sign in sign up
<<
Home , BestCrypt, Cryptoloop, DiskCryptor, Disk encryption software, E4M, ECryptfs

Comparison of 1 Comparison of disk

This is a technical feature comparison of different .

Background information

Name Developer First released Licensing Maintained?

ArchiCrypt Live Softwaredevelopment Remus ArchiCrypt 1998 Proprietary Yes

[1] BestCrypt Jetico 1993 Proprietary Yes

BitArmor DataControl BitArmor Systems Inc. 2008-05 Proprietary Yes

BitLocker Drive Encryption Microsoft 2006 Proprietary Yes

Bloombase Keyparc Bloombase 2007 Proprietary Yes

[2] CGD Roland . Dowdeswell 2002-10-04 BSD Yes

CenterTools DriveLock CenterTools 2008 Proprietary Yes

[3][4][5] Check Point Full Disk Encryption Check Point Software Technologies Ltd 1999 Proprietary Yes

[6] CrossCrypt Steven Scherrer 2004-02-10 GPL No

Cryptainer Cypherix (Secure-Soft India) ? Proprietary Yes

CryptArchiver WinEncrypt ? Proprietary Yes

[7] ? 2003-07-02 GPL No

cryptoMill SEAhawk Proprietary Yes

Discryptor Cosect Ltd. 2008 Proprietary Yes

DiskCryptor ntldr 2007 GPL Yes

DISK Protect Becrypt Ltd 2001 Proprietary Yes

[8] cryptsetup/dmsetup Christophe Saout 2004-03-11 GPL Yes

[9] dm-crypt/LUKS Clemens Fruhwirth (LUKS) 2005-02-05 GPL Yes

DriveCrypt SecurStar GmbH 2001 Proprietary Yes

DriveSentry GoAnywhere 2 DriveSentry 2008 Proprietary Yes

[10] Paul Le Roux 1998-12-18 Open source No

e-Capsule Private Safe EISST Ltd. 2005 Proprietary Yes

Dustin Kirkland, Tyler Hicks, (formerly [11] eCryptfs 2005 GPL Yes Mike Halcrow)

FileVault Apple Inc. 2003-10-24 Proprietary Yes

FileVault 2 Apple Inc. 2011-7-20 Proprietary Yes

FinallySecure Enterprise SECUDE 2006 Proprietary Yes (SECUDE)

FREE CompuSec CE-Infosys 2002 Proprietary Yes

[12] FreeOTFE Sarah Dean 2004-10-10 Open source Yes

[13] GBDE Poul-Henning Kamp 2002-10-19 BSD Yes Comparison of disk encryption software 2

[14] Pawel Jakub Dawidek 2005-04-11 BSD Yes

KryptOS The MorphOS Development Team 2010 Proprietary Yes

loop-AES Jari Ruusu 2001-04-11 GPL Yes

n-Crypt Pro n-Trance Security Ltd 2005 Proprietary Yes

[15] PGPDisk PGP Corporation 1998-09-01 Proprietary Yes

[16] Dekart 1993 Proprietary Yes

R-Crypto R-Tools Technology Inc 2008 Proprietary Yes

McAfee Endpoint Encryption McAfee, Inc. [17] 2007 Proprietary Yes (SafeBoot)

[18] SafeGuard Easy Sophos (Utimaco) 1993 Proprietary Yes

[19] SafeGuard Enterprise Sophos (Utimaco) 2007 Proprietary Yes

[20] SafeGuard PrivateDisk Sophos (Utimaco) 2000 Proprietary Yes

SafeHouse Professional PC Dynamics, Inc. 1992 Proprietary Yes

Scramdisk Shaun Hollingworth 1997-07-01 Open source No

[21] Scramdisk 4 Hans-Ulrich Juettner 2005-08-06 GPL Yes

SecuBox Aiko Solutions 2007-02-19 Proprietary Yes

SECUDE Secure Notebook SECUDE 2003 Proprietary Yes

SecureDoc WinMagic Inc. 1997 Proprietary Yes

[22] SoftWinter 1998 Proprietary Yes

[23] softraid / RAID C OpenBSD 2007-11-01 BSD Yes

SpyProof! Information Security Corp. 2002 Proprietary Yes

[24] svnd / vnconfig OpenBSD 2000-12-01 BSD Yes

Symantec Endpoint Encryption Symantec Corporation 2008 Proprietary Yes

[25] TrueCrypt Foundation 2004-02-02 Proprietary TrueCrypt TrueCrypt [26] Yes License 3.0

Aloaha Secure Stick Aloaha 2008 Proprietary Yes

Name Developer First released Licensing Maintained?

Operating systems Comparison of disk encryption software 3

Name Windows Pre-Windows Windows FreeBSD Linux Mac NetBSD OpenBSD DragonFly NT-based NT Mobile/Pocket OS X BSD PC

ArchiCrypt Live Yes No No No No No No No No

BestCrypt Yes Yes No No Yes Yes No No No

BitArmor DataControl Yes No No No No No No No No

BitLocker Drive Yes No No No No No No No No Encryption

Bloombase Keyparc Yes Yes No No Yes Yes No No No

CenterTools DriveLock Yes No No No No No No No No

CGD No No No No No No Yes No No

Check Point Full Disk Yes No Yes No Yes Yes No No No Encryption

CrossCrypt Yes No No No No No No No No

[27] Cryptainer Yes No Yes No No No No No No

CryptArchiver Yes No No No No No No No No

[28] cryptoloop Yes No No No Yes No No No No

Discryptor Yes No No No No No No No No

DiskCryptor Yes No No No No No No No No

DISK Protect Yes No No No No No No No No

[28] cryptsetup/dmsetup Yes No No No Yes No No No Yes

[28] [29] dm-crypt/LUKS Yes No Yes No Yes No No No Yes

DriveCrypt Yes No No No No No No No No

DriveSentry Yes No No No No No No No No GoAnywhere 2

E4M Yes Yes No No No No No No No

e-Capsule Private Safe Yes No No No No No No No No

eCryptfs No No No Yes Yes No No No No

FileVault No No No No No Yes No No No

FileVault 2 No No No No No Yes No No No

FREE CompuSec Yes No No No Yes No No No No

[30] FreeOTFE Yes No Yes No Partial No No No No

GBDE No No No Yes No No No No No

GELI No No No Yes No No No No No

loop-AES No No No No Yes No No No No

n-Crypt Pro Yes No No No No No No No No

PGPDisk Yes No No No No Yes No No No

PGP Whole Disk Yes No No No Yes Yes No No No Encryption

Private Disk Yes Yes No No No No No No No Comparison of disk encryption software 4

R-Crypto Yes No No No No No No No No

McAfee Endpoint Yes No [31] No No Yes No No No Encryption (SafeBoot) Yes

SafeGuard Easy Yes No No No No No No No No

SafeGuard Enterprise Yes No No No No Yes No No No

SafeGuard PrivateDisk Yes No No No No No No No No

SafeHouse Professional Yes Yes No No No No No No No

Scramdisk Yes Yes No No Yes No No No No

Scramdisk 4 Linux No No No No Yes No No No No

SecuBox No No Yes No No No No No No

FinallySecure Yes No No No No No No No No Enterprise (SECUDE)

SecureDoc Yes No No No Yes Yes No No No

Sentry 2020 Yes No No No No No No No No

softraid / RAID C No No No No No No No Yes No

SpyProof! Yes No No No No No No No No

svnd / vnconfig No No No No No No No Yes No

Symantec Endpoint Yes No No No No No No No No Encryption

[32] TrueCrypt Yes No No No Yes Yes No No No

Aloaha Secure Stick Yes No No No No No No No No

Name Windows Pre-Windows Windows FreeBSD Linux Mac NetBSD OpenBSD DragonFly NT-based NT Mobile/Pocket OS X BSD PC

Features • Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established)[33] can be created for . Note that some modes of operation like CBC with a plain IV can be more prone to watermarking attacks than others. • Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk. • Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications. • Multiple keys: Whether an encrypted volume can have more than one active key. • Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2. • Hardware acceleration: Whether dedicated cryptographic accelerator expansion cards can be taken advantage of. • Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor. • Filesystems: what filesystems are supported. • Two-factor authentication: Whether optional security tokens (hardware security modules, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11) Comparison of disk encryption software 5

Name Hidden Pre-boot Custom Multiple keys Passphrase Hardware TPM Filesystems Two-factor containers authentication authentication strengthening acceleration authentication

[34] [34][35] [34][36] ArchiCrypt Live Yes No No Yes No No No ? Yes

BestCrypt Any [37] [38] Yes Yes No Yes Yes Yes Yes supported Yes by OS

BitArmor NTFS, DataControl FAT32 on No Yes No Yes Yes No No No non-system volumes

BitLocker Drive [39] [40] [41] [42] [41] Chiefly [44] No Yes Yes Yes Yes Yes Yes [43] Yes Encryption NTFS

Bloombase No No Yes Yes Yes Yes No ? ? Keyparc

CGD Any [45] [46] [45] [] No No Yes Yes Yes No No supported Yes by OS

CenterTools Any DriveLock No Yes No No Yes No No supported Yes by OS

Check Point Full ? Yes Yes Yes Yes ? ? ? Yes Disk Encryption

CrossCrypt No No No No No No No ? No

CryptArchiver No No No No ? No No ? ?

cryptoloop Any [47] No Yes Yes No No Yes No supported ? by OS

DiskCryptor Any [48] [48] No Yes Yes No Yes Yes No supported Yes by OS

[49] [49] DISK Protect ? Yes ? Yes ? ? No ? ?

cryptsetup/dmsetup Any [47] No Yes Yes No No Yes No supported No by OS

dm-crypt/LUKS Any [47] No Yes Yes Yes Yes Yes No supported Yes by OS

[50] DriveCrypt Yes Yes No Yes Yes No No ? Yes

DriveSentry Any GoAnywhere 2 No No Yes No Yes No ? supported Yes by OS

E4M No No No No ? No No ? No

e-Capsule Private [51] No No [] No Yes No ? ? Safe Yes Yes

[52] eCryptfs No No Yes Yes Yes Yes Yes Yes Yes Comparison of disk encryption software 6

FileVault ? HFS+, Two [53] No No No [53] Yes No possibly No passwords others

FileVault 2 HFS+, [54] No Yes No Yes Yes Yes No possibly No others

FREE CompuSec Any No Yes No No No No No supported No by OS

FreeOTFE Any [55] [56] Yes No Yes Yes Yes No No supported Yes by OS

GBDE Any [57] [58] [58] [57] No No Yes Yes No No No supported Yes by OS

GELI Any [57] [59] [59] [57] No Yes Yes Yes Yes Yes No supported Yes by OS

GuardianEdge NTFS, Hard Disk No Yes Yes Yes Yes No No Yes FAT32 Encryption

loop-AES Any [60] [60] [60] [60] [60] [61] No Yes Yes Yes Yes Yes No supported Yes by OS

[62] n-Crypt Pro No No No No N/A No No ? ?

[63] [64] PGPDisk No Yes ? Yes Yes ? Yes ? Yes

Private Disk Any No No No Yes Yes No No supported Yes by OS

R-Crypto Any ? No ? ? ? ? ? supported ? by OS

McAfee Endpoint Any [65] Encryption Yes Yes Yes Yes Yes Yes Yes supported Yes (SafeBoot) by OS

SafeGuard Easy Any [66] No Yes No Yes Yes No Yes supported Yes by OS

SafeGuard Any [66] Enterprise No Yes No Yes Yes No Yes supported Yes by OS

SafeGuard Any [67] PrivateDisk No N/A No Yes Yes No Yes supported Yes by OS

SafeHouse Any Professional No No Yes Yes Yes No No supported Yes by OS

Scramdisk Last update to Yes No No No No No No ? web site 2009-07-02 Comparison of disk encryption software 7

Scramdisk 4 Linux , , , [68] No No No [68] No No No Yes Yes , , vfat/msdos

SecuBox No No No No Yes No No ? No

FinallySecure Enterprise No Yes Yes No Yes No Yes ? Yes (SECUDE)

[69] SecureDoc No Yes Yes Yes Yes Yes Yes ? Yes

Sentry 2020 No No No No No No No ? No

softraid / RAID C Any No No ? ? ? Yes ? supported ? by OS

svnd / vnconfig Any [70] No No No No Yes Yes ? supported ? by OS

Symantec NTFS, Endpoint No Yes Yes Yes Yes No No Yes FAT32 Encryption

TrueCrypt Yes (limited to yes with Any only on one per [71] No multiple Yes Yes No supported Yes Windows [72][73] "outer" keyfiles by OS container)

Aloaha Secure NTFS, Yes No Yes Yes No No No Yes Stick FAT32

Name Hidden Pre-boot Custom Multiple keys Passphrase Hardware TPM Filesystems Two-factor containers authentication authentication strengthening acceleration authentication

[1] "Jetico Company Info" (http:/ / www. jetico. com/ company. htm). Jetico. . Retrieved 2007-01-05.

[2] Roland Dowdeswell (2002-10-04). "CryptoGraphic Disk" (http:/ / mail-index. netbsd. org/ current-users/ 2002/ 10/ 04/ 0008. html). mailing list announcement. . Retrieved 2007-01-14. [3] Original release as Protect Data Security Inc.'s "Protect!style="background: #ececec; color: black; font-weight: bold; vertical-align: middle;

text-align: left; " class="table-rh"|" "Protect guards laptop and desktop data" (http:/ / www. infoworld. com/ cgi-bin/ displayArchive. pl?/ 99/

25/ c05-25. 48. htm). . Retrieved 2008-09-03.

[4] Company and product name change to Pointsec "Protect Data Security Inc. changes name to Pointsec Mobile Technologies Inc." (http:/ / web.

archive. org/ web/ 20040820174918/ www. pointsec. com/ news/ news. asp?newsid=85). Archived from the original (http:/ / www. pointsec.

com/ news/ news. asp?newsid=85) on 2004-08-20. . Retrieved 2008-09-03.

[5] "Check Point Completes the Offer for Protect Data with Substantial Acceptance of 87.1 Percent" (http:/ / www. checkpoint. com/ press/ 2007/

protectdataacquisition011107. html). . Retrieved 2008-09-03.

[6] Sarah Dean (2004-02-10). "OTFEDB entry" (http:/ / otfedb. sdean12. org/ cgi-bin/ pub_factsheet. cgi?SYSTEM_ID=46). . Retrieved 2008-08-10.

[7] Initial cryptoloop patches for the Linux 2.5 development kernel: http:/ / uwsg. iu. edu/ hypermail/ linux/ kernel/ 0307. 0/ 0348. html

[8] dm-crypt was first included in Linux kernel version 2.6.4: http:/ / lwn. net/ Articles/ 75404/

[9] Clemens Fruhwirth. "LUKS version history" (http:/ / luks. endorphin. org/ dm-crypt). . Retrieved 2006-12-24.

[10] "archived E4M documentation" (http:/ / web. archive. org/ web/ 20000524061402/ www. e4m. net/ news. html). Archived from the original

(http:/ / www. e4m. net/ news. html) on 2000-05-24. .).

[11] "eCryptfs" (http:/ / . . net). . Retrieved 2008-04-29.

[12] "FreeOTFE version history" (http:/ / web. archive. org/ web/ 20061207224351/ http:/ / www. . org/ docs/ version_history.

htm#version_history). Archived from the original (http:/ / www. freeotfe. org/ docs/ version_history. htm#version_history) on 2006-12-07. . Retrieved 2006-12-24.

[13] "(4) man page in FreeBSD 4.11" (http:/ / www. . org/ cgi/ man. cgi?query=gbde& apropos=0& sektion=4& manpath=FreeBSD+

5. 0-RELEASE& format=html). GBDE manual page as it appeared in FreeBSD 4.11. . Retrieved 2006-12-24. Comparison of disk encryption software 8

[14] "geli(8) man page in FreeBSD 6.0" (http:/ / www. freebsd. org/ cgi/ man. cgi?query=geli& apropos=0& sektion=0& manpath=FreeBSD+ 6.

0-RELEASE& format=html). GELI manual page as it first appeared in FreeBSD 6.0. . Retrieved 2006-12-24. [15] "[email protected] PGP 6.0 Freeware released- any int'l links? (news:6)". [news:comp.security.pgp comp.security.pgp].

(Web link) (http:/ / groups. google. com/ group/ comp. security. pgp/ msg/ da7ee135c5e99044). Retrieved 2007-01-04.

[16] "Dekart Encryption software timeline" (http:/ / www. lazybit. com/ index. php/ a/ 2007/ 04/ 19/ dekart_private_disk_timeline). Dekart. .

[17] "McAfee Endpoint Encryption" (http:/ / www. mcafee. com/ us/ enterprise/ products/ data_protection/ data_encryption/

endpoint_encryption. html). product description. McAfee. . Retrieved 2009-03-04.

[18] "SafeGuard Easy 4.5 Technical Whitepaper" (http:/ / www. sophos. com/ sophos/ docs/ eng/ factshts/ sophos-safeguard-easy-dsus. pdf). Utimaco. . Retrieved 2009-08-10.

[19] "SafeGuard Enterprise Technical Whitepaper" (http:/ / www. sophos. com/ sophos/ docs/ eng/ factshts/ sophos-safeguard-enterprise-dsus. pdf). Utimaco. . Retrieved 2009-08-10.

[20] Rebranded as ThinkVantage Client Security "ThinkVantage Technologies Deployment Guide" (ftp:/ / ftp. software. ibm. com/ pc/ pccbbs/

thinkcentre_pdf/ rr30mst. pdf). Lenovo. . Retrieved 2008-03-05.

[21] "ScramDisk 4 Linux Releases" (http:/ / sourceforge. net/ project/ showfiles. php?group_id=101952& package_id=109447). .

[22] "Sentry 2020 news" (http:/ / www. softwinter. com/ ). . Retrieved 2007-01-02.

[23] OpenBSD 4.2 change notes (http:/ / www. openbsd. org/ plus42. html)

[24] OpenBSD 2.8 change notes (http:/ / www. openbsd. org/ plus28. html)

[25] TrueCrypt version history (http:/ / www. . org/ docs/ ?s=version-history2)

[26] "TrueCrypt License" (http:/ / www. truecrypt. org/ legal/ license). . Retrieved 2012-02-01.

[27] (http:/ / cypherix. com/ downloads. htm) PocketPC freeware release- SmartPhone beta available

[28] (http:/ / www. freeotfe. org/ docs/ Main/ Linux_volumes. htm) FreeOTFE supports cryptoloop, dm-crypt/cryptsetup/dmsetup, and dm-crypt/LUKS volumes

[29] (http:/ / www. freeotfe. org/ docs/ Main/ Linux_volumes. htm) FreeOTFE4PDA supports dm-crypt/LUKS volumes

[30] (http:/ / www. freeotfe. org/ docs/ Main/ Linux_volumes. htm) Supports Linux volumes

[31] "Endpoint Encryption Datasheet" (http:/ / www. mcafee. com/ us/ enterprise/ products/ data_protection/ data_encryption/

endpoint_encryption. html). McAfee. . Retrieved 2010-06-14.

[32] (http:/ / www. truecrypt. org/ misc/ freebsd) Although TrueCrypt can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when TrueCrypt is attempted to be used

[33] (http:/ / www. jetico. com/ linux/ bcrypt-help/ c_hiddn. htm) Hidden containers description from Jetico (BestCrypt)

[34] Secret-containers and Camouflage files ArchiCrypt Live Description (http:/ / www. archicrypt-shop. com/ ArchiCrypt-Live. htm) [35] Supports "Guest" keys [36] Using "Archicrypt Card" [37] Supported by the BestCrypt container format; see BestCrypt SDK [38] Supported by the BestCrypt Volume Encryption software [39] With PIN or USB key)

[40] BitLocker Drive Encryption: Value Add Extensibility Options (http:/ / download. microsoft. com/ download/ a/ f/ 7/

af7777e5-7dcd-4800-8a0a-b18336565f5b/ BitLockerExt. doc)

[41] "BitLocker Drive Encryption Technical Overview" (http:/ / technet2. microsoft. com/ windowsserver2008/ en/ library/

ce4d5a2e-59a5-4742-89cc-ef9f5908b4731033. mspx?mfr=true). Microsoft. . Retrieved 2008-03-13. [42] Recovery keys only. [43] Windows 7 introduces Bitlocker-To-Go which supports NTFS, FAT32 or exFAT, however for hard drive encryption, and later are limited to be installable only on NTFS volumes [44] BitLocker can be used with a TPM PIN + external USB key for two-factor authentication

[45] Roland C. Dowdeswell, John Ioannidis. "The CryptoGraphic Disk Driver" (http:/ / www. imrryr. org/ ~elric/ cgd/ cgd. pdf) (PDF). CGD design paper. . Retrieved 2006-12-24.

[46] Federico Biancuzzi (2005-12-21). "Inside NetBSD's CGD" (http:/ / www. onlamp. com/ pub/ a/ bsd/ 2005/ 12/ 21/ netbsd_cgd. html?page=1). interview with Roland Dowdeswell. ONLamp.com. . Retrieved 2006-12-24. [47] dm-crypt and cryptoloop volumes can be mounted from the initrd before the system is booted

[48] "DiskCryptor Features" (http:/ / . net/ wiki/ Main_Page/ en). . Retrieved 2010-05-25.

[49] "DISK Protect 4.2 Data Sheet" (http:/ / www. becrypt. com/ us/ downloads/ DISK Protect 4. 2_US. pdf) (PDF). . Retrieved 2008-02-27.

[50] "DriveCrypt features" (http:/ / www. securstar. com/ products_drivecrypt. php). SecurStar GmbH. . Retrieved 2007-01-03.

[51] "Multi level access with separate access credentials, each enabling a different set of functional or logical operations" (http:/ / www. eisst.

com/ products/ private_safe/ compare/ ). EISST Ltd.. . Retrieved 2007-07-25. [52] uses the lower filesystem (stacking)

[53] Jacob Appelbaum, Ralf-Philipp Weinmann (2006-12-29) (PDF). Unlocking FileVault: An Analysis of Apple's disk encryption (http:/ /

events. ccc. de/ congress/ 2006/ Fahrplan/ attachments/ 1244-23C3VileFault. pdf). . Retrieved 2012-01-03.

[54] "Mac OS X 10.7 Lion: the Ars Technica review" (http:/ / arstechnica. com/ apple/ reviews/ 2011/ 07/ mac-os-x-10-7. ars/ 13). Ars Technica. 2011-07-20. . Retrieved 2012-01-03. [55] FreeOTFE has a modular architecture and set of components to allow 3rd party integration Comparison of disk encryption software 9

[56] FreeOTFE allows multiple keys to mount the same container file via encrypted keyfiles

[57] "FreeBSD Handbook: Encrypting Disk Partitions" (http:/ / www. freebsd. org/ doc/ en_US. ISO8859-1/ books/ handbook/ disks-encrypting. html). . Retrieved 2006-12-24.

[58] Poul-Henning Kamp. "GBDE - GEOM Based Disk Encryption" (http:/ / phk. freebsd. dk/ pubs/ bsdcon-03. gbde. paper. pdf) (PDF). GBDE design document. . Retrieved 2006-12-24.

[59] "geli(8) man page in FreeBSD-current" (http:/ / www. freebsd. org/ cgi/ man. cgi?query=geli& apropos=0& sektion=0&

manpath=FreeBSD+ 7-current& format=html). GELI manual page in current FreeBSD. . Retrieved 2006-12-24.

[60] Jari Ruusu. "loop-AES README file" (http:/ / loop-aes. sourceforge. net/ loop-AES. README). . Retrieved 2007-04-23. [61] Using customization [62] n-Crypt Pro does not use password authentication— biometric/USB dongle authentication only

[63] "PGP Whole Disk Encryption FAQ" (http:/ / www. pgp. com/ products/ wholediskencryption/ faq. html). PGP Corporation. . Retrieved 2006-12-24. [64] PGP private keys are always protected by strengthened passphrases [65] Endpoint Encryption (SafeBoot)ntel.com/cd/00/00/44/77/447708_447708.pdf "Intel Advanced Encryption Standard: New Instructions"

(http:/ / cache-www. iMcAfee). Intel. Endpoint Encryption (SafeBoot)ntel.com/cd/00/00/44/77/447708_447708.pdf. Retrieved 2010-06-15.

[66] "Embedded Security: Trusted Platform Module Technology Comes of Age" (http:/ / americas. utimaco. com/ encryption/

TPM-Technology-Comes-Of-Age. html). Utimaco. . Retrieved 2008-03-04.

[67] "ThinkVantage Technologies Deployment Guide" (http:/ / download. lenovo. com/ ibmdl/ pub/ pc/ pccbbs/ thinkcentre_pdf/ rr30mst. pdf). Lenovo. . Retrieved 2008-03-05. [68] For Truecrypt containers

[69] "SecureDoc Product Information" (http:/ / www. winmagic. com/ solutions/ securedoc. html). WinMagic Inc.. . Retrieved 2008-03-05.

[70] optional by using -K OpenBSD Manual Pages: vnconfig(8) (http:/ / www. openbsd. org/ cgi-bin/ man. cgi?query=vnconfig& sektion=8)

[71] http:/ / www. truecrypt. org/ docs/ sys-encryption-supported-os. php [72] Although each volume encrypted with TrueCrypt can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (cf. TrueCrypt FAQ: Is there a way for an administrator to reset a password when a user forgets it?)

[73] http:/ / www. truecrypt. org/ docs/ ?s=keyfiles

Layering • Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to "pre-boot authentication" in the features comparison table. • Partition: Whether individual disk partitions can be encrypted. • File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices). • Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly. • Hibernation file: Whether the hibernation file is encrypted (if hibernation is supported).

Name Whole disk Partition File Swap space Hibernation file

ArchiCrypt Live Yes (except for the boot Yes Yes No No volume)

[1] BestCrypt Yes Yes Yes Yes Yes

BitArmor DataControl No Yes No Yes Yes

BitLocker Drive Encryption Yes Yes Yes (except for the boot Yes No (parent volume is (parent volume is encrypted) volume) encrypted)

Bloombase Keyparc Yes Yes Yes Yes No

CenterTools DriveLock Yes Yes Yes Yes Yes

[45] CGD Yes Yes Yes Yes No

Check Point Full Disk Yes Yes ? Yes Yes Encryption Comparison of disk encryption software 10

CrossCrypt No No Yes No No

CryptArchiver No No Yes No No

cryptoloop Yes Yes Yes Yes No

DiskCryptor Yes Yes No Yes Yes

[2] [3] dm-crypt Yes Yes Yes Yes Yes

[50] [50] DriveCrypt Yes Yes Yes No No

DriveSentry GoAnywhere 2 No Yes Yes No No

E4M No Yes Yes No No

[4] e-Capsule Private Safe No No Yes No No

eCryptfs No No Yes No No

[53] [5][53] [5][6] FileVault No No Yes Yes Yes

[54] FileVault 2 No Yes No Yes Yes

FREE CompuSec Yes No Yes Yes Yes

FreeOTFE Yes (except for the boot Yes Yes No No volume)

[7] GBDE Yes Yes Yes Yes No

[7] GELI Yes Yes Yes Yes No

GuardianEdge Hard Disk Yes Yes Yes Yes Yes Encryption

[60] [60] [60] [60] loop-AES Yes Yes Yes Yes Yes

n-Crypt Pro Yes Yes Yes No No

PGPDisk Yes Yes Yes Yes only on Windows

Private Disk No No Yes No No

R-Crypto No No Yes No No

McAfee Endpoint Encryption Yes Yes Yes Yes [8] (SafeBoot) Yes

SafeGuard Easy extra Each sector on disk is Yes Yes Yes module encrypted

SafeGuard Enterprise Each sector on disk is Yes Yes Yes Yes encrypted

SafeGuard PrivateDisk No No Yes No No

SafeHouse Professional No No Yes No No

Scramdisk No Yes Yes No No

Scramdisk 4 Linux Yes Yes Yes Yes No

SecuBox No No Yes N/A No

FinallySecure Enterprise Yes Yes Yes Yes Yes (SECUDE)

[69] SecureDoc Yes Yes Yes Yes Yes

Sentry 2020 No No Yes No No Comparison of disk encryption software 11

softraid / RAID C Yes (encrypted by default in Yes Yes No [9] No OpenBSD)

svnd / vnconfig Yes (encrypted by default in ? Yes Yes ? OpenBSD)

SpyProof! No Yes Yes No No

Symantec Endpoint Encryption Yes Yes Yes Yes Yes

[71] TrueCrypt Yes Yes Yes Yes only on Windows

Aloaha Secure Stick No No Yes No No

Cryptomill Yes N/A Yes N/A N/A

Name Whole disk Partition File Swap space Hibernation file

Modes of operation Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation. • CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks. • CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD). • CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details) • LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.[10] • XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWG (IEEE P1619) standard for disk encryption.

Name CBC w/ predictable IVs CBC w/ secret CBC w/ random LRW XTS IVs per-sector keys

[11] ArchiCrypt Live No No No Legacy support Yes

[12] [13] BestCrypt No Yes No Yes Yes

BitArmor DataControl No Yes Plumb-IV No No

[14] [14] BitLocker Drive Encryption No Yes No No No

Bloombase Keyparc ? Yes ? ? ?

[15] CGD No Yes No No No

CenterTools DriveLock ? ? ? ? ?

Check Point Full Disk ? ? ? ? ? Encryption

CrossCrypt Yes No No No No

CryptArchiver ? ? ? ? ?

cryptoloop Yes No No No No Comparison of disk encryption software 12

DiskCryptor No No No No Yes

dm-crypt Yes, using Yes, using Yes Yes No [16] *-lrw-benbi *-xts-plain

DriveCrypt ? ? ? ? ?

DriveSentry GoAnywhere 2 ? ? ? ? ?

E4M ? ? ? No No

e-Capsule Private Safe ? ? ? ? ?

eCryptfs No Yes ? No No

[53] FileVault Yes No No No No

[17] FileVault 2 No No No No Yes

FREE CompuSec Yes No No No No

FreeOTFE Yes Yes No Yes Yes

[58] GBDE No No Yes No No

[18] GELI No Yes No No Yes

GuardianEdge Hard Disk No No Yes No No Encryption

loop-AES single-key, multi-key-v2 multi-key-v3 [60] [60] No No No modes mode

n-Crypt Pro ? ? No No No

PGPDisk ? ? ? ? ?

Private Disk Yes No Yes No No

R-Crypto ? ? ? ? ?

McAfee Endpoint No Yes No No No Encryption (SafeBoot)

SafeGuard Easy ? ? ? ? ?

SafeGuard Enterprise ? ? ? ? ?

SafeGuard PrivateDisk ? ? ? ? ?

SafeHouse Professional Yes No No No No

Scramdisk No Yes No No No

[68] [68] [68] Scramdisk 4 Linux No Yes No Yes Yes

SecuBox Yes No No No No

FinallySecure Enterprise ? ? ? ? ? (SECUDE)

SecureDoc ? ? ? ? ?

Sentry 2020 ? ? ? ? ?

[19] softraid / RAID C ? ? ? ? Yes

svnd / vnconfig ? ? ? ? ?

Symantec Endpoint No No Yes No No Encryption Comparison of disk encryption software 13

[20] [21] [22] TrueCrypt Legacy support No No Legacy support Yes

Aloaha Secure Stick No No No Yes Yes

Name CBC w/ predictable IVs CBC w/ secret CBC w/ random LRW XTS IVs per-sector keys

Notes and references

[1] http:/ / www. jetico. com/ data-protection-encryption--volume-encryption-enterprise/ [2] dm-crypt can encrypt a file-based volume when used with the losetup utility included with all major Linux distributions

[3] yes, but the user needs custom scripts: http:/ / www. linuxquestions. org/ questions/ slackware-14/ luks-encryption-swap-and-hibernate-627958/ [4] Uses proprietary e-Capsule not exposed to the OS. [5] not technically part of FileVault, but provided by many versions of Mac OS X; can be enabled independently of FileVault

[6] http:/ / macmarshal. com/ images/ Documents/ mm_wp_102. pdf

[7] File-based volume encryption is possible when used with mdconfig(8) (http:/ / www. freebsd. org/ cgi/ man. cgi?query=mdconfig& sektion=8) utility.

[8] "Control Break Internation Debuts SafeBoot Version 4.27" (http:/ / www. entrepreneur. com/ tradejournals/ article/ 120829729. html). . Retrieved 2008-08-12.

[9] http:/ / www. openbsd. org/ plus38. html OpenBSD 3.8 change notes [10] LRW_issue [11] Containers created with ArchiCrypt Live version 5 use LRW

[12] "New features in BestCrypt version 8" (http:/ / www. jetico. com/ bc8_web_help/ html/ 03_new_features/ 01_new_features. htm). Jetico. . Retrieved 2007-03-02.

[13] "New features in version 2" (http:/ / www. jetico. com/ bcve_web_help/ html/ 01_introduction/ 04_new_in_version. htm). Jetico. . Retrieved 2009-03-01.

[14] Niels Fergusson (August 2006). AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista (http:/ / download.

microsoft. com/ download/ 0/ 2/ 3/ 0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/ BitLockerCipher200608. pdf). Microsoft. . Retrieved 2008-02-22.

[15] "man 4 cgd in NetBSD-current" (http:/ / netbsd. gw. com/ cgi-bin/ man-cgi?cgd+ 4+ NetBSD-current). NetBSD current manual page on CGD. 2006-03-11. . Retrieved 2006-12-24.

[16] Starting with Linux kernel version 2.6.20, CryptoAPI supports the LRW mode: http:/ / lwn. net/ Articles/ 213650/

[17] "OS X Lion: About FileVault 2" (http:/ / support. apple. com/ kb/ HT4790). . Retrieved 2011-1-3.

[18] "Linux/BSD disk encryption comparison" (http:/ / mareichelt. de/ pub/ notmine/ linuxbsd-comparison. html). . Retrieved 2006-12-24.

[19] Commit enabling AES XTS (http:/ / marc. info/ ?l=openbsd-cvs& m=121302798322835& w=2) [20] Containers created with TrueCrypt versions 1.0 through 4.0 use CBC. [21] Containers created with TrueCrypt versions 4.1 through 4.3a use LRW, and support CBC for opening legacy containers only. [22] Containers created with TrueCrypt versions 5.0 or later use XTS, and support LRW/CBC for opening legacy containers only.

External links

• On-The-Fly Encryption: A Comparison (http:/ / otfedb. sdean12. org/ ) - A much larger comparison of disk encryption software, sorted by OS Article Sources and Contributors 14 Article Sources and Contributors

Comparison of disk encryption software Source: http://en.wikipedia.org/w/index.php?oldid=483046577 Contributors: Afagelson, Alzadude, AniLoveBe, ArnoldReinhold, Athaba, Aughtandzero, Baonh, BobBagwill, Burns flipper, Cakruege, Cooldude7273, Cosect, Cralar, Cronopios, Davidbengtenglund, Deridian, Eagering, Edificant, Edrarsoric, Elric imrryr.org, Engst03, Erth64net, Exlade, Eyakovlev, FT2, Family Guy Guy, FleetCommand, Floptimusprime, Foxius, Gadget850, Gr.wiki, Gr8dude, H8gaR, Haakon, Hashproduct, Hholst, Ido50, Infosyssg, Intgr, Irky, JForget, Jengelh, Jhartmann, John Yesberg, Judsonp, Kasperd, KillerCommz, Kimchi.sg, Knguyeniii, Kvi83, LinuxAngel, Lisfire, Masgatotkaca, Mbor, Mcannella, Mdwh, MichaelPloujnikov, Mike A Quinn, Mirrakor, Moonradar, Moziru, Nichlas, Nickp99, Nuwewsco, OlavN, P6910, Pabj, Pabouk, ParanoidMike, Pavritch, Pgruntkowski, R0mashka1, Raftermast, Reisio, Rich Farmbrough, Rina Fey, Rjwilmsi, Ronz, SGGH, SafeBoot, Shtraue, Snorgy, Socrates2008, Splitmode, Spoon!, Stephenchou0722, Timmaliyil, Tmaliyil, Toddst1, Trasz, Tschink, Unschool, Utimaco, Wererooster, Woken Wanderer, XFireRaidX, Xnquist, Yarikoptic, Zollerriia, Zurtitto, 260 anonymous edits License

Creative Commons Attribution-Share Alike 3.0 Unported //creativecommons.org/licenses/by-sa/3.0/