Comparison of disk encryption software

This is a technical feature comparison of different disk encryption software.

Background information

Encryption	Developer	First released	Licensing	Maintained?
ArchiCrypt Live	Softwaredevelopment Remus ArchiCrypt	1998	Proprietary	Yes
BestCrypt	Jetico	1993[1]	Proprietary	Yes
BitArmor DataControl	BitArmor Systems Inc.	2008-05	Proprietary	Yes
BitLocker Drive Encryption	Microsoft	2006	Proprietary	Yes
Bloombase Keyparc	Bloombase	2007	Proprietary	Yes
CGD	Roland C. Dowdeswell	2002-10-04[2]	BSD	Yes
CenterTools DriveLock	CenterTools	2008	Proprietary	Yes
Check Point Full Disk Encryption	Check Point Software Technologies Ltd	1999[3][4][5]	Proprietary	Yes
CrossCrypt	Steven Scherrer	2004-02-10[6]	GPL	No
Cryptainer	Cypherix Software	1999	Proprietary	Yes
CryptArchiver	WinEncrypt	?	Proprietary	Yes
cryptoloop	?	2003-07-02[7]	GPL	No
Discryptor	Cosect Ltd.	2008	Proprietary	Yes
DiskCryptor	ntldr	2007	GPL	Yes
DISK Protect	Becrypt Ltd	2001	Proprietary	Yes
cryptsetup/dmsetup	Christophe Saout	2004-03-11[8]	GPL	Yes
dm-crypt/LUKS	Clemens Fruhwirth (LUKS)	2005-02-05[9]	GPL	Yes
DriveCrypt	SecurStar GmbH	2001	Proprietary	Yes
DriveSentry GoAnywhere 2	DriveSentry	2008	Proprietary	Yes
E4M	Paul Le Roux	1998-12-18[10]	Open source	No
e-Capsule Private Safe	EISST Ltd.	2005	Proprietary	Yes
eCryptfs	Dustin Kirkland, Tyler Hicks, (formerly Mike Halcrow)	2005[11]	GPL	Yes
FileVault	Apple Inc.	2003-10-24	Proprietary	Yes
FileVault 2	Apple Inc.	2011-7-20	Proprietary	Yes
FinallySecure Enterprise (SECUDE)	SECUDE	2006	Proprietary	Yes
FREE CompuSec	CE-Infosys	2002	Proprietary	Yes
FreeOTFE	Sarah Dean	2004-10-10[12]	Open source	No
GBDE	Poul-Henning Kamp	2002-10-19[13]	BSD	Yes
GELI	Pawel Jakub Dawidek	2005-04-11[14]	BSD	Yes
KryptOS	The MorphOS Development Team	2010	Proprietary	Yes
loop-AES	Jari Ruusu	2001-04-11	GPL	Yes
McAfee Endpoint Encryption (SafeBoot)	McAfee, Inc.	2007[15]	Proprietary	Yes
n-Crypt Pro	n-Trance Security Ltd	2005	Proprietary	Yes
PGPDisk	PGP Corporation	1998-09-01[16]	Proprietary	Yes
Private Disk	Dekart	1993[17]	Proprietary	Yes
R-Crypto	R-Tools Technology Inc	2008	Proprietary	Yes
SafeGuard Easy	Sophos (Utimaco)	1993[18]	Proprietary	Yes
SafeGuard Enterprise	Sophos (Utimaco)	2007[19]	Proprietary	Yes
SafeGuard PrivateDisk	Sophos (Utimaco)[20]	2000	Proprietary	Yes
SafeHouse Professional	PC Dynamics, Inc.	1992	Proprietary	Yes
Scramdisk	Shaun Hollingworth	1997-07-01	Open source	No
Scramdisk 4 Linux	Hans-Ulrich Juettner	2005-08-06[21]	GPL	Yes
SecuBox	Aiko Solutions	2007-02-19	Proprietary	Yes
SECUDE Secure Notebook	SECUDE	2003	Proprietary	Yes
SecureDoc	WinMagic Inc.	1997	Proprietary	Yes
Sentry 2020	SoftWinter	1998[22]	Proprietary	Yes
softraid / RAID C	OpenBSD	2007-11-01[23]	BSD	Yes
SpyProof!	Information Security Corp.	2002	Proprietary	Yes
svnd / vnconfig	OpenBSD	2000-12-01[24]	BSD	Yes
Symantec Endpoint Encryption	Symantec Corporation	2008	Proprietary	Yes
TrueCrypt	TrueCrypt Foundation	2004-02-02[25]	TrueCrypt License 3.0 [26]	Yes
Aloaha Secure Stick	Aloaha	2008	Proprietary	Yes
Name	Developer	First released	Licensing	Maintained?

Operating systems

Name	Windows NT-based	Pre-Windows NT	Windows Mobile/Pocket PC	FreeBSD	Linux	Mac OS X	NetBSD	OpenBSD	DragonFly BSD	Android
ArchiCrypt Live	Yes	No	No	No	No	No	No	No	No
BestCrypt	Yes	Yes	No	No	Yes	Yes	No	No	No
BitArmor DataControl	Yes	No	No	No	No	No	No	No	No
BitLocker Drive Encryption	Yes	No	No	No	No	No	No	No	No	No
Bloombase Keyparc	Yes	Yes	No	No	Yes	Yes	No	No	No
CenterTools DriveLock	Yes	No	No	No	No	No	No	No	No
CGD	No	No	No	No	No	No	Yes	No	No
Check Point Full Disk Encryption	Yes	No	Yes	No	Yes	Yes	No	No	No
CrossCrypt	Yes	No	No	No	No	No	No	No	No
Cryptainer	Yes	No	Yes[27]	No	No	No	No	No	No
CryptArchiver	Yes	No	No	No	No	No	No	No	No
cryptoloop	Yes[28]	No	No	No	Yes	No	No	No	No
Discryptor	Yes	No	No	No	No	No	No	No	No
DiskCryptor	Yes	No	No	No	No	No	No	No	No
DISK Protect	Yes	No	No	No	No	No	No	No	No
cryptsetup/dmsetup	Yes[28]	No	No	No	Yes	No	No	No	Yes
dm-crypt/LUKS	Yes[28]	No	Yes[29]	No	Yes	No	No	No	Yes
DriveCrypt	Yes	No	No	No	No	No	No	No	No
DriveSentry GoAnywhere 2	Yes	No	No	No	No	No	No	No	No
E4M	Yes	Yes	No	No	No	No	No	No	No
e-Capsule Private Safe	Yes	No	No	No	No	No	No	No	No
eCryptfs	No	No	No	Yes	Yes	No	No	No	No
FileVault	No	No	No	No	No	Yes	No	No	No
FileVault 2	No	No	No	No	Partial[30]	Yes	No	No	No
FREE CompuSec	Yes	No	No	No	Yes	No	No	No	No
FreeOTFE	Yes	No	Yes	No	Partial[31]	No	No	No	No	No
GBDE	No	No	No	Yes	No	No	No	No	No
GELI	No	No	No	Yes	No	No	No	No	No
loop-AES	No	No	No	No	Yes	No	No	No	No
McAfee Endpoint Encryption (SafeBoot)	Yes	Yes	Yes[32]	No	Yes	Yes	Yes	No	No
n-Crypt Pro	Yes	No	No	No	No	No	No	No	No
PGPDisk	Yes	No	No	No	No	Yes	No	No	No
PGP Whole Disk Encryption	Yes	No	Yes	No	Yes	Yes	No	No	No
Private Disk	Yes	Yes	No	No	No	No	No	No	No
R-Crypto	Yes	No	No	No	No	No	No	No	No
SafeGuard Easy	Yes	No	No	No	No	No	No	No	No
SafeGuard Enterprise	Yes	No	No	No	No	Yes	No	No	No
SafeGuard PrivateDisk	Yes	No	No	No	No	No	No	No	No
SafeHouse Professional	Yes	Yes	No	No	No	No	No	No	No
Scramdisk	Yes	Yes	No	No	Yes	No	No	No	No
Scramdisk 4 Linux	No	No	No	No	Yes	No	No	No	No
SecuBox	No	No	Yes	No	No	No	No	No	No
FinallySecure Enterprise (SECUDE)	Yes	No	No	No	No	No	No	No	No
SecureDoc	Yes	No	No	No	Yes	Yes	No	No	No
Sentry 2020	Yes	No	No	No	No	No	No	No	No
softraid / RAID C	No	No	No	No	No	No	No	Yes	No
SpyProof!	Yes	No	No	No	No	No	No	No	No
svnd / vnconfig	No	No	No	No	No	No	No	Yes	No
Symantec Endpoint Encryption	Yes	No	No	No	No	Yes	No	No	No
TrueCrypt	Yes	No	No	No[33]	Yes	Yes	No	No	No	Yes[34]
Aloaha Secure Stick	Yes	No	No	No	No	No	No	No	No
Name	Windows NT-based	Pre-Windows NT	Windows Mobile/Pocket PC	FreeBSD	Linux	Mac OS X	NetBSD	OpenBSD	DragonFly BSD	Android

Features

• Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established)^[35] can be created for deniable encryption. Note that some modes of operation like CBC with a plain IV can be more prone to watermarking attacks than others.
• Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk.
• Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications.^{[clarification needed]}
• Multiple keys: Whether an encrypted volume can have more than one active key.
• Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2.
• Hardware acceleration: Whether dedicated cryptographic accelerator expansion cards can be taken advantage of.
• Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor.
• Filesystems: what filesystems are supported.
• Two-factor authentication: Whether optional security tokens (hardware security modules, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11)

Name	Hidden containers	Pre-boot authentication	Custom authentication	Multiple keys	Passphrase strengthening	Hardware acceleration	TPM	Filesystems	Two-factor authentication
ArchiCrypt Live	Yes[36]	No	No	Yes[36][37]	No	No	No	?	Yes[36][38]
BestCrypt	Yes	Yes	No	Yes[39]	Yes	Yes	Yes	Any supported by OS	Yes[40]
BitArmor DataControl	No	Yes	No	Yes	Yes	No	No	NTFS, FAT32 on non-system volumes	No
BitLocker Drive Encryption	No	Yes[41]	Yes[42]	Yes[43]	Yes[44]	Yes	Yes[43]	Chiefly NTFS [Note 1]	Yes [Note 2]
Bloombase Keyparc	No	No	Yes	Yes	Yes	Yes	No	?	?
CGD	No	No	Yes[45]	Yes[46]	Yes[45]	No	No	Any supported by OS	Yes[45]
CenterTools DriveLock	No	Yes	No	No	Yes	No	No	Any supported by OS	Yes
Check Point Full Disk Encryption	?	Yes	Yes	Yes	Yes	?	?	?	Yes
CrossCrypt	No	No	No	No	No	No	No	?	No
CryptArchiver	No	No	No	No	?	No	No	?	?
cryptoloop	No	Yes[47]	Yes	No	No	Yes[citation needed]	No	Any supported by OS	?
DiskCryptor	No	Yes	Yes	No	Yes	Yes[48]	No	Any supported by OS	Yes[48]
DISK Protect	?	Yes[49]	?	Yes[49]	?	?	No	?	?
cryptsetup/dmsetup	No	Yes[47]	Yes	No	No	Yes	No	Any supported by OS	No
dm-crypt/LUKS	No	Yes[47]	Yes	Yes	Yes	Yes	Partial[50] [Note 3]	Any supported by OS	Yes
DriveCrypt	Yes[51]	Yes	No	Yes	Yes	No	No	?	Yes
DriveSentry GoAnywhere 2	No	No	Yes	No	Yes	No	?	Any supported by OS	Yes
E4M	No	No	No	No	?	No	No	?	No
e-Capsule Private Safe	Yes[52]	No	No	Yes[52]	No	Yes	No	?	?
eCryptfs	No	No	Yes	Yes	Yes	Yes	Yes	Yes[53]	Yes
FileVault	No	No	No	Two passwords[54]	Yes[54]	?	No	HFS+, possibly others	No
FileVault 2	No	Yes	No	Yes	Yes	Yes[55]	No	HFS+, possibly others	No
FREE CompuSec	No	Yes	No	No	No	No	No	Any supported by OS	No
FreeOTFE	Yes	No	Yes[56]	Yes[57]	Yes	No	No	Any supported by OS	Yes
GBDE	No	No[58]	Yes	Yes[59]	No[59]	No[58]	No	Any supported by OS	Yes
GELI	No	Yes[58]	Yes	Yes[60]	Yes[60]	Yes[58]	No	Any supported by OS	Yes
loop-AES	No	Yes[61]	Yes[61]	Yes[61]	Yes[61]	Yes[61]	No	Any supported by OS	Yes[62]
McAfee Endpoint Encryption (SafeBoot)	Yes	Yes	Yes	Yes	Yes	Yes[63] [64]	Yes	Any supported by OS	Yes
n-Crypt Pro	No	No	No	No	N/A[65]	No	No	?	?
PGPDisk	No	Yes[66]	?	Yes	Yes[67]	?	Yes	?	Yes
Private Disk	No	No	No	Yes	Yes	No	No	Any supported by OS	Yes
R-Crypto	?	No	?	?	?	?	?	Any supported by OS	?
SafeGuard Easy	No	Yes	No	Yes	Yes	No	Yes[68]	Any supported by OS	Yes
SafeGuard Enterprise	No	Yes	No	Yes	Yes	No	Yes[68]	Any supported by OS	Yes
SafeGuard PrivateDisk	No	N/A	No	Yes	Yes	No	Yes[69]	Any supported by OS	Yes
SafeHouse Professional	No	No	Yes	Yes	Yes	No	No	Any supported by OS	Yes
Scramdisk	Yes	No	No	No	No	No	No	?	Last update to web site 2009-07-02
Scramdisk 4 Linux	Yes[70]	No	No	No	Yes[70]	No	No	ext2, ext3, reiserfs, minix, ntfs, vfat/msdos	No
SecuBox	No	No	No	No	Yes	No	No	?	No
FinallySecure Enterprise (SECUDE)	No	Yes	Yes	No	Yes	No	Yes	?	Yes
SecureDoc	No	Yes[71]	Yes	Yes	Yes	Yes	Yes	?	Yes
Sentry 2020	No	No	No	No	No	No	No	?	No
softraid / RAID C	No	No	?	?	?	Yes	?	Any supported by OS	?
svnd / vnconfig	No	No	No	No	Yes[72]	Yes	?	Any supported by OS	?
Symantec Endpoint Encryption	No	Yes	Yes	Yes	Yes	No	No	NTFS, FAT32	Yes
TrueCrypt	Yes (limited to one per "outer" container)	only on Windows[73]	No	yes with multiple keyfiles[74][75]	Yes	Yes	No	Any supported by OS	Yes
Aloaha Secure Stick	Yes	No	Yes	Yes	No	No	No	NTFS, FAT32	Yes
Name	Hidden containers	Pre-boot authentication	Custom authentication	Multiple keys	Passphrase strengthening	Hardware acceleration	TPM	Filesystems	Two-factor authentication

1. Windows 7 introduces Bitlocker-To-Go which supports NTFS, FAT32 or exFAT, however for hard drive encryption, Windows Vista and later are limited to be installable only on NTFS volumes
2. BitLocker can be used with a TPM PIN + external USB key for two-factor authentication
3. An external tool can be used to read the key from the TPM and then have the key passed on to dm-crypt/LUKS via the standard input

Layering

For more details on this topic, see Encryption layer in storage stack.

• Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to "pre-boot authentication" in the features comparison table.
• Partition: Whether individual disk partitions can be encrypted.
• File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices).
• Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly.
• Hibernation file: Whether the hibernation file is encrypted (if hibernation is supported).

Name	Whole disk	Partition	File	Swap space	Hibernation file
ArchiCrypt Live	Yes (except for the boot volume)	Yes	Yes	No	No
BestCrypt	Yes	Yes	Yes	Yes	Yes[79]
BitArmor DataControl	No	Yes	No	Yes	Yes
BitLocker Drive Encryption	Yes (except for the boot volume)	Yes	No	Yes (parent volume is encrypted)	Yes (parent volume is encrypted)
Bloombase Keyparc	Yes	Yes	Yes	Yes	No
CenterTools DriveLock	Yes	Yes	Yes	Yes	Yes
CGD	Yes	Yes	Yes[45]	Yes	No
Check Point Full Disk Encryption	Yes	Yes	?	Yes	Yes
CrossCrypt	No	No	Yes	No	No
CryptArchiver	No	No	Yes	No	No
cryptoloop	Yes	Yes	Yes	Yes	No
DiskCryptor	Yes	Yes	No	Yes	Yes
dm-crypt	Yes	Yes	Yes[80]	Yes	Yes[81]
DriveCrypt	Yes	Yes[51]	Yes[51]	No	No
DriveSentry GoAnywhere 2	No	Yes	Yes	No	No
E4M	No	Yes	Yes	No	No
e-Capsule Private Safe	No	No	Yes[82]	No	No
eCryptfs	No	No	Yes	No	No
FileVault	No	No	Yes[54]	Yes[83][54]	Yes[83][84]
FileVault 2	No	Yes[55]	No	Yes	Yes
FREE CompuSec	Yes	No	Yes	Yes	Yes
FreeOTFE	Yes (except for the boot volume)	Yes	Yes	No	No
GBDE	Yes	Yes	Yes[85]	Yes	No
GELI	Yes	Yes	Yes[85]	Yes	No
loop-AES	Yes	Yes[61]	Yes[61]	Yes[61]	Yes[61]
McAfee Endpoint Encryption (SafeBoot)	Yes	Yes	Yes	Yes	Yes[86]
n-Crypt Pro	Yes	Yes	Yes	No	No
PGPDisk	Yes	Yes	Yes	Yes	only on Windows
Private Disk	No	No	Yes	No	No
R-Crypto	No	No	Yes	No	No
SafeGuard Easy	Yes	Yes	extra module	Yes	Each sector on disk is encrypted
SafeGuard Enterprise	Yes	Yes	Yes	Yes	Each sector on disk is encrypted
SafeGuard PrivateDisk	No	No	Yes	No	No
SafeHouse Professional	No	No	Yes	No	No
Scramdisk	No	Yes	Yes	No	No
Scramdisk 4 Linux	Yes	Yes	Yes	Yes	No
SecuBox	No	No	Yes	N/A	No
FinallySecure Enterprise (SECUDE)	Yes	Yes	Yes	Yes	Yes
SecureDoc	Yes[71]	Yes	Yes	Yes	Yes
Sentry 2020	No	No	Yes	No	No
softraid / RAID C	Yes	Yes	No	Yes (encrypted by default in OpenBSD)[87]	No
svnd / vnconfig	?	Yes	Yes	Yes (encrypted by default in OpenBSD)	?
SpyProof!	No	Yes	Yes	No	No
Symantec Endpoint Encryption	Yes	Yes	Yes	Yes	Yes
TrueCrypt	Yes[88]	Yes	Yes	Yes	only on Windows[73]
Aloaha Secure Stick	No	No	Yes	No	No
Cryptomill	Yes	N/A	Yes	N/A	N/A
Name	Whole disk	Partition	File	Swap space	Hibernation file

Modes of operation

For more details on this topic, see Disk encryption theory.

Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.

• CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks.
• CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
• CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details)
• LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.^[89]
• XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWG (IEEE P1619) standard for disk encryption.

Name	CBC w/ predictable IVs	CBC w/ secret IVs	CBC w/ random per-sector keys	LRW	XTS
ArchiCrypt Live	No	No	No	Legacy support [90]	Yes
BestCrypt	No	Yes	No	Yes[91]	Yes[92]
BitArmor DataControl	No	Yes	Plumb-IV	No	No
BitLocker Drive Encryption	No[93]	Yes[93]	No	No	No
Bloombase Keyparc	?	Yes	?	?	?
CGD	No	Yes[94]	No	No	No
CenterTools DriveLock	?	?	?	?	?
Check Point Full Disk Encryption	?	?	?	?	?
CrossCrypt	Yes	No	No	No	No
CryptArchiver	?	?	?	?	?
cryptoloop	Yes	No	No	No	No
DiskCryptor	No	No	No	No	Yes
dm-crypt	Yes	Yes	No	Yes, using *-lrw-benbi[95]	Yes, using *-xts-plain
DriveCrypt	?	?	?	?	?
DriveSentry GoAnywhere 2	?	?	?	?	?
E4M	?	?	?	No	No
e-Capsule Private Safe	?	?	?	?	?
eCryptfs	No	Yes	?	No	No
FileVault	Yes[54]	No	No	No	No
FileVault 2	No	No	No	No	Yes[96]
FREE CompuSec	Yes	No	No	No	No
FreeOTFE	Yes	Yes	No	Yes	Yes
GBDE	No	No	Yes[59]	No	No
GELI	No	Yes[97]	No	No	Yes
loop-AES	single-key, multi-key-v2 modes[61]	multi-key-v3 mode[61]	No	No	No
McAfee Endpoint Encryption (SafeBoot)	No	Yes	No	No	No
n-Crypt Pro	?	?	No	No	No
PGPDisk	?	?	?	?	?
Private Disk	Yes	No	Yes[citation needed]	No	No
R-Crypto	?	?	?	?	?
SafeGuard Easy	?	?	?	?	?
SafeGuard Enterprise	?	?	?	?	?
SafeGuard PrivateDisk	?	?	?	?	?
SafeHouse Professional	Yes	No	No	No	No
Scramdisk	No	Yes	No	No	No
Scramdisk 4 Linux	No	Yes[98]	No	Yes[99]	Yes[100]
SecuBox	Yes	No	No	No	No
FinallySecure Enterprise (SECUDE)	?	?	?	?	?
SecureDoc	?	?	?	?	?
Sentry 2020	?	?	?	?	?
softraid / RAID C	?	?	?	?	Yes [101]
svnd / vnconfig	?	?	?	?	?
Symantec Endpoint Encryption	No	No	Yes	No	No
TrueCrypt	Legacy support [102]	No	No	Legacy support [103]	Yes [104]
Aloaha Secure Stick	No	No	No	Yes	Yes
Name	CBC w/ predictable IVs	CBC w/ secret IVs	CBC w/ random per-sector keys	LRW	XTS

See also

• Disk encryption software
• Disk encryption theory
• List of cryptographic file systems
• Cold boot attack
• Comparison of encrypted external drives

Notes and references

1. "Jetico Company Info". Jetico. Retrieved 2007-01-05. 
2. Roland Dowdeswell (2002-10-04). "CryptoGraphic Disk". mailing list announcement. Retrieved 2007-01-14. 
3. Original release as Protect Data Security Inc.'s "Protect!style="background: #ececec; color: black; font-weight: bold; vertical-align: middle; text-align: left; " class="table-rh"|""Protect guards laptop and desktop data". Retrieved 2008-09-03. ^{[dead link]}
4. Company and product name change to Pointsec "Protect Data Security Inc. changes name to Pointsec Mobile Technologies Inc.". Archived from the original on 2004-08-20. Retrieved 2008-09-03. 
5. "Check Point Completes the Offer for Protect Data with Substantial Acceptance of 87.1 Percent". Retrieved 2008-09-03. 
6. Sarah Dean (2004-02-10). "OTFEDB entry". Retrieved 2008-08-10. 
7. Initial cryptoloop patches for the Linux 2.5 development kernel: http://uwsg.iu.edu/hypermail/linux/kernel/0307.0/0348.html
8. dm-crypt was first included in Linux kernel version 2.6.4: http://lwn.net/Articles/75404/
9. Clemens Fruhwirth. "LUKS version history". Retrieved 2006-12-24. 
10. "archived E4M documentation". Archived from the original on 2000-05-24. ).
11. "eCryptfs". Retrieved 2008-04-29. 
12. "FreeOTFE version history". Archived from the original on 2006-12-07. Retrieved 2006-12-24. 
13. "gbde(4) man page in FreeBSD 4.11". GBDE manual page as it appeared in FreeBSD 4.11. Retrieved 2006-12-24. 
14. "geli(8) man page in FreeBSD 6.0". GELI manual page as it first appeared in FreeBSD 6.0. Retrieved 2006-12-24. 
15. "McAfee Endpoint Encryption". product description. McAfee. Retrieved 2009-03-04. 
16. "PGP 6.0 Freeware released- any int'l links?". comp.security.pgp. Web link. Retrieved 2007-01-04.
17. "Dekart Encryption software timeline". Dekart. 
18. "SafeGuard Easy 4.5 Technical Whitepaper". Utimaco. Retrieved 2009-08-10. 
19. "SafeGuard Enterprise Technical Whitepaper". Utimaco. Retrieved 2009-08-10. 
20. Rebranded as ThinkVantage Client Security "ThinkVantage Technologies Deployment Guide". Lenovo. Retrieved 2008-03-05. 
21. "ScramDisk 4 Linux Releases". 
22. "Sentry 2020 news". Retrieved 2007-01-02. 
23. OpenBSD 4.2 change notes
24. OpenBSD 2.8 change notes
25. TrueCrypt version history
26. "TrueCrypt License". Retrieved 2012-02-01. 
27. [1] PocketPC freeware release- SmartPhone beta available
28. [2] FreeOTFE supports cryptoloop, dm-crypt/cryptsetup/dmsetup, and dm-crypt/LUKS volumes
29. [3] FreeOTFE4PDA supports dm-crypt/LUKS volumes
30. [4] libfvde supports reading FileVault2 Drive Encryption (FVDE) encrypted volumes
31. [5] Supports Linux volumes
32. "Endpoint Encryption Datasheet". McAfee. Retrieved 2010-06-14. 
33. [6] Although TrueCrypt can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when TrueCrypt is attempted to be used
34. [7] Third party app allows to open containers encryptes with AES-256, SHA-512 hash and FAT file system
35. [8] Hidden containers description from Jetico (BestCrypt)
36. Secret-containers and Camouflage files ArchiCrypt Live Description
37. Supports "Guest" keys
38. Using "Archicrypt Card"
39. Supported by the BestCrypt container format; see BestCrypt SDK
40. Supported by the BestCrypt Volume Encryption software
41. With PIN or USB key)
42. BitLocker Drive Encryption: Value Add Extensibility Options
43. "BitLocker Drive Encryption Technical Overview". Microsoft. Retrieved 2008-03-13. 
44. Recovery keys only.
45. Roland C. Dowdeswell, John Ioannidis. "The CryptoGraphic Disk Driver" (PDF). CGD design paper. Retrieved 2006-12-24. 
46. Federico Biancuzzi (2005-12-21). "Inside NetBSD's CGD". interview with Roland Dowdeswell. ONLamp.com. Retrieved 2006-12-24. 
47. dm-crypt and cryptoloop volumes can be mounted from the initrd before the system is booted
48. "DiskCryptor Features". Retrieved 2010-05-25. 
49. "DISK Protect 4.2 Data Sheet" (PDF). Retrieved 2008-02-27. 
50. "cryptsetup Frequently Asked Questions". Retrieved 2012-10-25. 
51. "DriveCrypt features". SecurStar GmbH. Retrieved 2007-01-03. 
52. "Multi level access with separate access credentials, each enabling a different set of functional or logical operations". EISST Ltd. Retrieved 2007-07-25. 
53. uses the lower filesystem (stacking)
54. Jacob Appelbaum, Ralf-Philipp Weinmann (2006-12-29). Unlocking FileVault: An Analysis of Apple's disk encryption (PDF). Retrieved 2012-01-03. 
55. "Mac OS X 10.7 Lion: the Ars Technica review". Ars Technica. 2011-07-20. Retrieved 2012-01-03. 
56. FreeOTFE has a modular architecture and set of components to allow 3rd party integration
57. FreeOTFE allows multiple keys to mount the same container file via encrypted keyfiles
58. "FreeBSD Handbook: Encrypting Disk Partitions". Retrieved 2006-12-24. 
59. Poul-Henning Kamp. "GBDE - GEOM Based Disk Encryption" (PDF). GBDE design document. Retrieved 2006-12-24. 
60. "geli(8) man page in FreeBSD-current". GELI manual page in current FreeBSD. Retrieved 2006-12-24. 
61. Jari Ruusu. "loop-AES README file". Retrieved 2007-04-23. 
62. Using customization
63. "McAfee Endpoint Encryption". McAfee. Retrieved 2012-07-26. 
64. "Intel Advanced Encryption Standard (AES) Instructions Set - Rev 3". Intel. Retrieved 2012-07-26. 
65. n-Crypt Pro does not use password authentication— biometric/USB dongle authentication only
66. "PGP Whole Disk Encryption FAQ". PGP Corporation. Retrieved 2006-12-24. 
67. PGP private keys are always protected by strengthened passphrases
68. "Embedded Security: Trusted Platform Module Technology Comes of Age". Utimaco. Retrieved 2008-03-04. 
69. "ThinkVantage Technologies Deployment Guide". Lenovo. Retrieved 2008-03-05. 
70. For Truecrypt containers
71. "SecureDoc Product Information". WinMagic Inc. Retrieved 2008-03-05. 
72. optional by using -K OpenBSD Manual Pages: vnconfig(8)
73. http://www.truecrypt.org/docs/sys-encryption-supported-os.php
74. Although each volume encrypted with TrueCrypt can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (cf. TrueCrypt FAQ: Is there a way for an administrator to reset a password when a user forgets it?)
75. http://www.truecrypt.org/docs/?s=keyfiles
76. http://www.jetico.com/data-protection-encryption-bestcrypt-volume-encryption-enterprise/
77. dm-crypt can encrypt a file-based volume when used with the losetup utility included with all major Linux distributions
78. yes, but the user needs custom scripts: http://www.linuxquestions.org/questions/slackware-14/luks-encryption-swap-and-hibernate-627958/
79. Uses proprietary e-Capsule file system not exposed to the OS.
80. not technically part of FileVault, but provided by many versions of Mac OS X; can be enabled independently of FileVault
81. http://macmarshal.com/images/Documents/mm_wp_102.pdf
82. File-based volume encryption is possible when used with mdconfig(8) utility.
83. "Control Break Internation Debuts SafeBoot Version 4.27". Retrieved 2008-08-12. 
84. http://www.openbsd.org/plus38.html OpenBSD 3.8 change notes
85. yes, but not Windows UEFI-based computers with a GUID partition table (GPT): http://www.truecrypt.org/future
86. LRW_issue
87. Containers created with ArchiCrypt Live version 5 use LRW
88. "New features in BestCrypt version 8". Jetico. Retrieved 2007-03-02. 
89. "New features in version 2". Jetico. Retrieved 2009-03-01. 
90. Niels Fergusson (August 2006). AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista. Microsoft. Retrieved 2008-02-22. 
91. "man 4 cgd in NetBSD-current". NetBSD current manual page on CGD. 2006-03-11. Retrieved 2006-12-24. 
92. Starting with Linux kernel version 2.6.20, CryptoAPI supports the LRW mode: http://lwn.net/Articles/213650/
93. "OS X Lion: About FileVault 2". Retrieved 2011-01-03. 
94. "Linux/BSD disk encryption comparison". Retrieved 2006-12-24. 
95. For Scramdisk containers
96. For Truecrypt 4 containers
97. For Truecrypt 5 and 6 containers
98. Commit enabling AES XTS
99. Containers created with TrueCrypt versions 1.0 through 4.0 use CBC.
100. Containers created with TrueCrypt versions 4.1 through 4.3a use LRW, and support CBC for opening legacy containers only.
101. Containers created with TrueCrypt versions 5.0 or later use XTS, and support LRW/CBC for opening legacy containers only.

External links

• On-The-Fly Encryption: A Comparison - A much larger comparison of disk encryption software, sorted by OS
• Buyer's Guide to Full Disk Encryption - Overview of full-disk encryption, how it works, and how it differs from file-level encryption—plus an overview of leading full-disk encryption software.