Comparison of disk encryption software
From HandWiki
Short description: None
This is a technical feature comparison of different disk encryption software.
Background information
Name | Developer | First released | Licensing | Maintained? |
---|---|---|---|---|
Aloaha Crypt Disk | Aloaha | 2008 | Source Auditable for Commercial Customers | Yes |
ArchiCrypt Live | Softwaredevelopment Remus ArchiCrypt | 1998 | Proprietary | Yes |
BestCrypt | Jetico | 1993[1] | Proprietary | Yes |
BitArmor DataControl | BitArmor Systems Inc. | 2008-05 | Proprietary | Yes |
BitLocker | Microsoft | 2006 | Proprietary | Yes |
Bloombase StoreSafe | Bloombase | 2012 | Proprietary | No[2] |
Boxcryptor | Secomba GmbH | 2011 | Proprietary | No |
CGD | Roland C. Dowdeswell | 2002-10-04[3] | BSD | Yes |
CenterTools DriveLock | CenterTools | 2008 | Proprietary | Yes |
Check Point Full Disk Encryption | Check Point Software Technologies Ltd | 1999[4][5][6] | Proprietary | Yes |
CipherShed | CipherShed Project | 2014[7] | TrueCrypt License Version 3.0[8] | No |
CrossCrypt | Steven Scherrer | 2004-02-10[9] | GPL | No |
CryFS | Sebastian Messmer | 2015 | LGPLv3 | Yes |
Cryhod | Prim'X Technologies | 2010 | Proprietary | Yes |
Cryptainer | Cypherix Software | 1998 | Proprietary | Yes |
Cryptic Disk | Exlade | 2003 | Proprietary | Yes |
CryptArchiver | WinEncrypt | ? | Proprietary | Yes |
Cryptoloop | ? | 2003-07-02[10] | GPL | No |
Cryptomator | Skymatic UG (haftungsbeschränkt) | 2016-03-09[11] | GPLv3 | Yes |
CryptoPro Secure Disk Enterprise | cpsd it-services GmbH | 2010 | Proprietary | Yes |
CryptoPro Secure Disk for BitLocker | cpsd it-services GmbH | 2012 | Proprietary | Yes |
CryptSync | Stefan Küng | 2012 | GPL v2 | Yes |
Discryptor | Cosect Ltd. | 2008 | Proprietary | No |
DiskCryptor | ntldr, David Xanatos | 2007 | GPL | No[12] |
DISK Protect | Becrypt Ltd | 2001 | Proprietary | Yes |
Cryptsetup / Dmsetup | Christophe Saout | 2004-03-11[13] | GPL | Yes |
Dm-crypt / LUKS | Clemens Fruhwirth (LUKS) | 2005-02-05[14] | GPL | Yes |
DriveSentry GoAnywhere 2 | DriveSentry | 2008 | Proprietary | No |
E4M | Paul Le Roux | 1998-12-18[15] | Open source | No |
e-Capsule Private Safe | EISST Ltd. | 2005 | Proprietary | Yes |
eCryptfs | Dustin Kirkland, Tyler Hicks, (formerly Mike Halcrow) | 2005[16] | GPL | Yes |
EgoSecure HDD Encryption | EgoSecure GmbH | 2006 | Proprietary | Yes |
EncFS | Valient Gough | 2003[17] | LGPLv3 | No |
EncryptStick | ENC Security Systems | 2009 | Proprietary | Yes |
FileVault | Apple Inc. | 2003-10-24 | Proprietary | Yes |
FileVault 2 | Apple Inc. | 2011-07-20 | Proprietary | Yes |
FREE CompuSec | CE-Infosys | 2002 | Proprietary | Yes |
FreeOTFE | Sarah Dean | 2004-10-10[18] | Open source | No |
GBDE | Poul-Henning Kamp | 2002-10-19[19] | BSD | No |
GELI | Pawel Jakub Dawidek | 2005-04-11[20] | BSD | Yes |
GnuPG | Werner Koch | 1999-09-07[21] | GPL | Yes |
gocryptfs | Jakob Unterwurzacher | 2015-10-07[22] | MIT / X Consortium License | Yes |
Knox | AgileBits | 2010 | Proprietary | Yes |
KryptOS | The MorphOS Development Team | 2010 | Proprietary | Yes |
LibreCrypt | tdk | 2014-06-19[23] | Open source | No |
Loop-AES | Jari Ruusu | 2001-04-11 | GPL | Yes |
McAfee Drive Encryption (SafeBoot) | McAfee, LLC | 2007[24] | Proprietary | Yes |
n-Crypt Pro | n-Trance Security Ltd | 2005 | Proprietary | Yes |
PGPDisk | PGP Corporation (acquired by Symantec in 2010) | 1998-09-01[25] | Proprietary | Yes |
Private Disk | Dekart | 1993[26] | Proprietary | Yes |
ProxyCrypt | v77 | 2013 | Open source | Yes |
R-Crypto | R-Tools Technology Inc | 2008 | Proprietary | Yes |
SafeGuard Easy | Sophos (Utimaco) | 1993[27] | Proprietary | Yes |
SafeGuard Enterprise | Sophos (Utimaco) | 2007[28] | Proprietary | Yes |
SafeGuard PrivateDisk | Sophos (Utimaco)[29] | 2000 | Proprietary | Yes |
SafeHouse Professional | PC Dynamics, Inc. | 1992 | Proprietary | Yes |
Scramdisk | Shaun Hollingworth | 1997-07-01 | Open source | No |
Scramdisk 4 Linux | Hans-Ulrich Juettner | 2005-08-06[30] | GPL | No |
SecuBox | Aiko Solutions | 2007-02-19 | Proprietary | Yes |
SECUDE Secure Notebook | SECUDE | 2003 | Proprietary | Yes |
Seqrite Encryption Manager | Quick Heal Technologies Ltd. | 2017 | Proprietary | Yes |
Sentry 2020 | SoftWinter | 1998[31] | Proprietary | No |
Softraid / RAID C | OpenBSD | 2007-11-01[32] | BSD | Yes |
SpyProof! | Information Security Corp. | 2002 | Proprietary | Yes |
Svnd / Vnconfig | OpenBSD | 2000-12-01[33] | BSD | Yes |
Symantec Endpoint Encryption | Symantec Corporation | 2008 | Proprietary | Yes |
Tcplay | Alex Hornung | 2012-01-28[34] | BSD | No[35] |
Trend Micro Endpoint Encryption (Mobile Armor) | Trend Micro[36] | 2004 or earlier[37] | Proprietary | Yes |
TrueCrypt | TrueCrypt Foundation | 2004-02-02[38] | TrueCrypt License 3.1[39] | No |
USBCrypt | WinAbility Software Corp. | 2010 | Proprietary | Yes |
VeraCrypt | IDRIX | 2013-06-22[40] | Apache License 2.0[41]
TrueCrypt License Version 3.0 (legacy code only) |
Yes |
CyberSafe Top Secret | CyberSoft | 2013 | Proprietary | Yes |
Name | Developer | First released | Licensing | Maintained? |
ZzEnc | IMDTech | 2013 | Commercial |
Operating systems
Name | Android | Windows NT | iOS | Mac OS X | Linux | FreeBSD | OpenBSD | NetBSD |
---|---|---|---|---|---|---|---|---|
Aloaha Crypt Disk | ? | Yes | ? | No | No | No | No | No |
BestCrypt Volume Encryption | ? | Yes | ? | Yes | No[42] | No | No | No |
BitArmor DataControl | ? | Yes | ? | No | No | No | No | No |
BitLocker | No | Yes | ? | Partial[43] | Partial[43] | No | No | No |
Bloombase StoreSafe | ? | Yes | ? | Yes | Yes | Yes | Yes | Yes |
Boxcryptor | Yes | Yes | Yes | Yes | Yes | No | No | No |
CenterTools DriveLock | ? | Yes | ? | No | No | No | No | No |
CGD | ? | No | ? | No | No | No | No | Yes |
Check Point Full Disk Encryption | ? | Yes | ? | Yes | Yes[44] | No | No | No |
CipherShed | Yes[45] | Yes | ? | Yes | Yes | No[46] | No | No |
CrossCrypt | No | Yes[47] | ? | No | No | No | No | No |
CryFS | No | Yes | ? | Yes | Yes | Yes | No | Yes |
Cryhod | ? | Yes | ? | No | Yes | No | No | No |
Cryptainer | ? | Yes | ? | No | No | No | No | No |
CryptArchiver | ? | Yes | ? | No | No | No | No | No |
Cryptic Disk | No | Yes | No | No | No | No | No | No |
Cryptoloop | ? | Yes[48] | ? | No | Yes | No | No | No |
Cryptomator | Yes | Yes[49] | Yes | Yes | Yes | No | No | No |
CryptoPro Secure Disk Enterprise | No | Yes | ? | No | No | No | No | No |
CryptoPro Secure Disk for BitLocker | No | Yes | ? | No | No | No | No | No |
Cryptsetup / Dmsetup | ? | Yes[48] | ? | No | Yes | No | No | No |
CryptSync | No | Yes | ? | Yes | Yes | No | No | No |
Discryptor | ? | No | ? | No | No | No | No | No |
DiskCryptor | ? | Yes | ? | No | No | No | No | No |
DISK Protect | ? | Yes | ? | No | No | No | No | No |
Dm-crypt / LUKS | ? | Yes[48] | ? | No | Yes | No | No | No |
DriveSentry GoAnywhere 2 | ? | Yes | ? | No | No | No | No | No |
E4M | ? | Yes | ? | No | No | No | No | No |
e-Capsule Private Safe | ? | Yes | ? | No | No | No | No | No |
eCryptfs | ? | No | ? | No | Yes | No | No | No |
EgoSecure HDD Encryption | ? | Yes | ? | No | No | No | No | No |
EncFS | Yes[50] | Yes[51] | ? | Yes[51] | Yes (FUSE) | Yes (FUSE) | Yes (FUSE) | Yes (FUSE) |
EncryptStick | ? | Yes | ? | Yes | Yes | No | No | No |
EncryptUSB | ? | Yes | ? | Yes | No | No | No | No |
FileVault | ? | No | ? | Yes | No | No | No | No |
FileVault 2 | ? | No | ? | Yes | Partial[52] | No | No | No |
FREE CompuSec | ? | Yes | ? | No | No | No | No | No |
FreeOTFE | No | Yes | ? | No | Partial[53] | No | No | No |
GBDE | ? | No | ? | No | No | Yes | No | No |
GELI | ? | No | ? | No | No | Yes | No | No |
Knox | ? | No | ? | Yes | No | No | No | No |
LibreCrypt | Yes[54] | Yes | ? | No | Partial[55] | No | No | No |
Loop-AES | ? | No | ? | No | Yes | No | No | No |
McAfee Drive Encryption (SafeBoot) | ? | Yes | ? | Yes | No | No | No | No |
n-Crypt Pro | ? | Yes | ? | No | No | No | No | No |
PGPDisk | ? | Yes | ? | Yes | No | No | No | No |
PGP Whole Disk Encryption | ? | Yes | ? | Yes | Yes | No | No | No |
Private Disk | ? | Yes | ? | No | No | No | No | No |
ProxyCrypt | No | Yes | ? | No | No | No | No | No |
R-Crypto | ? | Yes | ? | No | No | No | No | No |
SafeGuard Easy | ? | Yes | ? | No | No | No | No | No |
SafeGuard Enterprise | ? | Yes | ? | Yes | No | No | No | No |
SafeGuard PrivateDisk | ? | Yes | ? | No | No | No | No | No |
SafeHouse Professional | ? | Yes | ? | No | No | No | No | No |
Scramdisk | ? | Yes | ? | No | Yes | No | No | No |
Scramdisk 4 Linux | ? | No | ? | No | Yes | No | No | No |
SecuBox | ? | No | ? | No | No | No | No | No |
SecureDoc | ? | Yes | ? | Yes | Yes | No | No | No |
Sentry 2020 | ? | Yes | ? | No | No | No | No | No |
Seqrite Volume Encryption | No | Yes | No | No | No | No | No | No |
Softraid / RAID C | ? | No | ? | No | No | No | Yes | No |
SpyProof! | ? | Yes | ? | No | No | No | No | No |
Svnd / Vnconfig | ? | No | ? | No | No | No | Yes | No |
Symantec Endpoint Encryption | ? | Yes | ? | Yes | No[56] | No | No | No |
Tcplay | No | No | ? | No | Yes | No | No | No |
Trend Micro Endpoint Encryption | No | Yes | ? | Yes | No | No | No | No |
TrueCrypt | Yes[45] | Yes | Yes | Yes | Yes | No[57] | No | No |
USBCrypt | No | Yes | ? | No | No | No | No | No |
VeraCrypt | Yes[58] | Yes | Yes[59] | Yes | Yes | Yes | No | No |
CyberSafe Top Secret | Yes | Yes | ? | No | No | No | No | No |
Name | Android | Windows NT | iOS | Mac OS X | Linux | FreeBSD | OpenBSD | NetBSD |
Features
- Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established)[60] can be created for deniable encryption. Note that some modes of operation like CBC with a plain IV can be more prone to watermarking attacks than others.
- Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk.
- Single sign-on: Whether credentials provided during pre-boot authentication will automatically log the user into the host operating system, thus preventing password fatigue and reducing the need to remember multiple passwords.
- Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications.[clarification needed]
- Multiple keys: Whether an encrypted volume can have more than one active key.
- Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2.
- Hardware acceleration: Whether dedicated cryptographic accelerator expansion cards can be taken advantage of.
- Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor.
- Filesystems: What filesystems are supported.
- Two-factor authentication: Whether optional security tokens (hardware security modules, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11)
Name | Hidden containers | Pre-boot authentication | Single sign-on | Custom authentication | Multiple keys | Passphrase strengthening | Hardware acceleration | TPM | Filesystems | Two-factor authentication |
---|---|---|---|---|---|---|---|---|---|---|
Aloaha Secure Stick | Yes | No | N/A | Yes | Yes | No | No | No | NTFS, FAT32 | Yes |
ArchiCrypt Live | Yes[61] | No | N/A | No | Yes[61][62] | No | No | No | ? | Yes[61][63] |
BestCrypt | Yes | Yes | Yes | Yes | Yes[64] | Yes | Yes | Yes | Any supported by OS | Yes[65] |
BitArmor DataControl | No | Yes | ? | No | Yes | Yes | No | No | NTFS, FAT32 on non-system volumes | No |
BitLocker | No | Yes[66] | No | Yes[67] | Yes[68] | Yes[69] | Yes | Yes[68] | Chiefly NTFS [Note 1] | Yes [Note 2] |
Bloombase StoreSafe | No | No | N/A | Yes | Yes | Yes | Yes | No | Any supported by OS | Yes |
CGD | No | No | N/A | Yes[70] | Yes[71] | Yes[70] | No | No | Any supported by OS | Yes[70] |
CenterTools DriveLock | No | Yes | Yes | No | No | Yes | No | No | Any supported by OS | Yes |
Check Point Full Disk Encryption | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | NTFS, FAT32 | Yes |
CipherShed | Yes (limited to one per "outer" container) |
only on Windows[72] | ? | No | yes with multiple keyfiles[73][74] | Yes | Yes | No[75] | Yes | |
CryFS | No | No | N/A | No | No | Yes[76] | No | No | Any supported by OS | No |
CrossCrypt | No | No | N/A | No | No | No | No | No | ? | No |
CryptArchiver | No | No | N/A | No | No | ? | No | No | ? | ? |
Cryptic Disk | Yes | No | No | No | Yes | Yes | Yes | No | Any supported by OS | Yes |
Cryhod | No | Yes | Yes | No | Yes | Yes | Yes | No | Any supported by OS | Yes |
Cryptoloop | No | Yes[77] | ? | Yes | No | No | No | Any supported by OS | ? | |
Cryptomator | No | No | N/A | No | No | Yes | Yes | No | Any supported by OS | No |
CryptoPro Secure Disk Enterprise | Yes with add-on Secure Device | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Any supported by OS | Yes |
CryptoPro Secure Disk for BitLocker | Yes with add-on Secure Device | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Any supported by OS | Yes |
Cryptsetup / Dmsetup | No | Yes[77] | ? | Yes | No | No | Yes | No | Any supported by OS | Yes |
DiskCryptor | No | Yes | ? | No | No | No | Yes[78] | No | Windows volumes on MBR and UEFI GPT drives, ReFs any FS supported by OS[79] | Yes[78] |
DISK Protect | No | Yes[80] | Yes | No | Yes[80] | No | Yes | Yes | NTFS, FAT32 | Yes |
Dm-crypt / LUKS | No | Yes[77] | ? | Yes | Yes | Yes | Yes | Partial[81] [Note 3] | Any supported by OS | Yes |
DriveSentry GoAnywhere 2 | No | No | N/A | Yes | No | Yes | No | ? | Any supported by OS | Yes |
E4M | No | No | N/A | No | No | ? | No | No | ? | No |
e-Capsule Private Safe | Yes[82] | No | N/A | No | Yes[82] | No | Yes | No | ? | ? |
eCryptfs | No | No | N/A | Yes | Yes | Yes | Yes | Yes | Yes[83] | Yes |
EgoSecure HDD Encryption | No | Yes | Yes | Yes | Yes | Yes | Yes[84] | Yes | NTFS, FAT32 | Yes |
EncryptUSB | No | No | No | No | No | Yes | No | No | NTFS, FAT32, exFAT | No |
FileVault | No | No | N/A | No | Two passwords[85] | Yes[85] | ? | No | HFS+, possibly others | No |
FileVault 2 | No | Yes | Yes | No | Yes | Yes | Yes[86] | No | HFS+, possibly others | No |
FREE CompuSec | No | Yes | ? | No | No | No | No | No | Any supported by OS | No |
FreeOTFE | Yes | No | N/A | Yes[87] | Yes[88] | Yes | Yes | No | Any supported by OS | Yes |
GBDE | No | No[89] | N/A | Yes | No[90] | No[89] | No | Any supported by OS | Yes | |
GELI | No | Yes[89] | ? | Yes | Yes[91] | Yes[91] | Yes[89] | No | Any supported by OS | Yes |
Loop-AES | No | Yes[92] | ? | Yes[92] | Yes[92] | Yes[92] | Yes[92] | No | Any supported by OS | Yes[93] |
McAfee Drive Encryption (SafeBoot) | Yes | Yes | Yes | Yes | Yes | Yes | Yes[84][94] | Yes | Any supported by OS | Yes |
n-Crypt Pro | No | No | N/A | No | No | N/A[95] | No | No | ? | ? |
PGPDisk | No | Yes[96] | Yes | ? | Yes | Yes[97] | ? | Yes | ? | Yes |
Private Disk | No | No | N/A | No | Yes | Yes | No | No | Any supported by OS | Yes |
ProxyCrypt | Yes | No | No | No | No | Yes | Yes | No | Any supported by OS | Yes |
R-Crypto | ? | No | N/A | ? | ? | ? | ? | ? | Any supported by OS | ? |
SafeGuard Easy | No | Yes | ? | No | Yes | Yes | No | Yes[98] | Any supported by OS | Yes |
SafeGuard Enterprise | No | Yes | Yes | No | Yes | Yes | No | Yes[98] | Any supported by OS | Yes |
SafeGuard PrivateDisk | No | No | N/A | No | Yes | Yes | No | Yes[99] | Any supported by OS | Yes |
SafeHouse Professional | No | No | N/A | Yes | Yes | Yes | No | No | Any supported by OS | Yes |
Scramdisk | Yes | No | N/A | No | No | No | No | No | ? | Last update to web site 2009-07-02 |
Scramdisk 4 Linux | Yes[100] | No | N/A | No | No | Yes[100] | No | No | ext2, ext3, reiserfs, minix, ntfs, vfat/msdos | No |
SecuBox | No | No | N/A | No | No | Yes | No | No | ? | No |
SecureDoc | No | Yes[101] | ? | Yes | Yes | Yes | Yes | Yes | ? | Yes |
Seqrite Encryption Manager | No | Yes | Yes | No | Yes | Yes | Yes | No | Any supported by OS | No |
Sentry 2020 | No | No | ? | No | No | No | No | No | ? | No |
Softraid / RAID C | No | No | ? | ? | ? | ? | Yes | ? | Any supported by OS | ? |
Svnd / Vnconfig | No | No | N/A | No | No | Yes[102] | Yes | ? | Any supported by OS | ? |
Symantec Endpoint Encryption | No | Yes | Yes | Yes | Yes | Yes | No | No | NTFS, FAT32 | Yes |
Trend Micro Endpoint Encryption | No | Yes | Yes | Yes | Yes | Yes[103] | Yes[104] | No | Any supported by OS | Yes[105] |
TrueCrypt [Note 4] | Yes (limited to one per "outer" container) |
only on Windows[106] | ? | No | yes with multiple keyfiles[74][107] | Yes | Yes | No[75] | Yes | |
VeraCrypt | Yes (limited to one per "outer" container) |
only on Windows[108] | No | No | yes with multiple keyfiles | Yes | Yes | No | Windows on both MBR and UEFI GPT drives; dynamic drives discouraged | Yes |
CyberSafe Top Secret | Yes | No | No | No | Yes | Yes | Yes | No | Only Windows MBR volumes; no UEFI GPT drives, and dynamic drives discouraged | Yes |
Name | Hidden containers | Pre-boot authentication | Single sign-on | Custom authentication | Multiple keys | Passphrase strengthening | Hardware acceleration | TPM | Filesystems | Two-factor authentication |
ZzEnc | No | Yes | Yes | Yes | Yes | Yes | No | No | Windows, Legacy BIOS & UEFI | In UEFI with removable keys store on USB-flash |
- ↑ Windows 7 introduces Bitlocker-To-Go which supports NTFS, FAT32 or exFAT, however for hard drive encryption, Windows Vista and later are limited to be installable only on NTFS volumes
- ↑ BitLocker can be used with a TPM PIN + external USB key for two-factor authentication
- ↑ An external tool can be used to read the key from the TPM and then have the key passed on to dm-crypt/LUKS via the standard input
- ↑ The current situation around TrueCrypt project is controversial. On 28.05.2014 after many years of development and broad usage the open-source (although anonymous) project was suddenly stopped, and all previous official materials and complete (encrypt/decrypt) binaries were withdrawn from its website citing some "unfixed security issues" and Windows XP end of support. The technical information herein is valid only for previous versions of TrueCrypt (v7.1a and some earlier). The latest available version (v7.2) is decrypt only, its authenticity and actual reasons behind the move are unclear, and its usage is not recommended. http://www.zdnet.com/truecrypt-quits-inexplicable-7000029994/
Layering
- Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to pre-boot authentication in the features comparison table.
- Partition: Whether individual disk partitions can be encrypted.
- File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices).
- Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly.
- Hibernation file: Whether the hibernation file is encrypted (if hibernation is supported).
Name | Whole disk | Partition | File | Swap space | Hibernation file | RAID |
---|---|---|---|---|---|---|
Aloaha Secure Stick | No | No | Yes | No | No | ? |
ArchiCrypt Live | Yes (except for the boot volume) |
Yes | Yes | No | No | ? |
BestCrypt | Yes | Yes | Yes | Yes | Yes[109] | ? |
BitArmor DataControl | No | Yes | No | Yes | Yes | ? |
BitLocker | Yes (except for the boot volume) |
Yes | Yes[110] | Yes (parent volume is encrypted) |
Yes (parent volume is encrypted) |
? |
Bloombase StoreSafe | Yes | Yes | Yes | Yes | No | Yes |
CenterTools DriveLock | Yes | Yes | Yes | Yes | Yes | ? |
CGD | Yes | Yes | Yes[70] | Yes | No | ? |
Check Point Full Disk Encryption | Yes | Yes | Yes | Yes | Yes | ? |
CipherShed | Yes | Yes | Yes | Yes | only on Windows | ? |
CrossCrypt | No | No | Yes | No | No | ? |
CryFS | No | No | No | No | No | ? |
CryptArchiver | No | No | Yes | No | No | ? |
Cryptic Disk | No | Yes | Yes | No | No | ? |
Cryhod | No | Yes | No | Yes | Yes (parent volume is encrypted) |
? |
Cryptoloop | Yes | Yes | Yes | Yes | No | ? |
Cryptomill | Yes | N/A | Yes | N/A | N/A | ? |
CryptoPro Secure Disk Enterprise | Yes | Yes | Yes (add-on Secure Device) |
Yes | Yes | ? |
CryptoPro Secure Disk for BitLocker | Yes | Yes | Yes | Yes | Yes | ? |
DiskCryptor | No | Yes | No | Yes | Yes | ? |
Disk Protect | Yes | No | No | Yes | Yes | ? |
Dm-crypt / LUKS | Yes | Yes | Yes[111] | Yes | Yes[112] | ? |
DriveSentry GoAnywhere 2 | No | Yes | Yes | No | No | ? |
E4M | No | Yes | Yes | No | No | ? |
e-Capsule Private Safe | No | No | Yes[113] | No | No | ? |
eCryptfs | No | No | Yes | No | No | ? |
EgoSecure HDD Encryption | Yes | Yes | Yes | Yes | Yes | ? |
EncryptUSB | No | No | Yes | No | No | ? |
FileVault | No | No | Yes[85] | Yes[114][85] | Yes[114][115] | |
FileVault 2 | Yes[116] | Yes[86] | No | Yes | Yes | ? |
FREE CompuSec | Yes | No | Yes | Yes | Yes | ? |
FreeOTFE | Yes (except for the boot volume) |
Yes | Yes | No | No | ? |
GBDE | Yes | Yes | Yes[117] | Yes | No | ? |
GELI | Yes | Yes | Yes[117] | Yes | No | ? |
Loop-AES | Yes | Yes[92] | Yes[92] | Yes[92] | Yes[92] | ? |
McAfee Drive Encryption (SafeBoot) | Yes | Yes | Yes | Yes | Yes[118] | ? |
n-Crypt Pro | Yes | Yes | Yes | No | No | ? |
PGPDisk | Yes | Yes | Yes | Yes | only on Windows | ? |
Private Disk | No | No | Yes | No | No | ? |
ProxyCrypt | Yes | Yes | Yes | No | No | ? |
R-Crypto | No | No | Yes | No | No | ? |
SafeGuard Easy | Yes | Yes | extra module | Yes | Each sector on disk is encrypted | ? |
SafeGuard Enterprise | Yes | Yes | Yes | Yes | Each sector on disk is encrypted | ? |
SafeGuard PrivateDisk | No | No | Yes | No | No | ? |
SafeHouse Professional | No | No | Yes | No | No | ? |
Scramdisk | No | Yes | Yes | No | No | ? |
Scramdisk 4 Linux | Yes | Yes | Yes | Yes | No | ? |
SecuBox | No | No | Yes | N/A | No | ? |
Sentry 2020 | No | No | Yes | No | No | ? |
Seqrite Encryption Manager | Yes | Yes | Yes | Yes | Yes | RAID-5 |
Softraid / RAID C | Yes | Yes | No | Yes (encrypted by default in OpenBSD)[119] | No | ? |
Svnd / Vnconfig | ? | Yes | Yes | Yes (encrypted by default in OpenBSD) | ? | ? |
SpyProof! | No | Yes | Yes | No | No | ? |
Symantec Endpoint Encryption | Yes | Yes | Yes | Yes | Yes | ? |
Trend Micro Endpoint Encryption | Yes | Yes | Yes | Yes | Yes | ? |
TrueCrypt | Yes[120] | Yes | Yes | Yes | only on Windows[106] | ? |
VeraCrypt | Yes | Yes | Yes | Yes | only on Windows[106] | ? |
CyberSafe Top Secret | No | Yes | Yes | No | No | ? |
Name | Whole disk | Partition | File | Swap space | Hibernation file | RAID |
Modes of operation
Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.
- CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks.
- CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
- CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details)
- LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.[121]
- XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWG (IEEE P1619) standard for disk encryption.
- Authenticated encryption: Protection against ciphertext modification by an attacker
Name | CBC w/ predictable IVs | CBC w/ secret IVs | CBC w/ random per-sector keys | LRW | XTS | Authenticated encryption |
---|---|---|---|---|---|---|
Aloaha Crypt Disk | No | No | No | Yes | Yes | ? |
ArchiCrypt Live | No | No | No | Legacy support[122] | Yes | ? |
BestCrypt | No | Yes | No | Yes[123] | Yes[124] | ? |
BitArmor DataControl | No | Yes | Plumb-IV | No | No | ? |
BitLocker | No[125] | Yes[125] | No | No | Yes, Windows 10 10547+ | ? |
Bloombase StoreSafe | Yes | Yes | Yes | Yes | Yes | ? |
CGD | No | Yes[126] | No | No | No | ? |
CenterTools DriveLock | ? | ? | ? | ? | ? | ? |
Check Point Full Disk Encryption | No | No | Yes | Yes | Yes | ? |
CipherShed | Legacy support[127] | No | No | Legacy support[128] | Yes[129] | ? |
CrossCrypt | Yes | No | No | No | No | ? |
CryFS | No | No | Yes | No | No | ? |
CryptArchiver | ? | ? | ? | ? | ? | ? |
Cryptic Disk | No | No | No | No | Yes | No |
Cryhod | No | Yes | No | No | No | ? |
Cryptoloop | Yes | No | No | No | No | No |
DiskCryptor | No | No | No | No | Yes | ? |
Dm-crypt / LUKS | Yes | Yes | No | Yes, using *-lrw-benbi[130] | Yes, using *-xts-plain | Yes, using --integrity mode[131]
|
DriveSentry GoAnywhere 2 | ? | ? | ? | ? | ? | ? |
E4M | ? | ? | ? | No | No | ? |
e-Capsule Private Safe | ? | ? | ? | ? | ? | ? |
eCryptfs | No | Yes | ? | No | No | ? |
EgoSecure HDD Encryption | No | Yes | No | No | No | ? |
FileVault | Yes[85] | No | No | No | No | ? |
FileVault 2 | No | No | No | No | Yes[132] | ? |
FREE CompuSec | Yes | No | No | No | No | ? |
FreeOTFE | Yes | Yes | No | Yes | Yes | No |
GBDE | No | No | Yes[90] | No | No | ? |
GELI | No | Yes[133] | No | No | Yes | Yes, using -a option[134]
|
Loop-AES | single-key, multi-key-v2 modes[92] | multi-key-v3 mode[92] | No | No | No | No |
McAfee Drive Encryption (SafeBoot) | No | Yes | No | No | No | ? |
n-Crypt Pro | ? | ? | No | No | No | ? |
PGPDisk | ? | ? | ? | ? | ? | ? |
Private Disk | No | Yes | No | No | No | ? |
ProxyCrypt | No | No | No | No | Yes | ? |
R-Crypto | ? | ? | ? | ? | ? | ? |
SafeGuard Easy | ? | ? | ? | ? | ? | ? |
SafeGuard Enterprise | ? | ? | ? | ? | ? | ? |
SafeGuard PrivateDisk | ? | ? | ? | ? | ? | ? |
SafeHouse Professional | Yes | No | No | No | No | ? |
Scramdisk | No | Yes | No | No | No | ? |
Scramdisk 4 Linux | No | Yes[135] | No | Yes[136] | Yes[137] | ? |
SecuBox | Yes | No | No | No | No | ? |
SecureDoc | ? | ? | ? | ? | ? | ? |
Sentry 2020 | ? | ? | ? | ? | ? | ? |
Seqrite Encryption Manager | No | Yes | No | Yes | Yes | ? |
Softraid / RAID C | ? | ? | ? | ? | Yes[138] | ? |
Svnd / Vnconfig | ? | ? | ? | ? | ? | ? |
Symantec Endpoint Encryption | No | No | Yes | No | No | ? |
TrueCrypt | Legacy support[127] | No | No | Legacy support[128] | Yes[139] | No |
USBCrypt | No | Yes | No | No | Yes | ? |
VeraCrypt | No | No | No | No | Yes | ? |
CyberSafe Top Secret | No | No | No | No | Yes | ? |
Name | CBC w/ predictable IVs | CBC w/ secret IVs | CBC w/ random per-sector keys | LRW | XTS | Authenticated encryption |
See also
- Cold boot attack
- Comparison of encrypted external drives
- Disk encryption software
- Disk encryption theory
- List of cryptographic file systems
Notes and references
- ↑ "Jetico Mission". Jetico. https://www.jetico.com/about-jetico/mission-story.
- ↑ "Bloombase StoreSafe". Bloombase. https://www.bloombase.com/products/storesafe.
- ↑ Roland Dowdeswell (2002-10-04). "CryptoGraphic Disk". mailing list announcement. http://mail-index.netbsd.org/current-users/2002/10/04/0008.html.
- ↑ "Protect guards laptop and desktop data". http://www.infoworld.com/cgi-bin/displayArchive.pl?/99/25/c05-25.48.htm.
- ↑ Company and product name change to Pointsec "Protect Data Security Inc. changes name to Pointsec Mobile Technologies Inc.". http://www.pointsec.com/news/news.asp?newsid=85.
- ↑ "Check Point Completes the Offer for Protect Data with Substantial Acceptance of 87.1 Percent". http://www.checkpoint.com/press/2007/protectdataacquisition011107.html.
- ↑ Niklas Lemcke (2014-12-15). "Pre-Alpha testing started". https://ciphershed.org/pre-alpha-testing-started/.
- ↑ "TrueCrypt License Version 3.0". TrueCrypt Foundation. 2012-02-07. https://github.com/CipherShed/CipherShed/blob/master/src/License.txt.
- ↑ Sarah Dean (2004-02-10). "OTFEDB entry". http://otfedb.sdean12.org/cgi-bin/pub_factsheet.cgi?SYSTEM_ID=46.
- ↑ Initial cryptoloop patches for the Linux 2.5 development kernel: "Archived copy". http://uwsg.iu.edu/hypermail/linux/kernel/0307.0/0348.html.
- ↑ "Home". http://www.cryptomator.org/.
- ↑ "Releases · DavidXanatos/DiskCryptor". https://github.com/DavidXanatos/DiskCryptor/releases.
- ↑ dm-crypt was first included in Linux kernel version 2.6.4: https://lwn.net/Articles/75404/
- ↑ Clemens Fruhwirth. "LUKS version history". http://luks.endorphin.org/dm-crypt.
- ↑ "archived E4M documentation". http://www.e4m.net/news.html.
- ↑ "eCryptfs". http://ecryptfs.sourceforge.net.
- ↑ Valient Gough (2003). "EncFS - an Encrypted Filesystem". README.md file. https://github.com/vgough/encfs.
- ↑ "FreeOTFE version history". http://www.freeotfe.org/docs/version_history.htm#version_history.
- ↑ "gbde(4) man page in FreeBSD 4.11". GBDE manual page as it appeared in FreeBSD 4.11. http://www.freebsd.org/cgi/man.cgi?query=gbde&apropos=0&sektion=4&manpath=FreeBSD+5.0-RELEASE&format=html.
- ↑ "geli(8) man page in FreeBSD 6.0". GELI manual page as it first appeared in FreeBSD 6.0. http://www.freebsd.org/cgi/man.cgi?query=geli&apropos=0&sektion=0&manpath=FreeBSD+6.0-RELEASE&format=html.
- ↑ Release Notes. GnuPG
- ↑ "gocryptfs changelog on github". https://github.com/rfjakob/gocryptfs#changelog.
- ↑ "as received from FreeOTFE version v5.21 with small changes". 2014-06-20. https://github.com/t-d-k/LibreCrypt/commit/a395620545beff7736427dfc3b508b4f67609396.
- ↑ "McAfee Drive Encryption". product description. McAfee. https://www.mcafee.com/enterprise/en-us/products/technologies/drive-encryption.html.
- ↑ "PGP 6.0 Freeware released- any int'l links?". Newsgroup: comp.security.pgp. Usenet: 6sh4vm$jbf$1@news.cybercity.dk. Retrieved 2007-01-04.
- ↑ "Dekart Encryption software timeline". Dekart. http://www.lazybit.com/index.php/a/2007/04/19/dekart_private_disk_timeline.
- ↑ "SafeGuard Easy 4.5 Technical Whitepaper". Utimaco. http://www.sophos.com/sophos/docs/eng/factshts/sophos-safeguard-easy-dsus.pdf.
- ↑ "SafeGuard Enterprise Technical Whitepaper". Utimaco. http://www.sophos.com/sophos/docs/eng/factshts/sophos-safeguard-enterprise-dsus.pdf.
- ↑ Rebranded as ThinkVantage Client Security "ThinkVantage Technologies Deployment Guide". Lenovo. ftp://ftp.software.ibm.com/pc/pccbbs/thinkcentre_pdf/rr30mst.pdf.[yes|permanent dead link|dead link}}]
- ↑ "ScramDisk 4 Linux Releases". http://sourceforge.net/project/showfiles.php?group_id=101952&package_id=109447.
- ↑ "Sentry 2020 news". http://www.softwinter.com/.
- ↑ "OpenBSD 4.2 Changelog". http://www.openbsd.org/plus42.html.
- ↑ "OpenBSD 2.8 Changelog". http://www.openbsd.org/plus28.html.
- ↑ "bwalex/tc-play". 2019-08-27. https://github.com/bwalex/tc-play/releases.
- ↑ Last update: 2020-03-02 "bwalex/tc-play". Github. 2023-04-03. https://github.com/bwalex/tc-play.
- ↑ Trend Micro
- ↑ "Mobile Armor: Your Data.Secure. Everywhere.". 4 September 2004. http://www.mobilearmor.com/products.html.
- ↑ "TrueCrypt". http://www.truecrypt.org/docs/?s=version-history2.
- ↑ "TrueCrypt License Version 3.1". TrueCrypt Foundation. 2014-05-28. https://github.com/warewolf/truecrypt/compare/master...7.2#diff-dc5cde275269b574b34b1204b9221cb2L1.
- ↑ "VeraCrypt". https://veracrypt.codeplex.com/SourceControl/list/changesets?page=8.
- ↑ "Apache License 2.0". IDRIX. 2015-06-28. https://veracrypt.codeplex.com/license.
- ↑ "Whole Hard Disk Encryption Software - BestCrypt Volume Encryption - Jetico Inc. Oy". http://www.jetico.com/products/enterprise-data-protection/bestcrypt-volume-encryption.
- ↑ 43.0 43.1 https://github.com/Aorimn/dislocker FUSE driver to read/write Windows BitLocker-ed volumes under Linux / Mac OSX
- ↑ "Archived copy". http://www.checkpoint.com/products/full-disk-encryption/DS_FullDisk_Encryption_120614.pdf.
- ↑ 45.0 45.1 https://play.google.com/store/apps/details?id=com.sovworks.edslite Third party app allows to open containers encryptes with AES-256, SHA-512 hash and FAT file system
- ↑ http://www.truecrypt.org/misc/freebsd Although CipherShed can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when CipherShed is attempted to be used
- ↑ CrossCrypt - Only for the Microsoft Windows XP/2000 operating systems
- ↑ 48.0 48.1 48.2 http://www.freeotfe.org/docs/Main/Linux_volumes.htm FreeOTFE supports cryptoloop, dm-crypt/cryptsetup/dmsetup, and dm-crypt/LUKS volumes
- ↑ "Cryptomator - Free Cloud Encryption". http://www.cryptomator.org.
- ↑ "Boxcryptor - Encryption for cloud storage - Window, Mac, Android, iOS". https://www.boxcryptor.com/.
- ↑ 51.0 51.1 "Safe - Protect Your Files". http://www.getsafe.org/.
- ↑ https://code.google.com/p/libfvde/ libfvde supports reading FileVault2 Drive Encryption (FVDE) encrypted volumes
- ↑ http://www.freeotfe.org/docs/Main/Linux_volumes.htm Supports Linux volumes
- ↑ https://play.google.com/store/apps/details?id=com.nemesis2.luksmanager&hl=en_GB Third party app allows a user to open LibreCrypt compatible LUKS containers
- ↑ https://github.com/t-d-k/LibreCrypt/blob/master/docs/Linux_volumes.md Supports Linux volumes
- ↑ "Endpoint Encryption Powered by PGP Technology - Symantec". http://www.symantec.com/endpoint-encryption/system-requirements/.
- ↑ http://www.truecrypt.org/misc/freebsd Although TrueCrypt can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when TrueCrypt is attempted to be used
- ↑ https://play.google.com/store/apps/details?id=com.sovworks.eds.android Third party app allows to encrypt and decrypt VeraCrypt containers (only available in the paid version)
- ↑ https://apps.apple.com/de/app/disk-decipher/id516538625 Third party app allows to encrypt and decrypt VeraCrypt containers (only available in the paid version)
- ↑ http://www.jetico.com/linux/bcrypt-help/c_hiddn.htm Hidden containers description from Jetico (BestCrypt)
- ↑ 61.0 61.1 61.2 Secret-containers and Camouflage files ArchiCrypt Live Description
- ↑ Supports "Guest" keys
- ↑ Using "Archicrypt Card"
- ↑ Supported by the BestCrypt container format; see BestCrypt SDK
- ↑ Supported by the BestCrypt Volume Encryption software
- ↑ With PIN or USB key
- ↑ BitLocker Drive Encryption: Value Add Extensibility Options
- ↑ 68.0 68.1 "BitLocker Drive Encryption Technical Overview". Microsoft. http://technet2.microsoft.com/windowsserver2008/en/library/ce4d5a2e-59a5-4742-89cc-ef9f5908b4731033.mspx?mfr=true.
- ↑ Recovery keys only.
- ↑ 70.0 70.1 70.2 70.3 Roland C. Dowdeswell, John Ioannidis. "The CryptoGraphic Disk Driver". CGD Design Paper. http://www.imrryr.org/~elric/cgd/cgd.pdf. Retrieved 2006-12-24.
- ↑ Federico Biancuzzi (2005-12-21). "Inside NetBSD's CGD". interview with Roland Dowdeswell. ONLamp.com. http://www.onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html?page=1.
- ↑ "Operating Systems Supported for System Encryption". CipherShed Documentation. CipherShed Project. https://github.com/CipherShed/CipherShed/blob/v0.7.3.0-dev/doc/userdocs/guide/CipherShed-User-Guide-0.7.3.0.pdf.
- ↑ Although each volume encrypted with CipherShed can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (cf. TrueCrypt FAQ: Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?)
- ↑ 74.0 74.1 "Keyfiles". TrueCrypt Documentation. TrueCrypt Foundation. http://www.truecrypt.org/docs/keyfiles.
- ↑ 75.0 75.1 "Some encryption programs use TPM to prevent attacks. Will TrueCrypt use it too?". TrueCrypt FAQ. TrueCrypt Foundation. http://www.truecrypt.org/faq#tpm.
- ↑ "CryFS: How it works". https://www.cryfs.org/howitworks.
- ↑ 77.0 77.1 77.2 dm-crypt and cryptoloop volumes can be mounted from the initrd before the system is booted
- ↑ 78.0 78.1 "DiskCryptor Features". http://diskcryptor.net/wiki/Main_Page/en.
- ↑ "DiskCryptor". 10 February 2022. https://github.com/DavidXanatos/DiskCryptor.
- ↑ 80.0 80.1 "DISK Protect Data Sheet". https://www.becrypt.com/uk/uploads/files/Disk%20Protect%20Standard_.pdf.
- ↑ "cryptsetup Frequently Asked Questions". https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions.
- ↑ 82.0 82.1 "Multi level access with separate access credentials, each enabling a different set of functional or logical operations". EISST Ltd.. http://www.eisst.com/products/private_safe/compare/.
- ↑ uses the lower filesystem (stacking)
- ↑ 84.0 84.1 "Intel Advanced Encryption Standard (AES) Instructions Set - Rev 3". Intel. http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set/.
- ↑ 85.0 85.1 85.2 85.3 85.4 Jacob Appelbaum, Ralf-Philipp Weinmann (2006-12-29). Unlocking FileVault: An Analysis of Apple's disk encryption. https://events.ccc.de/congress/2006/Fahrplan/attachments/1244-23C3VileFault.pdf. Retrieved 2012-01-03.
- ↑ 86.0 86.1 "Mac OS X 10.7 Lion: the Ars Technica review". 2011-07-20. https://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/13.
- ↑ FreeOTFE has a modular architecture and set of components to allow 3rd party integration
- ↑ FreeOTFE allows multiple keys to mount the same container file via encrypted keyfiles
- ↑ 89.0 89.1 89.2 89.3 "FreeBSD Handbook: Encrypting Disk Partitions". http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html.
- ↑ 90.0 90.1 Cite error: Invalid
<ref>
tag; no text was provided for refs namedgbde-paper
- ↑ 91.0 91.1 "geli(8) man page in FreeBSD-current". GELI manual page in current FreeBSD. http://www.freebsd.org/cgi/man.cgi?query=geli&apropos=0&sektion=0&manpath=FreeBSD+7-current&format=html.
- ↑ 92.00 92.01 92.02 92.03 92.04 92.05 92.06 92.07 92.08 92.09 92.10 Jari Ruusu. "loop-AES README file". http://loop-aes.sourceforge.net/loop-AES.README.
- ↑ Using customization
- ↑ "McAfee Endpoint Encryption". McAfee. http://www.mcafee.com/us/resources/data-sheets/ds-endpoint-encryption.pdf.
- ↑ n-Crypt Pro does not use password authentication— biometric/USB dongle authentication only
- ↑ "PGP Whole Disk Encryption FAQ". PGP Corporation. http://www.pgp.com/products/wholediskencryption/faq.html.
- ↑ PGP private keys are always protected by strengthened passphrases
- ↑ 98.0 98.1 "Embedded Security: Trusted Platform Module Technology Comes of Age". Utimaco. http://americas.utimaco.com/encryption/TPM-Technology-Comes-Of-Age.html.
- ↑ "ThinkVantage Technologies Deployment Guide". Lenovo. http://download.lenovo.com/ibmdl/pub/pc/pccbbs/thinkcentre_pdf/rr30mst.pdf.
- ↑ 100.0 100.1 For TrueCrypt containers
- ↑ "SecureDoc Product Information". WinMagic Inc.. http://www.winmagic.com/solutions/securedoc.html.
- ↑ optional by using -K OpenBSD Manual Pages: vnconfig(8)
- ↑ "Endpoint Encryption". http://docs.trendmicro.com/en-us/enterprise/endpoint-encryption.aspx.
- ↑ "Solutions for Solid-State Drives (SSD) - Endpoint Encryption". http://esupport.trendmicro.com/solution/en-US/1058686.aspx.
- ↑ "Support for smart card readers - Endpoint Encryption". http://esupport.trendmicro.com/solution/en-US/1059884.aspx.
- ↑ 106.0 106.1 106.2 "Operating Systems Supported for System Encryption". TrueCrypt Documentation. TrueCrypt Foundation. http://www.truecrypt.org/docs/?s=sys-encryption-supported-os.
- ↑ Although each volume encrypted with TrueCrypt can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (cf. TrueCrypt FAQ: Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?)
- ↑ "Operating Systems Supported for System Encryption". VeraCrypt Documentation. IDRIX. https://www.veracrypt.fr/en/Supported%20Systems%20for%20System%20Encryption.html.
- ↑ "Whole Hard Disk Encryption Software - BestCrypt Volume Encryption - Jetico Inc. Oy". http://www.jetico.com/data-protection-encryption-bestcrypt-volume-encryption-enterprise/.
- ↑ Within a VHD http://www.howtogeek.com/193013/how-to-create-an-encrypted-container-file-with-bitlocker-on-windows/
- ↑ dm-crypt can encrypt a file-based volume when used with the losetup utility included with all major Linux distributions
- ↑ yes, but the user needs custom scripts: http://www.linuxquestions.org/questions/slackware-14/luks-encryption-swap-and-hibernate-627958/
- ↑ Uses proprietary e-Capsule file system not exposed to the OS.
- ↑ 114.0 114.1 not technically part of FileVault, but provided by many versions of Mac OS X; can be enabled independently of FileVault
- ↑ http://macmarshal.com/images/Documents/mm_wp_102.pdf
- ↑ "Use FileVault to encrypt the startup disk on your Mac". http://support.apple.com/kb/HT4790?viewlocale=en_US&locale=en_US.
- ↑ 117.0 117.1 File-based volume encryption is possible when used with mdconfig(8) utility.
- ↑ "Control Break International Debuts SafeBoot Version 4.27". September 2004. http://connection.ebscohost.com/c/articles/14197489/control-break-international-debuts-safeboot-version-4-27.
- ↑ http://www.openbsd.org/plus38.html OpenBSD 3.8 change notes
- ↑ however, not Windows UEFI-based computers with a GUID partition table (GPT)
- ↑ LRW issue
- ↑ Containers created with ArchiCrypt Live version 5 use LRW
- ↑ "New features in BestCrypt version 8". Jetico. http://www.jetico.com/bc8_web_help/html/03_new_features/01_new_features.htm.
- ↑ "New features in version 2". Jetico. http://www.jetico.com/bcve_web_help/html/01_introduction/04_new_in_version.htm.
- ↑ 125.0 125.1 Niels Fergusson (August 2006). AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista. Microsoft. http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf. Retrieved 2008-02-22.
- ↑ "man 4 cgd in NetBSD-current". NetBSD current manual page on CGD. 2006-03-11. http://netbsd.gw.com/cgi-bin/man-cgi?cgd+4+NetBSD-current.
- ↑ 127.0 127.1 Containers created with TrueCrypt versions 1.0 through 4.0 use CBC.
- ↑ 128.0 128.1 Containers created with TrueCrypt versions 4.1 through 4.3a use LRW, and support CBC for opening legacy containers only.
- ↑ Containers created with CipherShed or TrueCrypt versions 5.0+ use XTS, and support LRW/CBC for opening legacy containers only.
- ↑ Starting with Linux kernel version 2.6.20, CryptoAPI supports the LRW mode: https://lwn.net/Articles/213650/
- ↑ "cryptsetup - manage plain dm-crypt and LUKS encrypted volumes". 2018-01-01. https://man.cx/?page=cryptsetup(8).
- ↑ "OS X Lion: About FileVault 2". http://support.apple.com/kb/HT4790.
- ↑ "Linux/BSD disk encryption comparison". http://mareichelt.de/pub/notmine/linuxbsd-comparison.html.
- ↑ Pawel Jakub Dawidek (2006-06-08). "Data authentication for geli(8) committed to HEAD.". https://docs.freebsd.org/cgi/getmsg.cgi?fetch=326862+0+archive/2006/freebsd-current/20060611.freebsd-current.
- ↑ For Scramdisk containers
- ↑ For TrueCrypt 4 containers
- ↑ For TrueCrypt 5 and 6 containers
- ↑ "'CVS: cvs.openbsd.org: src' - MARC". http://marc.info/?l=openbsd-cvs&m=121302798322835&w=2.
- ↑ Containers created with TrueCrypt versions 5.0 or later use XTS, and support LRW/CBC for opening legacy containers only.
External links
- DiskCryptor vs Truecrypt – Comparison between DiskCryptor and TrueCrypt
- Buyer's Guide to Full Disk Encryption – Overview of full-disk encryption, how it works, and how it differs from file-level encryption
Original source: https://en.wikipedia.org/wiki/Comparison of disk encryption software.
Read more |