  74. 74.0 74.1 "Keyfiles". TrueCrypt Documentation. TrueCrypt Foundation. http://www.truecrypt.org/docs/keyfiles. 
  75. 75.0 75.1 "Some encryption programs use TPM to prevent attacks. Will TrueCrypt use it too?". TrueCrypt FAQ. TrueCrypt Foundation. http://www.truecrypt.org/faq#tpm. 
  76. "CryFS: How it works". https://www.cryfs.org/howitworks. 
  77. 77.0 77.1 77.2 dm-crypt and cryptoloop volumes can be mounted from the initrd before the system is booted
  78. 78.0 78.1 "DiskCryptor Features". http://diskcryptor.net/wiki/Main_Page/en. 
  79. "DiskCryptor". 10 February 2022. https://github.com/DavidXanatos/DiskCryptor. 
  80. 80.0 80.1 "DISK Protect Data Sheet". https://www.becrypt.com/uk/uploads/files/Disk%20Protect%20Standard_.pdf. 
  81. "cryptsetup Frequently Asked Questions". https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions. 
  82. 82.0 82.1 "Multi level access with separate access credentials, each enabling a different set of functional or logical operations". EISST Ltd.. http://www.eisst.com/products/private_safe/compare/. 
  83. uses the lower filesystem (stacking)
  84. 84.0 84.1 "Intel Advanced Encryption Standard (AES) Instructions Set - Rev 3". Intel. http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set/. 
  85. 85.0 85.1 85.2 85.3 85.4 Jacob Appelbaum, Ralf-Philipp Weinmann (2006-12-29). Unlocking FileVault: An Analysis of Apple's disk encryption. https://events.ccc.de/congress/2006/Fahrplan/attachments/1244-23C3VileFault.pdf. Retrieved 2012-01-03. 
  86. 86.0 86.1 "Mac OS X 10.7 Lion: the Ars Technica review". 2011-07-20. https://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/13. 
  87. FreeOTFE has a modular architecture and set of components to allow 3rd party integration
  88. FreeOTFE allows multiple keys to mount the same container file via encrypted keyfiles
  89. 89.0 89.1 89.2 89.3 "FreeBSD Handbook: Encrypting Disk Partitions". http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html. 
  90. 90.0 90.1 Cite error: Invalid <ref> tag; no text was provided for refs named gbde-paper
  91. 91.0 91.1 "geli(8) man page in FreeBSD-current". GELI manual page in current FreeBSD. http://www.freebsd.org/cgi/man.cgi?query=geli&apropos=0&sektion=0&manpath=FreeBSD+7-current&format=html. 
  92. 92.00 92.01 92.02 92.03 92.04 92.05 92.06 92.07 92.08 92.09 92.10 Jari Ruusu. "loop-AES README file". http://loop-aes.sourceforge.net/loop-AES.README. 
  93. Using customization
  94. "McAfee Endpoint Encryption". McAfee. http://www.mcafee.com/us/resources/data-sheets/ds-endpoint-encryption.pdf. 
  95. n-Crypt Pro does not use password authentication— biometric/USB dongle authentication only
  96. "PGP Whole Disk Encryption FAQ". PGP Corporation. http://www.pgp.com/products/wholediskencryption/faq.html. 
  97. PGP private keys are always protected by strengthened passphrases
  98. 98.0 98.1 "Embedded Security: Trusted Platform Module Technology Comes of Age". Utimaco. http://americas.utimaco.com/encryption/TPM-Technology-Comes-Of-Age.html. 
  99. "ThinkVantage Technologies Deployment Guide". Lenovo. http://download.lenovo.com/ibmdl/pub/pc/pccbbs/thinkcentre_pdf/rr30mst.pdf. 
  100. 100.0 100.1 For TrueCrypt containers
  101. "SecureDoc Product Information". WinMagic Inc.. http://www.winmagic.com/solutions/securedoc.html. 
  102. optional by using -K OpenBSD Manual Pages: vnconfig(8)
  103. "Endpoint Encryption". http://docs.trendmicro.com/en-us/enterprise/endpoint-encryption.aspx. 
  104. "Solutions for Solid-State Drives (SSD) - Endpoint Encryption". http://esupport.trendmicro.com/solution/en-US/1058686.aspx. 
  105. "Support for smart card readers - Endpoint Encryption". http://esupport.trendmicro.com/solution/en-US/1059884.aspx. 
  106. 106.0 106.1 106.2 "Operating Systems Supported for System Encryption". TrueCrypt Documentation. TrueCrypt Foundation. http://www.truecrypt.org/docs/?s=sys-encryption-supported-os. 
  107. Although each volume encrypted with TrueCrypt can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (cf. TrueCrypt FAQ: Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?)
  108. "Operating Systems Supported for System Encryption". VeraCrypt Documentation. IDRIX. https://www.veracrypt.fr/en/Supported%20Systems%20for%20System%20Encryption.html. 
  109. "Whole Hard Disk Encryption Software - BestCrypt Volume Encryption - Jetico Inc. Oy". http://www.jetico.com/data-protection-encryption-bestcrypt-volume-encryption-enterprise/. 
  110. Within a VHD http://www.howtogeek.com/193013/how-to-create-an-encrypted-container-file-with-bitlocker-on-windows/
  111. dm-crypt can encrypt a file-based volume when used with the losetup utility included with all major Linux distributions
  112. yes, but the user needs custom scripts: http://www.linuxquestions.org/questions/slackware-14/luks-encryption-swap-and-hibernate-627958/
  113. Uses proprietary e-Capsule file system not exposed to the OS.
  114. 114.0 114.1 not technically part of FileVault, but provided by many versions of Mac OS X; can be enabled independently of FileVault
  115. http://macmarshal.com/images/Documents/mm_wp_102.pdf
  116. "Use FileVault to encrypt the startup disk on your Mac". http://support.apple.com/kb/HT4790?viewlocale=en_US&locale=en_US. 
  117. 117.0 117.1 File-based volume encryption is possible when used with mdconfig(8) utility.
  118. "Control Break International Debuts SafeBoot Version 4.27". September 2004. http://connection.ebscohost.com/c/articles/14197489/control-break-international-debuts-safeboot-version-4-27. 
  119. http://www.openbsd.org/plus38.html OpenBSD 3.8 change notes
  120. however, not Windows UEFI-based computers with a GUID partition table (GPT)
  121. LRW issue
  122. Containers created with ArchiCrypt Live version 5 use LRW
  123. "New features in BestCrypt version 8". Jetico. http://www.jetico.com/bc8_web_help/html/03_new_features/01_new_features.htm. 
  124. "New features in version 2". Jetico. http://www.jetico.com/bcve_web_help/html/01_introduction/04_new_in_version.htm. 
  125. 125.0 125.1 Niels Fergusson (August 2006). AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista. Microsoft. http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf. Retrieved 2008-02-22. 
  126. "man 4 cgd in NetBSD-current". NetBSD current manual page on CGD. 2006-03-11. http://netbsd.gw.com/cgi-bin/man-cgi?cgd+4+NetBSD-current. 
  127. 127.0 127.1 Containers created with TrueCrypt versions 1.0 through 4.0 use CBC.
  128. 128.0 128.1 Containers created with TrueCrypt versions 4.1 through 4.3a use LRW, and support CBC for opening legacy containers only.
  129. Containers created with CipherShed or TrueCrypt versions 5.0+ use XTS, and support LRW/CBC for opening legacy containers only.
  130. Starting with Linux kernel version 2.6.20, CryptoAPI supports the LRW mode: https://lwn.net/Articles/213650/
  131. "cryptsetup - manage plain dm-crypt and LUKS encrypted volumes". 2018-01-01. https://man.cx/?page=cryptsetup(8). 
  132. "OS X Lion: About FileVault 2". http://support.apple.com/kb/HT4790. 
  133. "Linux/BSD disk encryption comparison". http://mareichelt.de/pub/notmine/linuxbsd-comparison.html. 
  134. Pawel Jakub Dawidek (2006-06-08). "Data authentication for geli(8) committed to HEAD.". https://docs.freebsd.org/cgi/getmsg.cgi?fetch=326862+0+archive/2006/freebsd-current/20060611.freebsd-current. 
  135. For Scramdisk containers
  136. For TrueCrypt 4 containers
  137. For TrueCrypt 5 and 6 containers
  138. "'CVS: cvs.openbsd.org: src' - MARC". http://marc.info/?l=openbsd-cvs&m=121302798322835&w=2. 
  139. Containers created with TrueCrypt versions 5.0 or later use XTS, and support LRW/CBC for opening legacy containers only.


External links