Comparison of disk encryption software

From Wikipedia, the free encyclopedia
Jump to: navigation, search

This is a technical feature comparison of different disk encryption software.

Background information[edit]

Encryption Developer First released Licensing Maintained?
Aloaha Secure Stick Aloaha 2008 Proprietary No
ArchiCrypt Live Softwaredevelopment Remus ArchiCrypt 1998 Proprietary Yes
BestCrypt Jetico 1993[1] Proprietary Yes
BitArmor DataControl BitArmor Systems Inc. 2008-05 Proprietary Yes
BitLocker Microsoft 2006 Proprietary Yes
Bloombase Keyparc Bloombase 2007 Proprietary Yes
CGD Roland C. Dowdeswell 2002-10-04[2] BSD Yes
CenterTools DriveLock CenterTools 2008 Proprietary Yes
Check Point Full Disk Encryption Check Point Software Technologies Ltd 1999[3][4][5] Proprietary Yes
CrossCrypt Steven Scherrer 2004-02-10[6] GPL No
Cryptainer Cypherix Software 1999 Proprietary Yes
CryptArchiver WinEncrypt ? Proprietary Yes
cryptoloop ? 2003-07-02[7] GPL No
Discryptor Cosect Ltd. 2008 Proprietary No
DiskCryptor ntldr 2007 GPL Yes
DISK Protect Becrypt Ltd 2001 Proprietary Yes
cryptsetup/dmsetup Christophe Saout 2004-03-11[8] GPL Yes
dm-crypt/LUKS Clemens Fruhwirth (LUKS) 2005-02-05[9] GPL Yes
DriveCrypt SecurStar GmbH 2001 Proprietary Yes[10]
DriveSentry GoAnywhere 2 DriveSentry 2008 Proprietary No
E4M Paul Le Roux 1998-12-18[11] Open source No
e-Capsule Private Safe EISST Ltd. 2005 Proprietary Yes
eCryptfs Dustin Kirkland, Tyler Hicks, (formerly Mike Halcrow) 2005[12] GPL Yes
EncryptStick ENC Security Systems 2009 Proprietary Yes
FileVault Apple Inc. 2003-10-24 Proprietary Yes
FileVault 2 Apple Inc. 2011-07-20 Proprietary Yes
FinallySecure Enterprise (SECUDE) SECUDE 2006 Proprietary Yes
FREE CompuSec CE-Infosys 2002 Proprietary Yes
FreeOTFE Sarah Dean 2004-10-10[13] Open source No
GBDE Poul-Henning Kamp 2002-10-19[14] BSD Yes
GELI Pawel Jakub Dawidek 2005-04-11[15] BSD Yes
KryptOS The MorphOS Development Team 2010 Proprietary Yes
loop-AES Jari Ruusu 2001-04-11 GPL Yes
McAfee Endpoint Encryption (SafeBoot) McAfee, Inc. 2007[16] Proprietary Yes
n-Crypt Pro n-Trance Security Ltd 2005 Proprietary Yes
PGPDisk PGP Corporation (acquired by Symantec in 2010) 1998-09-01[17] Proprietary Yes
Private Disk Dekart 1993[18] Proprietary Yes
ProxyCrypt v77 2013 Open source Yes
R-Crypto R-Tools Technology Inc 2008 Proprietary Yes
SafeGuard Easy Sophos (Utimaco) 1993[19] Proprietary Yes
SafeGuard Enterprise Sophos (Utimaco) 2007[20] Proprietary Yes
SafeGuard PrivateDisk
Sophos (Utimaco)[21] 2000 Proprietary Yes
SafeHouse Professional PC Dynamics, Inc. 1992 Proprietary Yes
Scramdisk Shaun Hollingworth 1997-07-01 Open source No
Scramdisk 4 Linux Hans-Ulrich Juettner 2005-08-06[22] GPL No
SecuBox Aiko Solutions 2007-02-19 Proprietary Yes
SECUDE Secure Notebook SECUDE 2003 Proprietary Yes
SecureDoc WinMagic Inc. 1997 Proprietary Yes
Sentry 2020 SoftWinter 1998[23] Proprietary Yes
softraid / RAID C OpenBSD 2007-11-01[24] BSD Yes
SpyProof! Information Security Corp. 2002 Proprietary Yes
svnd / vnconfig OpenBSD 2000-12-01[25] BSD Yes
Symantec Endpoint Encryption Symantec Corporation 2008 Proprietary Yes
tcplay Alex Hornung 2012-01-28[26] BSD Yes
TrueCrypt TrueCrypt Foundation 2004-02-02[27] TrueCrypt License 3.1[28] No
USBCrypt WinAbility Software Corp. 2010 Proprietary Yes
Name Developer First released Licensing Maintained?

Operating systems[edit]

Name Windows NT-based Pre-Windows NT Windows Mobile/Pocket PC FreeBSD Linux Mac OS X NetBSD OpenBSD DragonFly BSD Android
Aloaha Secure Stick Yes No No No No No No No No
BestCrypt Yes Yes No No Yes Yes No No No
BitArmor DataControl Yes No No No No No No No No
BitLocker Drive Encryption Yes No No No No No No No No No
Bloombase Keyparc Yes Yes No No Yes Yes No No No
CenterTools DriveLock Yes No No No No No No No No
CGD No No No No No No Yes No No
Check Point Full Disk Encryption Yes No Yes No Yes Yes No No No
CrossCrypt No No No No No No No No No
Cryptainer Yes No Yes[29] No No No No No No
CryptArchiver Yes No No No No No No No No
cryptoloop Yes[30] No No No Yes No No No No
cryptsetup/ dmsetup Yes[30] No No No Yes No No No Yes
Discryptor No No No No No No No No No
DiskCryptor Yes No No No No No No No No
DISK Protect Yes No No No No No No No No
dm-crypt/LUKS Yes[30] No Yes[31] No Yes No No No Yes
DriveCrypt Yes Yes No No No No No No No
DriveSentry GoAnywhere 2 Yes No No No No No No No No
E4M Yes Yes No No No No No No No
e-Capsule Private Safe Yes No No No No No No No No
eCryptfs No No No Yes Yes No No No No
FileVault No No No No No Yes No No No
FileVault 2 No No No No Partial[32] Yes No No No
FinallySecure Enterprise (SECUDE) Yes No No No No No No No No
FREE CompuSec Yes No No No No No No No No
FreeOTFE Yes No Yes No Partial[33] No No No No No
GBDE No No No Yes No No No No No
GELI No No No Yes No No No No No
loop-AES No No No No Yes No No No No
McAfee Endpoint Encryption (SafeBoot) Yes Yes Yes[34] No Yes Yes Yes No No
n-Crypt Pro Yes No No No No No No No No
PGPDisk Yes No No No No Yes No No No
PGP Whole Disk Encryption Yes No Yes No Yes Yes No No No
Private Disk Yes Yes No No No No No No No
ProxyCrypt Yes No No No No No No No No
R-Crypto Yes No No No No No No No No
SafeGuard Easy Yes No No No No No No No No
SafeGuard Enterprise Yes No No No No Yes No No No
SafeGuard PrivateDisk Yes No No No No No No No No
SafeHouse Professional Yes Yes No No No No No No No
Scramdisk Yes Yes No No Yes No No No No
Scramdisk 4 Linux No No No No Yes No No No No
SecuBox No No Yes No No No No No No
SecureDoc Yes No No No Yes Yes No No No
Sentry 2020 Yes No No No No No No No No
softraid / RAID C No No No No No No No Yes No
SpyProof! Yes No No No No No No No No
svnd / vnconfig No No No No No No No Yes No
Symantec Endpoint Encryption Partial[35] No No No Yes[36] Yes No No No
tcplay No No No No Yes No No No Yes No
TrueCrypt Yes No No No[37] Yes Yes No No No Yes[38]
USBCrypt Yes No No No No No No No No No
Name Windows NT-based Pre-Windows NT Windows Mobile/Pocket PC FreeBSD Linux Mac OS X NetBSD OpenBSD DragonFly BSD Android

Features[edit]

Name Hidden containers Pre-boot authentication Single sign-on Custom authentication Multiple keys Passphrase strengthening Hardware acceleration TPM Filesystems Two-factor authentication
Aloaha Secure Stick Yes No N/A Yes Yes No No No NTFS, FAT32 Yes
ArchiCrypt Live Yes[40] No N/A No Yes[40][41] No No No ? Yes[40][42]
BestCrypt Yes Yes ? No Yes[43] Yes Yes Yes Any supported by OS Yes[44]
BitArmor DataControl No Yes ? No Yes Yes No No NTFS, FAT32 on non-system volumes No
BitLocker Drive Encryption No Yes[45] No Yes[46] Yes[47] Yes[48] Yes Yes[47] Chiefly NTFS [Note 1] Yes [Note 2]
Bloombase Keyparc No No N/A Yes Yes Yes Yes No ? ?
CGD No No N/A Yes[49] Yes[50] Yes[49] No No Any supported by OS Yes[49]
CenterTools DriveLock No Yes ? No No Yes No No Any supported by OS Yes
Check Point Full Disk Encryption Yes Yes Yes Yes Yes Yes Yes No NTFS, FAT32 Yes
CrossCrypt No No N/A No No No No No ? No
CryptArchiver No No N/A No No ? No No ? ?
cryptoloop No Yes[51] ? Yes No No Yes[citation needed] No Any supported by OS ?
cryptsetup/ dmsetup No Yes[51] ? Yes No No Yes No Any supported by OS No
DiskCryptor No Yes ? No No No Yes[52] No Any supported by OS Yes[52]
DISK Protect ? Yes[53] ? ? Yes[53] ? ? No ? ?
dm-crypt/LUKS No Yes[51] ? Yes Yes Yes Yes Partial[54] [Note 3] Any supported by OS Yes
DriveCrypt Yes[55] Yes ? No Yes Yes No No ? Yes
DriveSentry GoAnywhere 2 No No N/A Yes No Yes No ? Any supported by OS Yes
E4M No No N/A No No ? No No ? No
e-Capsule Private Safe Yes[56] No N/A No Yes[56] No Yes No ? ?
eCryptfs No No N/A Yes Yes Yes Yes Yes Yes[57] Yes
FileVault No No N/A No Two passwords[58] Yes[58]  ? No HFS+, possibly others No
FileVault 2 No Yes ? No Yes Yes Yes[59] No HFS+, possibly others No
FinallySecure Enterprise (SECUDE) No Yes ? Yes No Yes No Yes ? Yes
FREE CompuSec No Yes ? No No No No No Any supported by OS No
FreeOTFE Yes No N/A Yes[60] Yes[61] Yes Yes No Any supported by OS Yes
GBDE No No[62] N/A Yes Yes[63] No[63] No[62] No Any supported by OS Yes
GELI No Yes[62] ? Yes Yes[64] Yes[64] Yes[62] No Any supported by OS Yes
loop-AES No Yes[65] ? Yes[65] Yes[65] Yes[65] Yes[65] No Any supported by OS Yes[66]
McAfee Endpoint Encryption (SafeBoot) Yes Yes Yes Yes Yes Yes Yes[67]

[68]

Yes Any supported by OS Yes
n-Crypt Pro No No N/A No No N/A[69] No No ? ?
PGPDisk No Yes[70] ? ? Yes Yes[71] ? Yes ? Yes
Private Disk No No N/A No Yes Yes No No Any supported by OS Yes
ProxyCrypt Yes No N/A No No Yes Yes No Any supported by OS No
R-Crypto ? No N/A ? ? ? ? ? Any supported by OS ?
SafeGuard Easy No Yes ? No Yes Yes No Yes[72] Any supported by OS Yes
SafeGuard Enterprise No Yes ? No Yes Yes No Yes[72] Any supported by OS Yes
SafeGuard PrivateDisk No No N/A No Yes Yes No Yes[73] Any supported by OS Yes
SafeHouse Professional No No N/A Yes Yes Yes No No Any supported by OS Yes
Scramdisk Yes No N/A No No No No No ? Last update to web site 2009-07-02
Scramdisk 4 Linux Yes[74] No N/A No No Yes[74] No No ext2, ext3, reiserfs, minix, ntfs, vfat/msdos No
SecuBox No No N/A No No Yes No No ? No
SecureDoc No Yes[75] ? Yes Yes Yes Yes Yes ? Yes
Sentry 2020 No No ? No No No No No ? No
softraid / RAID C No No ? ? ? ? Yes ? Any supported by OS ?
svnd / vnconfig No No N/A No No Yes[76] Yes ? Any supported by OS ?
Symantec Endpoint Encryption No Yes Yes Yes Yes Yes No No NTFS, FAT32 Yes
TrueCrypt [Note 4] Yes
(limited to one per
"outer" container)
only on Windows[77] ? No yes with multiple keyfiles[78][79] Yes Yes No[80] Only Windows MBR volumes; no UEFI GPT drives, and dynamic drives discouraged[81] Yes
Name Hidden containers Pre-boot authentication Single sign-on Custom authentication Multiple keys Passphrase strengthening Hardware acceleration TPM Filesystems Two-factor authentication
  1. ^ Windows 7 introduces Bitlocker-To-Go which supports NTFS, FAT32 or exFAT, however for hard drive encryption, Windows Vista and later are limited to be installable only on NTFS volumes
  2. ^ BitLocker can be used with a TPM PIN + external USB key for two-factor authentication
  3. ^ An external tool can be used to read the key from the TPM and then have the key passed on to dm-crypt/LUKS via the standard input
  4. ^ The current situation around TrueCrypt project is controversial. On 28.05.2014 after many years of development and broad usage the open-source (although anonymous) project was suddenly stopped, and all previous official materials and complete (encrypt/decrypt) binaries were withdrawn from its website citing some "unfixed security issues" and Windows XP end of support. The technical information herein is valid only for previous versions of TrueCrypt (v7.1a and some earlier). The latest available version (v7.2) is decrypt only, its authenticity and actual reasons behind the move are unclear, and its usage is not recommended. http://www.zdnet.com/truecrypt-quits-inexplicable-7000029994/

Layering[edit]

For more details on this topic, see Encryption layer in storage stack.
  • Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to "pre-boot authentication" in the features comparison table.
  • Partition: Whether individual disk partitions can be encrypted.
  • File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices).
  • Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly.
  • Hibernation file: Whether the hibernation file is encrypted (if hibernation is supported).
Name Whole disk Partition File Swap space Hibernation file
Aloaha Secure Stick No No Yes No No
ArchiCrypt Live Yes
(except for the boot volume)
Yes Yes No No
BestCrypt Yes Yes Yes Yes Yes[86]
BitArmor DataControl No Yes No Yes Yes
BitLocker Drive Encryption Yes
(except for the boot volume)
Yes No Yes
(parent volume is encrypted)
Yes
(parent volume is encrypted)
Bloombase Keyparc Yes Yes Yes Yes No
CenterTools DriveLock Yes Yes Yes Yes Yes
CGD Yes Yes Yes[49] Yes No
Check Point Full Disk Encryption Yes Yes Yes Yes Yes
CrossCrypt No No Yes No No
CryptArchiver No No Yes No No
cryptoloop Yes Yes Yes Yes No
Cryptomill Yes N/A Yes N/A N/A
DiskCryptor Yes Yes No Yes Yes
dm-crypt Yes Yes Yes[87] Yes Yes[88]
DriveCrypt Yes Yes[55] Yes[55] No No
DriveSentry GoAnywhere 2 No Yes Yes No No
E4M No Yes Yes No No
e-Capsule Private Safe No No Yes[89] No No
eCryptfs No No Yes No No
FileVault No No Yes[58] Yes[90][58] Yes[90][91]
FileVault 2 Yes[92] Yes[59] No Yes Yes
FREE CompuSec Yes No Yes Yes Yes
FreeOTFE Yes
(except for the boot volume)
Yes Yes No No
GBDE Yes Yes Yes[93] Yes No
GELI Yes Yes Yes[93] Yes No
loop-AES Yes Yes[65] Yes[65] Yes[65] Yes[65]
McAfee Endpoint Encryption (SafeBoot) Yes Yes Yes Yes Yes[94]
n-Crypt Pro Yes Yes Yes No No
PGPDisk Yes Yes Yes Yes only on Windows
Private Disk No No Yes No No
ProxyCrypt Yes Yes Yes No No
R-Crypto No No Yes No No
SafeGuard Easy Yes Yes extra module Yes Each sector on disk is encrypted
SafeGuard Enterprise Yes Yes Yes Yes Each sector on disk is encrypted
SafeGuard PrivateDisk No No Yes No No
SafeHouse Professional No No Yes No No
Scramdisk No Yes Yes No No
Scramdisk 4 Linux Yes Yes Yes Yes No
SecuBox No No Yes N/A No
FinallySecure Enterprise (SECUDE) Yes Yes Yes Yes Yes
SecureDoc Yes[75] Yes Yes Yes Yes
Sentry 2020 No No Yes No No
softraid / RAID C Yes Yes No Yes (encrypted by default in OpenBSD)[95] No
svnd / vnconfig ? Yes Yes Yes (encrypted by default in OpenBSD) ?
SpyProof! No Yes Yes No No
Symantec Endpoint Encryption Yes Yes Yes Yes Yes
TrueCrypt Yes[96] Yes Yes Yes only on Windows[77]
VeraCrypt Yes Yes Yes Yes only on Windows[77]
Name Whole disk Partition File Swap space Hibernation file

Modes of operation[edit]

For more details on this topic, see Disk encryption theory.

Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.

  • CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks.
  • CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
  • CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details)
  • LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.[97]
  • XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWG (IEEE P1619) standard for disk encryption.
Name CBC w/ predictable IVs CBC w/ secret IVs CBC w/ random per-sector keys LRW XTS
Aloaha Secure Stick No No No Yes Yes
ArchiCrypt Live No No No Legacy support [98] Yes
BestCrypt No Yes No Yes[99] Yes[100]
BitArmor DataControl No Yes Plumb-IV No No
BitLocker Drive Encryption No[101] Yes[101] No No No
Bloombase Keyparc ? Yes ? ? ?
CGD No Yes[102] No No No
CenterTools DriveLock ? ? ? ? ?
Check Point Full Disk Encryption No No Yes Yes Yes
CrossCrypt Yes No No No No
CryptArchiver ? ? ? ? ?
cryptoloop Yes No No No No
DiskCryptor No No No No Yes
dm-crypt Yes Yes No Yes, using *-lrw-benbi[103] Yes, using *-xts-plain
DriveCrypt ? ? ? ? ?
DriveSentry GoAnywhere 2 ? ? ? ? ?
E4M ? ? ? No No
e-Capsule Private Safe ? ? ? ? ?
eCryptfs No Yes ? No No
FileVault Yes[58] No No No No
FileVault 2 No No No No Yes[104]
FREE CompuSec Yes No No No No
FreeOTFE Yes Yes No Yes Yes
GBDE No No Yes[63] No No
GELI No Yes[105] No No Yes
loop-AES single-key, multi-key-v2 modes[65] multi-key-v3 mode[65] No No No
McAfee Endpoint Encryption (SafeBoot) No Yes No No No
n-Crypt Pro ? ? No No No
PGPDisk ? ? ? ? ?
Private Disk No Yes No No No
ProxyCrypt No No No No Yes
R-Crypto ? ? ? ? ?
SafeGuard Easy ? ? ? ? ?
SafeGuard Enterprise ? ? ? ? ?
SafeGuard PrivateDisk ? ? ? ? ?
SafeHouse Professional Yes No No No No
Scramdisk No Yes No No No
Scramdisk 4 Linux No Yes[106] No Yes[107] Yes[108]
SecuBox Yes No No No No
FinallySecure Enterprise (SECUDE) ? ? ? ? ?
SecureDoc ? ? ? ? ?
Sentry 2020 ? ? ? ? ?
softraid / RAID C ? ? ? ? Yes [109]
svnd / vnconfig ? ? ? ? ?
Symantec Endpoint Encryption No No Yes No No
TrueCrypt Legacy support [110] No No Legacy support [111] Yes [112]
USBCrypt No Yes No No Yes
Name CBC w/ predictable IVs CBC w/ secret IVs CBC w/ random per-sector keys LRW XTS

See also[edit]

Notes and references[edit]

  1. ^ "Jetico Mission". Jetico. Retrieved 2014-05-30. 
  2. ^ Roland Dowdeswell (2002-10-04). "CryptoGraphic Disk". mailing list announcement. Retrieved 2007-01-14. 
  3. ^ Original release as Protect Data Security Inc.'s "Protect!style="background: #ececec; color: black; font-weight: bold; vertical-align: middle; text-align: left; " class="table-rh"|""Protect guards laptop and desktop data". Retrieved 2008-09-03. [dead link]
  4. ^ Company and product name change to Pointsec "Protect Data Security Inc. changes name to Pointsec Mobile Technologies Inc.". Archived from the original on 2004-08-20. Retrieved 2008-09-03. 
  5. ^ "Check Point Completes the Offer for Protect Data with Substantial Acceptance of 87.1 Percent". Retrieved 2008-09-03. 
  6. ^ Sarah Dean (2004-02-10). "OTFEDB entry". Retrieved 2008-08-10. 
  7. ^ Initial cryptoloop patches for the Linux 2.5 development kernel: http://uwsg.iu.edu/hypermail/linux/kernel/0307.0/0348.html
  8. ^ dm-crypt was first included in Linux kernel version 2.6.4: http://lwn.net/Articles/75404/
  9. ^ Clemens Fruhwirth. "LUKS version history". Retrieved 2006-12-24. 
  10. ^ SecurStar GmbH. "DriveCrypt 5.6.0 Released". Retrieved 2014-07-30. 
  11. ^ "archived E4M documentation". Archived from the original on 2000-05-24. ).
  12. ^ "eCryptfs". Retrieved 2008-04-29. 
  13. ^ "FreeOTFE version history". Archived from the original on 2006-12-07. Retrieved 2006-12-24. 
  14. ^ "gbde(4) man page in FreeBSD 4.11". GBDE manual page as it appeared in FreeBSD 4.11. Retrieved 2006-12-24. 
  15. ^ "geli(8) man page in FreeBSD 6.0". GELI manual page as it first appeared in FreeBSD 6.0. Retrieved 2006-12-24. 
  16. ^ "McAfee Endpoint Encryption". product description. McAfee. Retrieved 2009-03-04. 
  17. ^ "PGP 6.0 Freeware released- any int'l links?". comp.security.pgp. Web link. Retrieved 2007-01-04.
  18. ^ "Dekart Encryption software timeline". Dekart. 
  19. ^ "SafeGuard Easy 4.5 Technical Whitepaper". Utimaco. Retrieved 2009-08-10. 
  20. ^ "SafeGuard Enterprise Technical Whitepaper". Utimaco. Retrieved 2009-08-10. 
  21. ^ Rebranded as ThinkVantage Client Security "ThinkVantage Technologies Deployment Guide". Lenovo. Retrieved 2008-03-05. 
  22. ^ "ScramDisk 4 Linux Releases". 
  23. ^ "Sentry 2020 news". Retrieved 2007-01-02. 
  24. ^ OpenBSD 4.2 change notes
  25. ^ OpenBSD 2.8 change notes
  26. ^ [1]
  27. ^ TrueCrypt version history
  28. ^ "TrueCrypt License Version 3.1". TrueCrypt Foundation. 2014-05-28. Retrieved 2014-05-29. 
  29. ^ [2] PocketPC freeware release- SmartPhone beta available
  30. ^ a b c [3] FreeOTFE supports cryptoloop, dm-crypt/cryptsetup/dmsetup, and dm-crypt/LUKS volumes
  31. ^ [4] FreeOTFE4PDA supports dm-crypt/LUKS volumes
  32. ^ [5] libfvde supports reading FileVault2 Drive Encryption (FVDE) encrypted volumes
  33. ^ [6] Supports Linux volumes
  34. ^ "Endpoint Encryption Datasheet". McAfee. Retrieved 2010-06-14. 
  35. ^ [7] The current version of SEE (8.2.1) does not support Windows 8.
  36. ^ [8] Command-line interface only; Ubuntu and RHEL are the only two officially supported Linux operating systems.
  37. ^ [9] Although TrueCrypt can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when TrueCrypt is attempted to be used
  38. ^ [10] Third party app allows to open containers encryptes with AES-256, SHA-512 hash and FAT file system
  39. ^ [11] Hidden containers description from Jetico (BestCrypt)
  40. ^ a b c Secret-containers and Camouflage files ArchiCrypt Live Description
  41. ^ Supports "Guest" keys
  42. ^ Using "Archicrypt Card"
  43. ^ Supported by the BestCrypt container format; see BestCrypt SDK
  44. ^ Supported by the BestCrypt Volume Encryption software
  45. ^ With PIN or USB key)
  46. ^ BitLocker Drive Encryption: Value Add Extensibility Options
  47. ^ a b "BitLocker Drive Encryption Technical Overview". Microsoft. Retrieved 2008-03-13. 
  48. ^ Recovery keys only.
  49. ^ a b c d Roland C. Dowdeswell, John Ioannidis. "The CryptoGraphic Disk Driver" (PDF). CGD design paper. Retrieved 2006-12-24. 
  50. ^ Federico Biancuzzi (2005-12-21). "Inside NetBSD's CGD". interview with Roland Dowdeswell. ONLamp.com. Retrieved 2006-12-24. 
  51. ^ a b c dm-crypt and cryptoloop volumes can be mounted from the initrd before the system is booted
  52. ^ a b "DiskCryptor Features". Retrieved 2010-05-25. 
  53. ^ a b "DISK Protect 4.2 Data Sheet" (PDF). Retrieved 2008-02-27. 
  54. ^ "cryptsetup Frequently Asked Questions". Retrieved 2012-10-25. 
  55. ^ a b c "DriveCrypt features". SecurStar GmbH. Retrieved 2007-01-03. 
  56. ^ a b "Multi level access with separate access credentials, each enabling a different set of functional or logical operations". EISST Ltd. Retrieved 2007-07-25. 
  57. ^ uses the lower filesystem (stacking)
  58. ^ a b c d e Jacob Appelbaum, Ralf-Philipp Weinmann (2006-12-29). Unlocking FileVault: An Analysis of Apple's disk encryption (PDF). Retrieved 2012-01-03. 
  59. ^ a b "Mac OS X 10.7 Lion: the Ars Technica review". Ars Technica. 2011-07-20. Retrieved 2012-01-03. 
  60. ^ FreeOTFE has a modular architecture and set of components to allow 3rd party integration
  61. ^ FreeOTFE allows multiple keys to mount the same container file via encrypted keyfiles
  62. ^ a b c d "FreeBSD Handbook: Encrypting Disk Partitions". Retrieved 2006-12-24. 
  63. ^ a b c Poul-Henning Kamp. "GBDE - GEOM Based Disk Encryption" (PDF). GBDE design document. Retrieved 2006-12-24. 
  64. ^ a b "geli(8) man page in FreeBSD-current". GELI manual page in current FreeBSD. Retrieved 2006-12-24. 
  65. ^ a b c d e f g h i j k Jari Ruusu. "loop-AES README file". Retrieved 2007-04-23. 
  66. ^ Using customization
  67. ^ "McAfee Endpoint Encryption". McAfee. Retrieved 2012-07-26. 
  68. ^ "Intel Advanced Encryption Standard (AES) Instructions Set - Rev 3". Intel. Retrieved 2012-07-26. 
  69. ^ n-Crypt Pro does not use password authentication— biometric/USB dongle authentication only
  70. ^ "PGP Whole Disk Encryption FAQ". PGP Corporation. Retrieved 2006-12-24. 
  71. ^ PGP private keys are always protected by strengthened passphrases
  72. ^ a b "Embedded Security: Trusted Platform Module Technology Comes of Age". Utimaco. Retrieved 2008-03-04. 
  73. ^ "ThinkVantage Technologies Deployment Guide". Lenovo. Retrieved 2008-03-05. 
  74. ^ a b For Truecrypt containers
  75. ^ a b "SecureDoc Product Information". WinMagic Inc. Retrieved 2008-03-05. 
  76. ^ optional by using -K OpenBSD Manual Pages: vnconfig(8)
  77. ^ a b c "Operating Systems Supported for System Encryption". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-28. 
  78. ^ Although each volume encrypted with TrueCrypt can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (cf. TrueCrypt FAQ: Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?)
  79. ^ "Keyfiles". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-28. 
  80. ^ "Some encryption programs use TPM to prevent attacks. Will TrueCrypt use it too?". TrueCrypt FAQ. TrueCrypt Foundation. Retrieved 2014-05-28. 
  81. ^ "Future". TrueCrypt Foundation. Retrieved 2014-05-24. 
  82. ^ http://www.jetico.com/data-protection-encryption-bestcrypt-volume-encryption-enterprise/
  83. ^ dm-crypt can encrypt a file-based volume when used with the losetup utility included with all major Linux distributions
  84. ^ yes, but the user needs custom scripts: http://www.linuxquestions.org/questions/slackware-14/luks-encryption-swap-and-hibernate-627958/
  85. ^ Uses proprietary e-Capsule file system not exposed to the OS.
  86. ^ a b not technically part of FileVault, but provided by many versions of Mac OS X; can be enabled independently of FileVault
  87. ^ http://macmarshal.com/images/Documents/mm_wp_102.pdf
  88. ^ http://support.apple.com/kb/HT4790?viewlocale=en_US&locale=en_US
  89. ^ a b File-based volume encryption is possible when used with mdconfig(8) utility.
  90. ^ "Control Break Internation Debuts SafeBoot Version 4.27". Retrieved 2008-08-12. 
  91. ^ http://www.openbsd.org/plus38.html OpenBSD 3.8 change notes
  92. ^ however, not Windows UEFI-based computers with a GUID partition table (GPT)
  93. ^ LRW_issue
  94. ^ Containers created with ArchiCrypt Live version 5 use LRW
  95. ^ "New features in BestCrypt version 8". Jetico. Retrieved 2007-03-02. 
  96. ^ "New features in version 2". Jetico. Retrieved 2009-03-01. 
  97. ^ a b Niels Fergusson (August 2006). AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista. Microsoft. Retrieved 2008-02-22. 
  98. ^ "man 4 cgd in NetBSD-current". NetBSD current manual page on CGD. 2006-03-11. Retrieved 2006-12-24. 
  99. ^ Starting with Linux kernel version 2.6.20, CryptoAPI supports the LRW mode: http://lwn.net/Articles/213650/
  100. ^ "OS X Lion: About FileVault 2". Retrieved 2011-01-03. 
  101. ^ "Linux/BSD disk encryption comparison". Retrieved 2006-12-24. 
  102. ^ For Scramdisk containers
  103. ^ For Truecrypt 4 containers
  104. ^ For Truecrypt 5 and 6 containers
  105. ^ Commit enabling AES XTS
  106. ^ Containers created with TrueCrypt versions 1.0 through 4.0 use CBC.
  107. ^ Containers created with TrueCrypt versions 4.1 through 4.3a use LRW, and support CBC for opening legacy containers only.
  108. ^ Containers created with TrueCrypt versions 5.0 or later use XTS, and support LRW/CBC for opening legacy containers only.


External links[edit]