FreeOTFE is an open source

Open-source software

Open-source software is computer software that is available in source code form: the source code and certain other rights normally reserved for copyright holders are provided under a software license that permits users to study, change, improve and at times also to distribute the software.Open...

 on-the-fly disk encryption

Disk encryption

Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...

 (OTFE) computer program for PCs running Microsoft Windows

Microsoft Windows

Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

, and personal digital assistant

Personal digital assistant

A personal digital assistant , also known as a palmtop computer, or personal data assistant, is a mobile device that functions as a personal information manager. Current PDAs often have the ability to connect to the Internet...

s (PDAs) running Windows Mobile

Windows Mobile

Windows Mobile is a mobile operating system developed by Microsoft that was used in smartphones and Pocket PCs, but by 2011 was rarely supplied on new phones. The last version is "Windows Mobile 6.5.5"; it is superseded by Windows Phone, which does not run Windows Mobile software.Windows Mobile is...

 (use FreeOTFE4PDA). It creates virtual drive

Virtual drive

A virtual drive in computing is a device that to the operating system appears to be an ordinary physical disk drive, with disc images substituted for disc reading hardware through the use of software called a disk emulator...

s, or disks, to which anything written is automatically encrypted before being stored on a computer's hard or USB

USB flash drive

A flash drive is a data storage device that consists of flash memory with an integrated Universal Serial Bus interface. flash drives are typically removable and rewritable, and physically much smaller than a floppy disk. Most weigh less than 30 g...

 drive. It is similar in function to other disk encryption programs including Microsoft's BitLocker.

Overview

FreeOTFE was initially released by Sarah Dean in 2004, and was the first open source code disk encryption system that provided a modular architecture allowing 3rd parties to implement additional algorithms if needed. Older FreeOTFE licensing required that any modification to the program be placed in the public domain. This does not conform technically to section 3 of the Open Source definition. Newer program licensing omits this condition.

This software is compatible with Linux encrypted volumes (e.g. LUKS, cryptoloop

Cryptoloop

Cryptoloop is a disk encryption module for Linux which relies on the Crypto API in the 2.6 Linux kernel series. It was first introduced in the 2.5.x kernel series...

, dm-crypt

Dm-crypt

dm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API...

), allowing data encrypted under Linux to be read (and written) freely. It was the first open source transparent disk encryption system to support Windows Vista

Windows Vista

Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...

 and PDAs.

Optional two-factor authentication

Two-factor authentication

Two-factor authentication is an approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. It is a part of the broader family of multi-factor authentication, which is a defense in depth approach to security...

 using smart card

Smart card

A smart card, chip card, or integrated circuit card , is any pocket-sized card with embedded integrated circuits. A smart card or microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally polyvinyl chloride, but sometimes acrylonitrile...

s and/or hardware security module

Hardware Security Module

A hardware security module is a type of secure cryptoprocessor targeted at managing digital keys, accelerating cryptoprocesses in terms of digital signings/second and for providing strong authentication to access critical keys for server applications...

s (HSMs, also termed security tokens) was introduced in v4.0, using the PKCS#11

PKCS11

In cryptography, PKCS #11 is one of the family of standards called Public-Key Cryptography Standards , published by RSA Laboratories, that defines a platform-independent API to cryptographic tokens, such as Hardware Security Modules and smart cards...

 (Cryptoki) standard developed by RSA Laboratories.

FreeOTFE also allows any number of "hidden volumes" to be created, giving plausible deniability

Plausible deniability

Plausible deniability is, at root, credible ability to deny a fact or allegation, or to deny previous knowledge of a fact. The term most often refers to the denial of blame in chains of command, where upper rungs quarantine the blame to the lower rungs, and the lower rungs are often inaccessible,...

 and deniable encryption

Deniable encryption

In cryptography and steganography, deniable encryption is encryption that allows its users to convincingly deny that the data is encrypted, or that they are able to decrypt it. Such convincing denials may or may not be genuine. For example, although suspicions might exist that the data is...

, and also has the option of encrypting full partitions or disks (but not the system partition).

Portable use

Unlike most disk encryption systems, FreeOTFE can be used in "portable mode", which allows it to be kept on a USB drive or other portable media, together with its encrypted data, and carried around. This allows it to be used under Microsoft Windows

Microsoft Windows

Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 without installation of the complete program to "mount" and access the encrypted data through a virtual disk.

In common with other disk encryption systems which offer a "portable" (or "traveller") mode, the use of this mode requires installing device drivers (at least temporarily) to create virtual disks, and as a consequence administrator rights are needed to start this traveller mode. Like most open source software which uses device drivers the user must enable test signing when ran under Windows Vista x64 and Windows 7 x64 systems.

Driverless operation

The author of FreeOTFE also offers another program called "FreeOTFE Explorer" which provides a driverless system that allows encrypted disks to be used without administrator rights.

This allows FreeOTFE encrypted data to be used on (for example) public computers found in libraries or computer kiosks (interactive kiosk

Interactive kiosk

An Interactive kiosk is a computer terminal featuring specialized hardware and software designed within a public exhibit that provides access to information and applications for communication, commerce, entertainment, and education....

s), where administrator rights are unavailable.

Unlike FreeOTFE, FreeOTFE Explorer does not provide on-the-fly encryption through a virtual drive. Instead it works in a similar manner as some archiving software in that it lets files be stored and extracted from encrypted disk images, in a similar manner as ZIP

ZIP (file format)

Zip is a file format used for data compression and archiving. A zip file contains one or more files that have been compressed, to reduce file size, or stored as is...

 and RAR archives, by using a Windows Explorer interface.

Algorithms implemented

Due to its architecture, FreeOTFE provides great flexibility to the user with its encryption options.

Ciphers

FreeOTFE implements several ciphers, including:

AES Advanced Encryption Standard Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES... Blowfish Blowfish (cipher) Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date... CAST5 / CAST6 DES Data Encryption Standard The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...  / Triple DES Triple DES In cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm block cipher, which applies the Data Encryption Standard cipher algorithm three times to each data block....

MARS RC6 RC6 In cryptography, RC6 is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard competition. The algorithm was one of the five finalists, and was also submitted to the... Serpent Serpent (cipher) Serpent is a symmetric key block cipher which was a finalist in the Advanced Encryption Standard contest, where it came second to Rijndael. Serpent was designed by Ross Anderson, Eli Biham, and Lars Knudsen.... Twofish Twofish In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but was not selected for standardisation...

It includes all National Institute of Standards and Technology

National Institute of Standards and Technology

The National Institute of Standards and Technology , known between 1901 and 1988 as the National Bureau of Standards , is a measurement standards laboratory, otherwise known as a National Metrological Institute , which is a non-regulatory agency of the United States Department of Commerce...

 (NIST) Advanced Encryption Standard

Advanced Encryption Standard

Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...

 (AES) finalists, and all ciphers can be used with multiple different keylengths.

Cipher modes

FreeOTFE originally offered encryption using cipher-block chaining (CBC) with encrypted salt-sector initialization vector (ESSIV), though from v3.00 introduced LRW and also the more secure XTS mode, which supersedes LRW in the IEEE P1619

IEEE P1619

IEEE P1619 is an Institute of Electrical and Electronics Engineers standardization project for encryption of stored data, but more generically refers to the work of the IEEE P1619 Security in Storage Working Group , which includes a family of standards for protection of stored data and for the...

 standard for disk encryption.

Hashes

As with its cipher options, FreeOTFE offers many different hash algorithms:

MD2 MD4 MD4 The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms.... MD5 MD5 The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity... RIPEMD-128

RIPEMD-160 RIPEMD-224 RIPEMD RIPEMD-160 is a 160-bit message digest algorithm developed in Leuven, Belgium, by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven, and first published in 1996... RIPEMD-320 RIPEMD RIPEMD-160 is a 160-bit message digest algorithm developed in Leuven, Belgium, by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven, and first published in 1996... SHA-1

SHA-224 SHA-256 SHA-384 SHA-512

Tiger Tiger (hash) In cryptography, Tiger is a cryptographic hash function designed by Ross Anderson and Eli Biham in 1995 for efficiency on 64-bit platforms. The size of a Tiger hash value is 192 bits. Truncated versions can be used for compatibility with protocols assuming a particular hash size... Whirlpool WHIRLPOOL In computer science and cryptography, Whirlpool is a cryptographic hash function designed by Vincent Rijmen and Paulo S. L. M. Barreto first described in 2000. The hash has been recommended by the NESSIE project...

See also

• Disk encryption
  Disk encryption
  Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...
  
  
• Disk encryption software
  Disk encryption software
  To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software that is used to implement the technique...
  
  
• Comparison of disk encryption software
  Comparison of disk encryption software
  -Background information:-Operating systems:-Features:* Hidden containers: Whether hidden containers can be created for deniable encryption...