Comparison of disk encryption software
Encyclopedia
Background information
| Name | Developer | First released | Licensing | Maintained? |
|---|---|---|---|---|
| ArchiCrypt Live | Softwaredevelopment Remus ArchiCrypt | 1998 | ||
| BestCrypt BestCrypt BestCrypt is a commercial disk encryption program for Windows and Linux, developed by Jetico.-Features:* BestCrypt can create and mount an encrypted virtual drive using AES, Blowfish, Twofish, CAST, and various other encryption methods... |
Jetico | 1993 | ||
| BitArmor DataControl | BitArmor Systems Inc. BitArmor BitArmor Systems Inc. was a firm based in the Gateway Center of downtown Pittsburgh, Pennsylvania. Founded in 2003 by two Carnegie Mellon University alumni, BitArmor sold software-based encryption and data management technologies... |
2008-05 | ||
| BitLocker Drive Encryption BitLocker Drive Encryption BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by... |
Microsoft Microsoft Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions... |
2006 | ||
| Bloombase Keyparc | Bloombase | 2007 | ||
| CGD | Roland C. Dowdeswell | 2002-10-04 | ||
| CenterTools DriveLock | CenterTools | 2008 | ||
| Check Point Full Disk Encryption | Check Point Software Technologies Ltd Check Point Check Point Software Technologies Ltd. is a global provider of IT security solutions. Best known for its firewall and VPN products, Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology... |
1999 | ||
| CrossCrypt CrossCrypt CrossCrypt is an open-source on-the-fly encryption program for the Microsoft Windows XP/2000 operating systems. CrossCrypt allows a user to make virtual drives which encrypt any files stored on them, making the encryption process completely seamless to the user.CrossCrypt is based on FileDisk,... |
Steven Scherrer | 2004-02-10 | ||
| Cryptainer | Cypherix (Secure-Soft India) | |||
| CryptArchiver | WinEncrypt | |||
| cryptoloop Cryptoloop Cryptoloop is a disk encryption module for Linux which relies on the Crypto API in the 2.6 Linux kernel series. It was first introduced in the 2.5.x kernel series... |
2003-07-02 | |||
| cryptoMill | SEAhawk | |||
| Discryptor | Cosect Ltd. | 2008 | ||
| DiskCryptor DiskCryptor DiskCryptor is the first open source full disk encryption system for MS Windows that allows the encryption of an entire PC's harddrive or individual partitions – including the ability to encrypt the partition and disk on which the OS is installed.... |
ntldr | 2007 | ||
| DISK Protect | Becrypt Ltd | 2001 | ||
| dm-crypt Dm-crypt dm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API... /cryptsetup |
Christophe Saout | 2004-03-11 | ||
| dm-crypt Dm-crypt dm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API... /LUKS |
Clemens Fruhwirth (LUKS) | 2005-02-05 | ||
| DriveCrypt | SecurStar GmbH | 2001 | ||
| DriveSentry DriveSentry DriveSentry is an antivirus program, developed by DriveSentry Inc, to protect Microsoft Windows users from malware. It is available free for personal use, though with restricted functionality.- Company overview :... GoAnywhere 2 |
DriveSentry | 2008 | ||
| E4M E4M Encryption for the Masses is a free disk encryption software for Windows NT/9x/Me. E4M is no longer maintained; its author, Paul Le Roux, joined Shaun Hollingworth to produce E4M's commercial successor, DriveCrypt.... |
Paul Le Roux | 1998-12-18 | ||
| e-Capsule Private Safe | EISST Ltd. | 2005 | ||
| eCryptfs ECryptfs eCryptfs is a POSIX-compliant encrypted filesystem that has been part of the mainline Linux Kernel since version 2.6.19. The eCryptfs package has been included in Ubuntu since version 9.04... |
Dustin Kirkland, Tyler Hicks, (formerly Mike Halcrow) | 2005 | ||
| FileVault FileVault FileVault is a system which encrypts files on a Macintosh computer. It can be found in the Mac OS X v10.4 "Tiger" operating system and later.... |
Apple Inc. | 2003-10-24 | ||
| FinallySecure Enterprise (SECUDE) | SECUDE SECUDE SECUDE is a developer of IT-security software solutions and services.-Company Profile:The company was founded in 1996 out of a partnership between SAP AG and the Fraunhofer Institute, Germany. In January 2011, SECUDE sold its security software, identity and access management software and relevant... |
2006 | ||
| FREE CompuSec | CE-Infosys | 2002 | ||
| FreeOTFE FreeOTFE FreeOTFE is an open source on-the-fly disk encryption computer program for PCs running Microsoft Windows, and personal digital assistants running Windows Mobile . It creates virtual drives, or disks, to which anything written is automatically encrypted before being stored on a computer's hard or... |
Sarah Dean | 2004-10-10 | ||
| GBDE GBDE GBDE, standing for GEOM Based Disk Encryption, is a block device-layer disk encryption system written for FreeBSD, initially introduced in version 5.0. It is based on the GEOM disk framework. GBDE was designed and implemented by Poul-Henning Kamp and Network Associates Inc... |
Poul-Henning Kamp Poul-Henning Kamp Poul-Henning Kamp is a Danish FreeBSD developer, responsible for implementation of the widely used MD5 password hash algorithm, a vast quantity of systems code, including the FreeBSD GEOM storage layer, GBDE cryptographic storage transform, part of the UFS2 file system implementation, FreeBSD... |
2002-10-19 | ||
| GELI Geli (software) geli is a block device-layer disk encryption system written for FreeBSD, introduced in version 6.0. It utilises the GEOM disk framework. It was designed and implemented by Pawel Jakub Dawidek.- Design details :... |
Pawel Jakub Dawidek | 2005-04-11 | ||
| KryptOS | The MorphOS Development Team | 2010 | ||
| loop-AES | Jari Ruusu | 2001-04-11 | ||
| n-Crypt Pro | n-Trance Security Ltd | 2005 | ||
| PGPDisk PGPDisk PGP Virtual Disk is an on-the-fly encryption system that allows one to create a virtual encrypted disk within a file.Older versions for Windows NT were freeware . These are still available for download, but no longer maintained... |
PGP Corporation PGP Corporation PGP Corporation, co-founded by Jon Callas and Phil Dunkelberger, is based in Menlo Park, California. PGP Corporation was funded by Rob Theis, General Partner, Doll Capital Management and Terry Garnett, General Partner, Venrock Associates. The company is the current owner of the Pretty Good Privacy... |
1998-09-01 | ||
| Private Disk Private Disk -Overview:Private Disk is a disk encryption application for the Microsoft Windows operating system, developed by Dekart SRL. It works by creating a virtual drive, the contents of which is encrypted on-the-fly; other software can use the drive as if it were a usual one.One of Private Disk's key... |
Dekart | 1993 | ||
| R-Crypto | R-Tools Technology Inc | 2008 | ||
| McAfee Endpoint Encryption (SafeBoot) | McAfee, Inc. | 2007 | ||
| SafeGuard Easy | Sophos Sophos Sophos is a developer and vendor of security software and hardware, including anti-virus, anti-spyware, anti-spam, network access control, encryption software and data loss prevention for desktops, servers, email systems and other network gateways.... (Utimaco) |
1993 | ||
| SafeGuard Enterprise | Sophos Sophos Sophos is a developer and vendor of security software and hardware, including anti-virus, anti-spyware, anti-spam, network access control, encryption software and data loss prevention for desktops, servers, email systems and other network gateways.... (Utimaco) |
2007 | ||
| SafeGuard PrivateDisk |
Sophos Sophos Sophos is a developer and vendor of security software and hardware, including anti-virus, anti-spyware, anti-spam, network access control, encryption software and data loss prevention for desktops, servers, email systems and other network gateways.... (Utimaco) |
2000 | ||
| SafeHouse Professional | PC Dynamics, Inc. | 1992 | ||
| Scramdisk Scramdisk Scramdisk is a free On-the-fly encryption program for Windows 95, Windows 98, and Windows Me. A non-free version was also available for Windows NT.... |
Shaun Hollingworth | 1997-07-01 | ||
| Scramdisk Scramdisk Scramdisk is a free On-the-fly encryption program for Windows 95, Windows 98, and Windows Me. A non-free version was also available for Windows NT.... 4 Linux |
Hans-Ulrich Juettner | 2005-08-06 | ||
| SecuBox | Aiko Solutions | 2007-02-19 | ||
| SECUDE Secure Notebook | SECUDE SECUDE SECUDE is a developer of IT-security software solutions and services.-Company Profile:The company was founded in 1996 out of a partnership between SAP AG and the Fraunhofer Institute, Germany. In January 2011, SECUDE sold its security software, identity and access management software and relevant... |
2003 | ||
| SecureDoc | WinMagic Inc. | 1997 | ||
| Sentry 2020 Sentry 2020 Sentry 2020 is a commercial software program for "on the fly" disk encryption for PC and PDA. It has two compatible versions, one for desktop Windows and one for Windows Mobile which allows using the same encrypted volume on both platforms.-See also:... |
SoftWinter | 1998 | ||
| softraid / RAID C | OpenBSD | 2007-11-01 | ||
| SpyProof | Information Security Corp. | 2002 | ||
| svnd / vnconfig | OpenBSD | 2000-12-01 | ||
| Symantec Symantec Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:... Endpoint Encryption |
Symantec Corporation Symantec Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:... |
2008 | ||
| TrueCrypt TrueCrypt TrueCrypt is a software application used for on-the-fly encryption . It is free and open source. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device .- Operating systems :TrueCrypt supports Microsoft Windows, Mac OS X, and... |
TrueCrypt Foundation | 2004-02-02 | ||
| Aloaha Aloaha Aloaha is a privately owned company with offices in Ibbenbueren, Germany. Their document and security products have been used extensively in various areas.- Overwiew :Aloaha manufactures a range of secure USB flash drives in sizes ranging from 4 GB to 32 GB... Secure Stick |
Aloaha Aloaha Aloaha is a privately owned company with offices in Ibbenbueren, Germany. Their document and security products have been used extensively in various areas.- Overwiew :Aloaha manufactures a range of secure USB flash drives in sizes ranging from 4 GB to 32 GB... |
2008 | ||
| Name | Developer | First released | Licensing | Maintained? |
Operating systems
| Name | Windows NT Windows NT Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement... -based |
Pre-Windows NT Windows NT Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement... |
Windows Mobile Windows Mobile Windows Mobile is a mobile operating system developed by Microsoft that was used in smartphones and Pocket PCs, but by 2011 was rarely supplied on new phones. The last version is "Windows Mobile 6.5.5"; it is superseded by Windows Phone, which does not run Windows Mobile software.Windows Mobile is... /Pocket PC Pocket PC A Pocket PC is also known by Microsoft as a 'Windows Mobile Classic device'. It is a hardware specification for a handheld-sized computer, personal digital assistant , that runs the Microsoft 'Windows Mobile Classic' operating system... |
FreeBSD FreeBSD FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant... |
Linux Linux Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds... |
Mac OS X Mac OS X Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems... |
NetBSD NetBSD NetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,... |
OpenBSD OpenBSD OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995... |
DragonFly BSD DragonFly BSD DragonFly BSD is a free Unix-like operating system created as a fork of FreeBSD 4.8. Matthew Dillon, an Amiga developer in the late 1980s and early 1990s and a FreeBSD developer between 1994 and 2003, began work on DragonFly BSD in June 2003 and announced it on the FreeBSD mailing lists on July... |
|---|---|---|---|---|---|---|---|---|---|
| ArchiCrypt Live | |||||||||
| BestCrypt BestCrypt BestCrypt is a commercial disk encryption program for Windows and Linux, developed by Jetico.-Features:* BestCrypt can create and mount an encrypted virtual drive using AES, Blowfish, Twofish, CAST, and various other encryption methods... |
|||||||||
| BitArmor DataControl | |||||||||
| BitLocker Drive Encryption BitLocker Drive Encryption BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by... |
|||||||||
| Bloombase Keyparc | |||||||||
| CenterTools DriveLock | |||||||||
| CGD | |||||||||
| Check Point Full Disk Encryption | |||||||||
| CrossCrypt CrossCrypt CrossCrypt is an open-source on-the-fly encryption program for the Microsoft Windows XP/2000 operating systems. CrossCrypt allows a user to make virtual drives which encrypt any files stored on them, making the encryption process completely seamless to the user.CrossCrypt is based on FileDisk,... |
|||||||||
| Cryptainer | |||||||||
| CryptArchiver | |||||||||
| cryptoloop Cryptoloop Cryptoloop is a disk encryption module for Linux which relies on the Crypto API in the 2.6 Linux kernel series. It was first introduced in the 2.5.x kernel series... |
|||||||||
| Discryptor | |||||||||
| DiskCryptor DiskCryptor DiskCryptor is the first open source full disk encryption system for MS Windows that allows the encryption of an entire PC's harddrive or individual partitions – including the ability to encrypt the partition and disk on which the OS is installed.... |
|||||||||
| DISK Protect | |||||||||
| dm-crypt Dm-crypt dm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API... /cryptsetup |
|||||||||
| dm-crypt Dm-crypt dm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API... /LUKS |
|||||||||
| DriveCrypt | |||||||||
| DriveSentry DriveSentry DriveSentry is an antivirus program, developed by DriveSentry Inc, to protect Microsoft Windows users from malware. It is available free for personal use, though with restricted functionality.- Company overview :... GoAnywhere 2 |
|||||||||
| E4M E4M Encryption for the Masses is a free disk encryption software for Windows NT/9x/Me. E4M is no longer maintained; its author, Paul Le Roux, joined Shaun Hollingworth to produce E4M's commercial successor, DriveCrypt.... |
|||||||||
| e-Capsule Private Safe | |||||||||
| eCryptfs ECryptfs eCryptfs is a POSIX-compliant encrypted filesystem that has been part of the mainline Linux Kernel since version 2.6.19. The eCryptfs package has been included in Ubuntu since version 9.04... |
|||||||||
| FileVault FileVault FileVault is a system which encrypts files on a Macintosh computer. It can be found in the Mac OS X v10.4 "Tiger" operating system and later.... |
|||||||||
| FREE CompuSec | |||||||||
| FreeOTFE FreeOTFE FreeOTFE is an open source on-the-fly disk encryption computer program for PCs running Microsoft Windows, and personal digital assistants running Windows Mobile . It creates virtual drives, or disks, to which anything written is automatically encrypted before being stored on a computer's hard or... |
|||||||||
| GBDE GBDE GBDE, standing for GEOM Based Disk Encryption, is a block device-layer disk encryption system written for FreeBSD, initially introduced in version 5.0. It is based on the GEOM disk framework. GBDE was designed and implemented by Poul-Henning Kamp and Network Associates Inc... |
|||||||||
| GELI Geli (software) geli is a block device-layer disk encryption system written for FreeBSD, introduced in version 6.0. It utilises the GEOM disk framework. It was designed and implemented by Pawel Jakub Dawidek.- Design details :... |
|||||||||
| loop-AES | |||||||||
| n-Crypt Pro | |||||||||
| PGPDisk PGPDisk PGP Virtual Disk is an on-the-fly encryption system that allows one to create a virtual encrypted disk within a file.Older versions for Windows NT were freeware . These are still available for download, but no longer maintained... |
|||||||||
| PGP Whole Disk Encryption | |||||||||
| Private Disk Private Disk -Overview:Private Disk is a disk encryption application for the Microsoft Windows operating system, developed by Dekart SRL. It works by creating a virtual drive, the contents of which is encrypted on-the-fly; other software can use the drive as if it were a usual one.One of Private Disk's key... |
|||||||||
| R-Crypto | |||||||||
| McAfee Endpoint Encryption (SafeBoot) | |||||||||
| SafeGuard Easy | |||||||||
| SafeGuard Enterprise | |||||||||
| SafeGuard PrivateDisk | |||||||||
| SafeHouse Professional | |||||||||
| Scramdisk Scramdisk Scramdisk is a free On-the-fly encryption program for Windows 95, Windows 98, and Windows Me. A non-free version was also available for Windows NT.... |
|||||||||
| Scramdisk Scramdisk Scramdisk is a free On-the-fly encryption program for Windows 95, Windows 98, and Windows Me. A non-free version was also available for Windows NT.... 4 Linux |
|||||||||
| SecuBox | |||||||||
| FinallySecure Enterprise (SECUDE) | |||||||||
| SecureDoc | |||||||||
| Sentry 2020 Sentry 2020 Sentry 2020 is a commercial software program for "on the fly" disk encryption for PC and PDA. It has two compatible versions, one for desktop Windows and one for Windows Mobile which allows using the same encrypted volume on both platforms.-See also:... |
|||||||||
| softraid / RAID C | |||||||||
| SpyProof | |||||||||
| svnd / vnconfig | |||||||||
| Symantec Symantec Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:... Endpoint Encryption |
|||||||||
| TrueCrypt TrueCrypt TrueCrypt is a software application used for on-the-fly encryption . It is free and open source. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device .- Operating systems :TrueCrypt supports Microsoft Windows, Mac OS X, and... |
|||||||||
| Aloaha Aloaha Aloaha is a privately owned company with offices in Ibbenbueren, Germany. Their document and security products have been used extensively in various areas.- Overwiew :Aloaha manufactures a range of secure USB flash drives in sizes ranging from 4 GB to 32 GB... Secure Stick |
|||||||||
| Name | Windows NT Windows NT Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement... -based |
Pre-Windows NT Windows NT Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement... |
Windows Mobile Windows Mobile Windows Mobile is a mobile operating system developed by Microsoft that was used in smartphones and Pocket PCs, but by 2011 was rarely supplied on new phones. The last version is "Windows Mobile 6.5.5"; it is superseded by Windows Phone, which does not run Windows Mobile software.Windows Mobile is... /Pocket PC Pocket PC A Pocket PC is also known by Microsoft as a 'Windows Mobile Classic device'. It is a hardware specification for a handheld-sized computer, personal digital assistant , that runs the Microsoft 'Windows Mobile Classic' operating system... |
FreeBSD FreeBSD FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant... |
Linux Linux Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds... |
Mac OS X Mac OS X Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems... |
NetBSD NetBSD NetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,... |
OpenBSD OpenBSD OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995... |
DragonFly BSD DragonFly BSD DragonFly BSD is a free Unix-like operating system created as a fork of FreeBSD 4.8. Matthew Dillon, an Amiga developer in the late 1980s and early 1990s and a FreeBSD developer between 1994 and 2003, began work on DragonFly BSD in June 2003 and announced it on the FreeBSD mailing lists on July... |
Features
- Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established) can be created for deniable encryptionDeniable encryptionIn cryptography and steganography, deniable encryption is encryption that allows its users to convincingly deny that the data is encrypted, or that they are able to decrypt it. Such convincing denials may or may not be genuine. For example, although suspicions might exist that the data is...
. Note that some modes of operationBlock cipher modes of operationIn cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.A block cipher by itself allows encryption only of a single data block of the cipher's block length. When targeting a variable-length message, the data must first be...
like CBC with a plain IV can be more prone to watermarking attackWatermarking attackIn cryptography, a watermarking attack is an attack on disk encryption methods where the presence of a specially crafted piece of data can be detected by an attacker without knowing the encryption key.-Problem description:...
s than others. - Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot diskBoot diskA boot disk is a removable digital data storage medium from which a computer can load and run an operating system or utility program. The computer must have a built-in program which will load and execute a program from a boot disk meeting certain standards.Boot disks are used for:* Operating...
. - Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications.
- Multiple keys: Whether an encrypted volume can have more than one active keyKey (cryptography)In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
. - Passphrase strengthening: Whether key strengtheningKey strengtheningIn cryptography, key stretching refers to techniques used to make a possibly weak key, typically a password or passphrase, more secure against a brute force attack by increasing the time it takes to test each possible key. Passwords or passphrases created by humans are often short or predictable...
is used with plain text passwords to frustrate dictionary attackDictionary attackIn cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.-Technique:...
s, usually using PBKDF2PBKDF2PBKDF2 is a key derivation function that is part of RSA Laboratories' Public-Key Cryptography Standards series, specifically PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898...
. - Hardware acceleration: Whether dedicated cryptographic acceleratorCryptographic acceleratorA cryptographic accelerator is a device that performs processor-intensive decrypting/encrypting while freeing the host CPU to perform other tasks. In general cryptographic accelerator is a co-processor. Common use for cryptographic accelerator is a webserver protecting data transmitted through...
expansion cards can be taken advantage of. - Trusted Platform ModuleTrusted Platform ModuleIn computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...
: Whether the implementation can use a TPM cryptoprocessor. - Filesystems: what filesystems are supported.
- Two-factor authenticationTwo-factor authenticationTwo-factor authentication is an approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. It is a part of the broader family of multi-factor authentication, which is a defense in depth approach to security...
: Whether optional security tokens (hardware security modulesHardware Security ModuleA hardware security module is a type of secure cryptoprocessor targeted at managing digital keys, accelerating cryptoprocesses in terms of digital signings/second and for providing strong authentication to access critical keys for server applications...
, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11PKCS11In cryptography, PKCS #11 is one of the family of standards called Public-Key Cryptography Standards , published by RSA Laboratories, that defines a platform-independent API to cryptographic tokens, such as Hardware Security Modules and smart cards...
)Name Hidden containers Pre-boot authentication Custom authentication Multiple keys Passphrase strengthening Hardware acceleration TPM Filesystems Two-factor authentication ArchiCrypt Live BestCrypt BestCryptBestCrypt is a commercial disk encryption program for Windows and Linux, developed by Jetico.-Features:* BestCrypt can create and mount an encrypted virtual drive using AES, Blowfish, Twofish, CAST, and various other encryption methods...BitArmor BitArmorBitArmor Systems Inc. was a firm based in the Gateway Center of downtown Pittsburgh, Pennsylvania. Founded in 2003 by two Carnegie Mellon University alumni, BitArmor sold software-based encryption and data management technologies...
DataControlBitLocker Drive Encryption BitLocker Drive EncryptionBitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by...Bloombase Keyparc CGD CenterTools DriveLock Check Point Full Disk Encryption CrossCrypt CrossCryptCrossCrypt is an open-source on-the-fly encryption program for the Microsoft Windows XP/2000 operating systems. CrossCrypt allows a user to make virtual drives which encrypt any files stored on them, making the encryption process completely seamless to the user.CrossCrypt is based on FileDisk,...CryptArchiver cryptoloop CryptoloopCryptoloop is a disk encryption module for Linux which relies on the Crypto API in the 2.6 Linux kernel series. It was first introduced in the 2.5.x kernel series...DiskCryptor DiskCryptorDiskCryptor is the first open source full disk encryption system for MS Windows that allows the encryption of an entire PC's harddrive or individual partitions – including the ability to encrypt the partition and disk on which the OS is installed....DISK Protect dm-crypt Dm-cryptdm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API...
/cryptsetupdm-crypt Dm-cryptdm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API...
/LUKSDriveCrypt DriveSentry DriveSentryDriveSentry is an antivirus program, developed by DriveSentry Inc, to protect Microsoft Windows users from malware. It is available free for personal use, though with restricted functionality.- Company overview :...
GoAnywhere 2E4M E4MEncryption for the Masses is a free disk encryption software for Windows NT/9x/Me. E4M is no longer maintained; its author, Paul Le Roux, joined Shaun Hollingworth to produce E4M's commercial successor, DriveCrypt....e-Capsule Private Safe eCryptfs ECryptfseCryptfs is a POSIX-compliant encrypted filesystem that has been part of the mainline Linux Kernel since version 2.6.19. The eCryptfs package has been included in Ubuntu since version 9.04...FileVault FileVaultFileVault is a system which encrypts files on a Macintosh computer. It can be found in the Mac OS X v10.4 "Tiger" operating system and later....FREE CompuSec FreeOTFE FreeOTFEFreeOTFE is an open source on-the-fly disk encryption computer program for PCs running Microsoft Windows, and personal digital assistants running Windows Mobile . It creates virtual drives, or disks, to which anything written is automatically encrypted before being stored on a computer's hard or...GBDE GBDEGBDE, standing for GEOM Based Disk Encryption, is a block device-layer disk encryption system written for FreeBSD, initially introduced in version 5.0. It is based on the GEOM disk framework. GBDE was designed and implemented by Poul-Henning Kamp and Network Associates Inc...GELI Geli (software)geli is a block device-layer disk encryption system written for FreeBSD, introduced in version 6.0. It utilises the GEOM disk framework. It was designed and implemented by Pawel Jakub Dawidek.- Design details :...GuardianEdge Hard Disk Encryption loop-AES n-Crypt Pro PGPDisk PGPDiskPGP Virtual Disk is an on-the-fly encryption system that allows one to create a virtual encrypted disk within a file.Older versions for Windows NT were freeware . These are still available for download, but no longer maintained...Private Disk Private Disk-Overview:Private Disk is a disk encryption application for the Microsoft Windows operating system, developed by Dekart SRL. It works by creating a virtual drive, the contents of which is encrypted on-the-fly; other software can use the drive as if it were a usual one.One of Private Disk's key...R-Crypto McAfee Endpoint Encryption (SafeBoot) SafeGuard Easy SafeGuard Enterprise SafeGuard PrivateDisk SafeHouse Professional Scramdisk ScramdiskScramdisk is a free On-the-fly encryption program for Windows 95, Windows 98, and Windows Me. A non-free version was also available for Windows NT....Scramdisk ScramdiskScramdisk is a free On-the-fly encryption program for Windows 95, Windows 98, and Windows Me. A non-free version was also available for Windows NT....
4 LinuxSecuBox FinallySecure Enterprise (SECUDE) SecureDoc Sentry 2020 Sentry 2020Sentry 2020 is a commercial software program for "on the fly" disk encryption for PC and PDA. It has two compatible versions, one for desktop Windows and one for Windows Mobile which allows using the same encrypted volume on both platforms.-See also:...softraid / RAID C svnd / vnconfig Symantec SymantecSymantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:...
Endpoint EncryptionTrueCrypt TrueCryptTrueCrypt is a software application used for on-the-fly encryption . It is free and open source. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device .- Operating systems :TrueCrypt supports Microsoft Windows, Mac OS X, and...
(limited to one per
"outer" container)Aloaha AloahaAloaha is a privately owned company with offices in Ibbenbueren, Germany. Their document and security products have been used extensively in various areas.- Overwiew :Aloaha manufactures a range of secure USB flash drives in sizes ranging from 4 GB to 32 GB...
Secure StickName Hidden containers Pre-boot authentication Custom authentication Multiple keys Passphrase strengthening Hardware acceleration TPM Filesystems Two-factor authentication
Layering
- Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to "pre-boot authentication" in the features comparison table.
- Partition: Whether individual disk partitions can be encrypted.
- File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop deviceLoop deviceIn Unix-like operating systems, a loop device, vnd , or lofi is a pseudo-device that makes a file accessible as a block device....
s). - Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly.
- Hibernation file: Whether the hibernation fileHibernate (OS feature)Hibernation in computing is powering down a computer while retaining its state.Upon hibernation, the computer saves the contents of its random access memory to a hard disk or other non-volatile storage...
is encrypted (if hibernation is supported).Name Whole disk Partition File Swap space Hibernation file ArchiCrypt Live
(except for the boot volume)BestCrypt BestCryptBestCrypt is a commercial disk encryption program for Windows and Linux, developed by Jetico.-Features:* BestCrypt can create and mount an encrypted virtual drive using AES, Blowfish, Twofish, CAST, and various other encryption methods...BitArmor BitArmorBitArmor Systems Inc. was a firm based in the Gateway Center of downtown Pittsburgh, Pennsylvania. Founded in 2003 by two Carnegie Mellon University alumni, BitArmor sold software-based encryption and data management technologies...
DataControlBitLocker Drive Encryption BitLocker Drive EncryptionBitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by...
(except for the boot volume)
(parent volume is encrypted)
(parent volume is encrypted)Bloombase Keyparc CenterTools DriveLock CGD Check Point Full Disk Encryption CrossCrypt CrossCryptCrossCrypt is an open-source on-the-fly encryption program for the Microsoft Windows XP/2000 operating systems. CrossCrypt allows a user to make virtual drives which encrypt any files stored on them, making the encryption process completely seamless to the user.CrossCrypt is based on FileDisk,...CryptArchiver cryptoloop CryptoloopCryptoloop is a disk encryption module for Linux which relies on the Crypto API in the 2.6 Linux kernel series. It was first introduced in the 2.5.x kernel series...DiskCryptor DiskCryptorDiskCryptor is the first open source full disk encryption system for MS Windows that allows the encryption of an entire PC's harddrive or individual partitions – including the ability to encrypt the partition and disk on which the OS is installed....dm-crypt Dm-cryptdm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API...DriveCrypt DriveSentry DriveSentryDriveSentry is an antivirus program, developed by DriveSentry Inc, to protect Microsoft Windows users from malware. It is available free for personal use, though with restricted functionality.- Company overview :...
GoAnywhere 2E4M E4MEncryption for the Masses is a free disk encryption software for Windows NT/9x/Me. E4M is no longer maintained; its author, Paul Le Roux, joined Shaun Hollingworth to produce E4M's commercial successor, DriveCrypt....e-Capsule Private Safe eCryptfs FileVault FileVaultFileVault is a system which encrypts files on a Macintosh computer. It can be found in the Mac OS X v10.4 "Tiger" operating system and later....FREE CompuSec FreeOTFE FreeOTFEFreeOTFE is an open source on-the-fly disk encryption computer program for PCs running Microsoft Windows, and personal digital assistants running Windows Mobile . It creates virtual drives, or disks, to which anything written is automatically encrypted before being stored on a computer's hard or...
(except for the boot volume)GBDE GBDEGBDE, standing for GEOM Based Disk Encryption, is a block device-layer disk encryption system written for FreeBSD, initially introduced in version 5.0. It is based on the GEOM disk framework. GBDE was designed and implemented by Poul-Henning Kamp and Network Associates Inc...GELI Geli (software)geli is a block device-layer disk encryption system written for FreeBSD, introduced in version 6.0. It utilises the GEOM disk framework. It was designed and implemented by Pawel Jakub Dawidek.- Design details :...GuardianEdge Hard Disk Encryption loop-AES n-Crypt Pro PGPDisk PGPDiskPGP Virtual Disk is an on-the-fly encryption system that allows one to create a virtual encrypted disk within a file.Older versions for Windows NT were freeware . These are still available for download, but no longer maintained...Private Disk Private Disk-Overview:Private Disk is a disk encryption application for the Microsoft Windows operating system, developed by Dekart SRL. It works by creating a virtual drive, the contents of which is encrypted on-the-fly; other software can use the drive as if it were a usual one.One of Private Disk's key...R-Crypto McAfee Endpoint Encryption (SafeBoot) SafeGuard Easy SafeGuard Enterprise SafeGuard PrivateDisk SafeHouse Professional Scramdisk ScramdiskScramdisk is a free On-the-fly encryption program for Windows 95, Windows 98, and Windows Me. A non-free version was also available for Windows NT....Scramdisk ScramdiskScramdisk is a free On-the-fly encryption program for Windows 95, Windows 98, and Windows Me. A non-free version was also available for Windows NT....
4 LinuxSecuBox FinallySecure Enterprise (SECUDE) SecureDoc Sentry 2020 Sentry 2020Sentry 2020 is a commercial software program for "on the fly" disk encryption for PC and PDA. It has two compatible versions, one for desktop Windows and one for Windows Mobile which allows using the same encrypted volume on both platforms.-See also:...softraid / RAID C (encrypted by default in OpenBSD) svnd / vnconfig (encrypted by default in OpenBSD) SpyProof Symantec SymantecSymantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:...
Endpoint EncryptionTrueCrypt TrueCryptTrueCrypt is a software application used for on-the-fly encryption . It is free and open source. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device .- Operating systems :TrueCrypt supports Microsoft Windows, Mac OS X, and...Aloaha AloahaAloaha is a privately owned company with offices in Ibbenbueren, Germany. Their document and security products have been used extensively in various areas.- Overwiew :Aloaha manufactures a range of secure USB flash drives in sizes ranging from 4 GB to 32 GB...
Secure StickCryptomill Name Whole disk Partition File Swap space Hibernation file
Modes of operation
Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.- CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectorInitialization vectorIn cryptography, an initialization vector is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom...
s are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attackWatermarking attackIn cryptography, a watermarking attack is an attack on disk encryption methods where the presence of a specially crafted piece of data can be detected by an attacker without knowing the encryption key.-Problem description:...
s. - CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
- CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDEGBDEGBDE, standing for GEOM Based Disk Encryption, is a block device-layer disk encryption system written for FreeBSD, initially introduced in version 5.0. It is based on the GEOM disk framework. GBDE was designed and implemented by Poul-Henning Kamp and Network Associates Inc...
for details) - LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.
- XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWGIEEE P1619IEEE P1619 is an Institute of Electrical and Electronics Engineers standardization project for encryption of stored data, but more generically refers to the work of the IEEE P1619 Security in Storage Working Group , which includes a family of standards for protection of stored data and for the...
(IEEE P1619) standard for disk encryption.
| Name | CBC w/ predictable IVs | CBC w/ secret IVs | CBC w/ random per-sector keys | LRW | XTS |
|---|---|---|---|---|---|
| ArchiCrypt Live | |||||
| BestCrypt BestCrypt BestCrypt is a commercial disk encryption program for Windows and Linux, developed by Jetico.-Features:* BestCrypt can create and mount an encrypted virtual drive using AES, Blowfish, Twofish, CAST, and various other encryption methods... |
|||||
| BitArmor BitArmor BitArmor Systems Inc. was a firm based in the Gateway Center of downtown Pittsburgh, Pennsylvania. Founded in 2003 by two Carnegie Mellon University alumni, BitArmor sold software-based encryption and data management technologies... DataControl |
|||||
| BitLocker Drive Encryption BitLocker Drive Encryption BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by... |
|||||
| Bloombase Keyparc | |||||
| CGD | |||||
| CenterTools DriveLock | |||||
| Check Point Full Disk Encryption | |||||
| CrossCrypt CrossCrypt CrossCrypt is an open-source on-the-fly encryption program for the Microsoft Windows XP/2000 operating systems. CrossCrypt allows a user to make virtual drives which encrypt any files stored on them, making the encryption process completely seamless to the user.CrossCrypt is based on FileDisk,... |
|||||
| CryptArchiver | |||||
| cryptoloop Cryptoloop Cryptoloop is a disk encryption module for Linux which relies on the Crypto API in the 2.6 Linux kernel series. It was first introduced in the 2.5.x kernel series... |
|||||
| DiskCryptor | |||||
| dm-crypt Dm-crypt dm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API... |
|||||
| DriveCrypt | |||||
| DriveSentry DriveSentry DriveSentry is an antivirus program, developed by DriveSentry Inc, to protect Microsoft Windows users from malware. It is available free for personal use, though with restricted functionality.- Company overview :... GoAnywhere 2 |
|||||
| E4M E4M Encryption for the Masses is a free disk encryption software for Windows NT/9x/Me. E4M is no longer maintained; its author, Paul Le Roux, joined Shaun Hollingworth to produce E4M's commercial successor, DriveCrypt.... |
|||||
| e-Capsule Private Safe | |||||
| eCryptfs | |||||
| FileVault FileVault FileVault is a system which encrypts files on a Macintosh computer. It can be found in the Mac OS X v10.4 "Tiger" operating system and later.... |
|||||
| FREE CompuSec | |||||
| FreeOTFE FreeOTFE FreeOTFE is an open source on-the-fly disk encryption computer program for PCs running Microsoft Windows, and personal digital assistants running Windows Mobile . It creates virtual drives, or disks, to which anything written is automatically encrypted before being stored on a computer's hard or... |
|||||
| GBDE GBDE GBDE, standing for GEOM Based Disk Encryption, is a block device-layer disk encryption system written for FreeBSD, initially introduced in version 5.0. It is based on the GEOM disk framework. GBDE was designed and implemented by Poul-Henning Kamp and Network Associates Inc... |
|||||
| GELI Geli (software) geli is a block device-layer disk encryption system written for FreeBSD, introduced in version 6.0. It utilises the GEOM disk framework. It was designed and implemented by Pawel Jakub Dawidek.- Design details :... |
|||||
| GuardianEdge Hard Disk Encryption | |||||
| loop-AES | |||||
| n-Crypt Pro | |||||
| PGPDisk PGPDisk PGP Virtual Disk is an on-the-fly encryption system that allows one to create a virtual encrypted disk within a file.Older versions for Windows NT were freeware . These are still available for download, but no longer maintained... |
|||||
| Private Disk Private Disk -Overview:Private Disk is a disk encryption application for the Microsoft Windows operating system, developed by Dekart SRL. It works by creating a virtual drive, the contents of which is encrypted on-the-fly; other software can use the drive as if it were a usual one.One of Private Disk's key... |
|||||
| R-Crypto | |||||
| McAfee Endpoint Encryption (SafeBoot) | |||||
| SafeGuard Easy | |||||
| SafeGuard Enterprise | |||||
| SafeGuard PrivateDisk | |||||
| SafeHouse Professional | |||||
| Scramdisk Scramdisk Scramdisk is a free On-the-fly encryption program for Windows 95, Windows 98, and Windows Me. A non-free version was also available for Windows NT.... |
|||||
| Scramdisk Scramdisk Scramdisk is a free On-the-fly encryption program for Windows 95, Windows 98, and Windows Me. A non-free version was also available for Windows NT.... 4 Linux |
|||||
| SecuBox | |||||
| FinallySecure Enterprise (SECUDE) | |||||
| SecureDoc | |||||
| Sentry 2020 Sentry 2020 Sentry 2020 is a commercial software program for "on the fly" disk encryption for PC and PDA. It has two compatible versions, one for desktop Windows and one for Windows Mobile which allows using the same encrypted volume on both platforms.-See also:... |
|||||
| softraid / RAID C | |||||
| svnd / vnconfig | |||||
| Symantec Symantec Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:... Endpoint Encryption |
|||||
| TrueCrypt TrueCrypt TrueCrypt is a software application used for on-the-fly encryption . It is free and open source. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device .- Operating systems :TrueCrypt supports Microsoft Windows, Mac OS X, and... |
|||||
| Aloaha Aloaha Aloaha is a privately owned company with offices in Ibbenbueren, Germany. Their document and security products have been used extensively in various areas.- Overwiew :Aloaha manufactures a range of secure USB flash drives in sizes ranging from 4 GB to 32 GB... Secure Stick |
|||||
| Name | CBC w/ predictable IVs | CBC w/ secret IVs | CBC w/ random per-sector keys | LRW | XTS |
See also
- Disk encryption softwareDisk encryption softwareTo protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software that is used to implement the technique...
- Disk encryption theory
- List of cryptographic file systems
- Cold boot attackCold boot attackIn cryptography, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine from a completely "off" state...
- Comparison of encrypted external drivesComparison of encrypted external drives-Background information:-Operating systems:-Features:* Bootable: Whether the drive can be used to boot a computer.* Encryption Type: Type of encryption used....
External links
- On-The-Fly Encryption: A Comparison - A much larger comparison of disk encryption software, sorted by OS