Comparison of disk encryption software: Difference between revisions
Appearance
Content deleted Content added
TrueCrypt actually never used public IVs. The IVs were always secret but differences between two consecutive IVs were predictable (the actual IV values were always unknown). |
Made the Modes of Operation chart more scalable (if a product supports 100 modes, there needs to be 100 columns, which is impractical). |
||
Line 542: | Line 542: | ||
* '''CBC w/ secret IVs''': The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD). |
* '''CBC w/ secret IVs''': The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD). |
||
* '''LRW''': The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. |
* '''LRW''': The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. |
||
* ''' |
* '''CBC /w random per-sector keys''': The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See [[GBDE]] for details) |
||
{| class="wikitable sortable" style="width: 100%; text-align: center; font-size: smaller; table-layout: fixed;" |
{| class="wikitable sortable" style="width: 100%; text-align: center; font-size: smaller; table-layout: fixed;" |
||
|- |
|- |
||
! Name |
! Name |
||
! Mode of operation |
|||
⚫ | |||
⚫ | |||
! LRW |
|||
⚫ | |||
|- |
|- |
||
! [[BestCrypt]] |
! [[BestCrypt]] |
||
⚫ | |||
| {{?}} |
|||
| {{?}} |
|||
⚫ | |||
| {{no}} |
|||
|- |
|- |
||
! [[TrueCrypt]] |
! [[TrueCrypt]] |
||
| LRW<ref>{{cite web |date=[[2007-07-18]] |title=TrueCrypt - Free Open-Source Disk Encryption Software - Documentation - Modes of Operation |url=http://www.truecrypt.org/docs/modes-of-operation.php |accessdate=2007-07-18 }}</ref>, deprecated format volumes use CBC with whitening<ref>{{cite web |date=[[2007-07-18]] |title=TrueCrypt - Free Open-Source Disk Encryption Software - Documentation - Version history |url=http://www.truecrypt.org/docs/version-history.php |accessdate=2007-07-18 }}</ref> |
|||
| {{no}} |
|||
| {{no}} |
|||
| {{yes}}<ref>Containers created with TrueCrypt versions 4.1 or later (before November 2005) use LRW, legacy containers use CBC</ref> |
|||
| {{no}} |
|||
|- |
|- |
||
! [[Sentry 2020]] |
! [[Sentry 2020]] |
||
| {{?}} |
|||
| {{?}} |
|||
| {{?}} |
|||
| {{?}} |
| {{?}} |
||
|- |
|- |
||
! [[PGPDisk]] |
! [[PGPDisk]] |
||
| {{?}} |
|||
| {{?}} |
|||
| {{?}} |
|||
| {{?}} |
| {{?}} |
||
|- |
|- |
||
! [[CrossCrypt]] |
! [[CrossCrypt]] |
||
⚫ | |||
| {{yes}} |
|||
| {{no}} |
|||
| {{No}} |
|||
| {{No}} |
|||
|- |
|- |
||
! Private Disk |
! Private Disk |
||
⚫ | |||
| {{yes}} |
|||
| {{no}} |
|||
| {{no}} |
|||
| {{yes}} |
|||
|- |
|- |
||
! loop-AES |
! loop-AES |
||
| |
| CBC w/ public IVs<ref name=loop-aes/><!-- single-key and multi-key-v2 modes -->, CBC w/ secret IVs<ref name=loop-aes/><!-- multi-key-v3 mode --> |
||
| {{yes}}<ref name=loop-aes/><!-- multi-key-v3 mode --> |
|||
| {{no}} |
|||
| {{no}} |
|||
|- |
|- |
||
! DriveCrypt |
! DriveCrypt |
||
| {{?}} |
|||
| {{?}} |
|||
| {{?}} |
|||
| {{?}} |
| {{?}} |
||
|- |
|- |
||
! CGD |
! CGD |
||
⚫ | |||
| {{no}} |
|||
⚫ | |||
| {{no}} |
|||
| {{no}} |
|||
|- |
|- |
||
! [[GBDE]] |
! [[GBDE]] |
||
⚫ | |||
| {{no}} |
|||
| {{no}} |
|||
| {{no}} |
|||
⚫ | |||
|- |
|- |
||
! [[cryptoloop]] |
! [[cryptoloop]] |
||
| CBC w/ public IVs |
|||
| {{yes}} |
|||
| {{no}} |
|||
| {{no}} |
|||
| {{no}} |
|||
|- |
|- |
||
! [[FileVault]] |
! [[FileVault]] |
||
| |
| CBC w/ public IVs<ref name=nsa-vilefault/> |
||
| {{no}} |
|||
| {{no}} |
|||
| {{no}} |
|||
|- |
|- |
||
! [[dm-crypt]] |
! [[dm-crypt]] |
||
⚫ | |||
| {{yes}} |
|||
| {{yes}} |
|||
⚫ | |||
| {{no}} |
|||
|- |
|- |
||
! [[FreeOTFE]] |
! [[FreeOTFE]] |
||
| CBC w/ public IVs, CBC w/ secret IVs |
|||
| {{yes}} |
|||
| {{yes}} |
|||
| {{no}} |
|||
| {{no}} |
|||
|- |
|- |
||
! [http://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8 GELI] |
! [http://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8 GELI] |
||
⚫ | |||
| {{no}} |
|||
⚫ | |||
| {{no}} |
|||
| {{no}} |
|||
|- |
|- |
||
! [[CryptArchiver]] |
! [[CryptArchiver]] |
||
| {{?}} |
|||
| {{?}} |
|||
| {{?}} |
|||
| {{?}} |
| {{?}} |
||
|- |
|- |
||
! n-Crypt Pro |
! n-Crypt Pro |
||
| {{?}} |
| {{?}} |
||
| {{?}} |
|||
| {{no}} |
|||
| {{no}} |
|||
|- |
|- |
||
! [[Scramdisk]] |
! [[Scramdisk]] |
||
⚫ | |||
| {{no}} |
|||
| {{yes}} |
|||
| {{no}} |
|||
| {{no}} |
|||
|- |
|- |
||
! [[Scramdisk]] 4 Linux |
! [[Scramdisk]] 4 Linux |
||
⚫ | |||
| {{no}} |
|||
⚫ | |||
| {{yes}}<ref name=sd4l-tc/> |
|||
| {{no}} |
|||
|- |
|- |
||
! SecuBox |
! SecuBox |
||
| CBC w/ public IVs |
|||
| {{yes}} |
|||
| {{no}} |
|||
| {{no}} |
|||
| {{no}} |
|||
|- |
|- |
||
! Safeboot Device Encryption |
! Safeboot Device Encryption |
||
| {{?}} |
|||
| {{?}} |
|||
| {{?}} |
|||
| {{?}} |
| {{?}} |
||
|- |
|- |
||
! SafeGuard Easy |
! SafeGuard Easy |
||
| {{?}} |
|||
| {{?}} |
|||
| {{?}} |
|||
| {{?}} |
| {{?}} |
||
|} |
|} |
Revision as of 14:00, 18 July 2007
Technical feature comparison of different disk encryption software.
Background information
Name | Developer | Release date | Licensing | Operating system support | Development status |
---|---|---|---|---|---|
BestCrypt | Jetico | 1993[1] | Commercial, limited source code | Linux 2.6, Windows NT-based, Windows 9x, Windows 3.1, MS-DOS | Actively developed |
TrueCrypt | TrueCrypt Foundation | 1998 | Free, open source (custom) | Linux 2.6, Windows NT-based | Actively developed |
Sentry 2020 | SoftWinter | 1998[2] | Commercial, closed source | Windows NT-based, Pocket PC | Actively developed |
PGPDisk | PGP Corporation | 1998-09-01[3] | Commercial, closed source | Windows NT-based, Mac OS X | Maintained |
CrossCrypt | Steven Scherrer | 1999-06-09[4] | Free, open source (GPL) | Windows NT-based | ? |
Private Disk | Dekart | 1999[5] | Commercial, closed source | Windows NT-based, Windows 9x | Actively developed |
loop-AES | Jari Ruusu | 2001-04-11 | Free, open source (GPL) | Linux 2.0+ | Actively developed |
DriveCrypt | SecurStar GmbH | 2001 | Commercial, closed source | Windows NT-based | Maintained |
DISK Protect | BeCrypt Ltd | 2001 | Commercial, closed source | Windows NT-based | Maintained |
CGD | Roland C. Dowdeswell | 2002-10-04[6] | Free, open source (BSD) | NetBSD 2.0+ | Maintained |
GBDE | Poul-Henning Kamp | 2002-10-19[7] | Free, open source (BSD) | FreeBSD 5.0+ | Maintained |
cryptoloop | ? | 2003-07-02[8] | Free, open source (GPL) | Linux 2.5–2.6 | Deprecated, known vulnerabilities |
FileVault | Apple Computer | 2003-10-24 | Included with OS X, closed source | Mac OS X v10.3 "Panther" | ? |
dm-crypt/cryptsetup | Christophe Saout | 2004-03-11[9] | Free, open source (GPL) | Linux 2.6 Windows NT-based(via FreeOTFE) | Actively developed |
dm-crypt/LUKS | Clemens Fruhwirth (LUKS) | 2005-02-05[10] | Free, open source (GPL) | Linux 2.6 Windows NT-based(via FreeOTFE) | Actively developed |
FreeOTFE | Sarah Dean | 2004-10-10[11] | Free, open source (custom) | Windows NT-based, Pocket PC | Actively developed |
GELI | Pawel Jakub Dawidek | 2005-04-11[12] | Free, open source (BSD) | FreeBSD 6.0+ | Maintained |
CryptArchiver | WinEncrypt | ? | Commercial, closed source | Windows NT-based | Maintained |
n-Crypt Pro | n-Trance Security Ltd | 2005 | Commercial, closed source | Windows NT-based | Maintained |
Scramdisk | Shaun Hollingworth | 1997-07-01 | Free, open source (custom) | Windows 9x, Windows NT-2K | Unmaintained |
Scramdisk 4 Linux | Hans-Ulrich Juettner | 2005-08-06 [13] | Free, open source (GPL) | Linux 2.4–2.6 | Actively developed |
SecuBox | Aiko Solutions | 2007-02-19[14] | Commercial, closed source | Windows CE, Windows Mobile | Actively developed |
Safeboot Device Encryption | Safeboot | ?[15] | Commercial, closed source | Windows NT-based, Windows Mobile | Actively developed |
SafeGuard Easy | Utimaco | 1993[16] | Commercial, closed source | Windows NT-based[17] | Actively developed |
Features
- Hidden containers: Whether hidden containers can be created for deniable encryption. Note that some modes of operation can be more prone to watermarking attacks than others.
- Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk.
- Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications.
- Multiple keys: Whether an encrypted volumes can have more than one active key.
- Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2.
- Hardware acceleration: Whether dedicated cryptography acceleration extension cards can be taken advantage of.
Name | Hidden containers | Pre-boot authentication | Custom authentication | Multiple keys | Passphrase strengthening | Hardware acceleration |
---|---|---|---|---|---|---|
BestCrypt | Yes | Yes | No | Yes[18] | ? | No |
TrueCrypt | Yes | No | No | No | Yes | No |
Sentry 2020 | No | No | No | ? | ? | No |
PGPDisk | No | Yes[19] | ? | Yes | Yes[20] | ? |
CrossCrypt | No | No | No | No | No | No |
Private Disk | No | No | No | Yes | Yes | No |
loop-AES | No | Yes[21] | Yes[21] | Yes[21] | Yes[21] | Yes[21] |
DriveCrypt | Yes[22] | Yes | No | Yes | Yes | No |
CGD | No | No | Yes[23] | Yes[24] | Yes[23] | No |
GBDE | No | No[25] | Yes | Yes[26] | No[26] | No[25] |
cryptoloop | No | Yes[27] | Yes | No | No | Yes |
FileVault | No | No | No | Two passwords[28] | Yes[28] | No |
dm-crypt/cryptsetup | No | Yes[27] | Yes | No | No | Yes |
FreeOTFE | Yes | No | No | Yes[29] | Yes | No |
dm-crypt/LUKS | No | Yes[27] | Yes | Yes | Yes | Yes |
GELI | No | Yes[25] | Yes | Yes[30] | Yes[30] | Yes[25] |
CryptArchiver | No | No | No | No | ? | No |
n-Crypt Pro | No | No | No | No | —[31] | No |
Scramdisk | Yes | No | No | No | No | No |
Scramdisk 4 Linux | Yes[32] | No | No | No | Yes[32] | No |
SecuBox | No | No | No | No | Yes | No |
Safeboot Device Encryption | ? | Yes | ? | Yes | ? | ? |
SafeGuard Easy | No | Yes | No | Yes | ? | No |
Layering
- Whole disk: Whether the whole disk can be encrypted, including the partition tables. Note that this does not imply that the encrypted disk can be booted off of; refer to "pre-boot authentication" in the features comparison table.
- Partition: Whether individual disk partitions can be encrypted.
- File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices).
- Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly.
Name | Whole disk | Partition | File | Swap space |
---|---|---|---|---|
BestCrypt | Yes | ? | Yes | Yes |
TrueCrypt | Yes[33] | Yes[33] | Yes[33] | Add-on[34] |
Sentry 2020 | No | No | Yes | No |
PGPDisk | Yes | Yes | Yes | No |
CrossCrypt | No | No | Yes | No |
Private Disk | No | No | Yes | No |
loop-AES | Yes | Yes[21] | Yes[21] | Yes[21] |
DriveCrypt | No | Yes[22] | Yes[22] | No |
CGD | Yes | Yes | Yes[23] | Yes |
GBDE | Yes | Yes | Yes[35] | Yes |
cryptoloop | Yes | Yes | Yes | Yes |
FileVault | No | No | Yes[28] | Yes[28] |
dm-crypt | Yes | Yes | Yes[36] | Yes |
FreeOTFE | Yes | Yes | Yes | No |
GELI | Yes | Yes | Yes[35] | Yes |
CryptArchiver | No | No | Yes | No |
n-Crypt Pro | Yes | Yes | Yes | No |
Scramdisk | No | Yes | Yes | No |
Scramdisk 4 Linux | No | Yes | Yes | No |
SecuBox | No | No | Yes | — |
Safeboot Device Encryption | ? | ? | ? | ? |
SafeGuard Easy | Yes | Yes | No[37] | Yes |
Modes of operation
Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.
- CBC w/ public IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks.
- CBC w/ secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
- LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption.
- CBC /w random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details)
Name | Mode of operation |
---|---|
BestCrypt | LRW[38], CBC |
TrueCrypt | LRW[39], deprecated format volumes use CBC with whitening[40] |
Sentry 2020 | ? |
PGPDisk | ? |
CrossCrypt | CBC w/ public IVs |
Private Disk | CBC /w random per-sector keys |
loop-AES | CBC w/ public IVs[21], CBC w/ secret IVs[21] |
DriveCrypt | ? |
CGD | CBC w/ secret IVs[41] |
GBDE | CBC /w random per-sector keys[26] |
cryptoloop | CBC w/ public IVs |
FileVault | CBC w/ public IVs[28] |
dm-crypt | CBC w/ public IVs, CBC w/ secret IVs, LRW[42] |
FreeOTFE | CBC w/ public IVs, CBC w/ secret IVs |
GELI | CBC w/ public IVs[43] |
CryptArchiver | ? |
n-Crypt Pro | ? |
Scramdisk | CBC w/ secret IVs |
Scramdisk 4 Linux | CBC w/ secret IVs[44], LRW[32] |
SecuBox | CBC w/ public IVs |
Safeboot Device Encryption | ? |
SafeGuard Easy | ? |
See also
Notes and references
- ^ "Jetico Company Info". Jetico. Retrieved 2007-01-05.
- ^ "Sentry 2020 news". Retrieved 2007-01-02.
- ^ "PGP 6.0 Freeware released - any int'l links?". Newsgroup: comp.security.pgp. 6sh4vm$jbf$1@news.cybercity.dk. Retrieved 2007-01-04.
- ^ Stefan Scherrer (2004-02-03). "readme.txt in CrossCrypt source distribution". Retrieved 2007-01-05.
{{cite web}}
: Check date values in:|date=
(help) - ^ "Dekart Encryption software timeline". Dekart.
- ^ Roland Dowdeswell (2002-10-04). "CryptoGraphic Disk". mailing list announcement. Retrieved 2007-01-14.
{{cite web}}
: Check date values in:|date=
(help) - ^ "gbde(4) man page in FreeBSD 4.11". GBDE manual page as it appeared in FreeBSD 4.11. Retrieved 2006-12-24.
- ^ Initial cryptoloop patches for the Linux 2.5 development kernel: http://uwsg.iu.edu/hypermail/linux/kernel/0307.0/0348.html
- ^ dm-crypt was first included in Linux kernel version 2.6.4: http://lwn.net/Articles/75404/
- ^ Clemens Fruhwirth. "LUKS version history". Retrieved 2006-12-24.
- ^ "FreeOTFE version history". Retrieved 2006-12-24.
- ^ "geli(8) man page in FreeBSD 6.0". GELI manual page as it first appeared in FreeBSD 6.0. Retrieved 2006-12-24.
- ^ "ScramDisk 4 Linux Releases".
- ^ "Secubox for Pocket PC". release announcement. Aiko Solutions. Retrieved 2007-06-27.
- ^ "Safeboot Device Encryption". release announcement. Safeboot. Retrieved ?.
{{cite web}}
: Check date values in:|accessdate=
(help) - ^ "SafeGuard Easy 4.0 Technical Whitepaper" (PDF). Utimaco. Retrieved 2007-07-03.
- ^ Former versions for MS-DOS, Windows 3.x, Windows 9x, Windows NT4, IBM OS/2 up to Warp 4.
- ^ Supported by the BestCrypt container format; see BestCrypt SDK
- ^ "PGP Whole Disk Encryption FAQ". PGP Corporation. Retrieved 2006-12-24.
- ^ PGP private keys are always protected by strengthened passphrases
- ^ a b c d e f g h i j Jari Ruusu. "loop-AES README file". Retrieved 2007-04-23.
- ^ a b c "DriveCrypt features". SecurStar GmbH. Retrieved 2007-01-03.
- ^ a b c Roland C. Dowdeswell, John Ioannidis. "The CryptoGraphic Disk Driver" (PDF). CGD design paper. Retrieved 2006-12-24.
- ^ Federico Biancuzzi (2005-12-21). "Inside NetBSD's CGD". interview with Roland Dowdeswell. ONLamp.com.
{{cite web}}
: Check date values in:|date=
(help); Text "accessdate-2006-12-24" ignored (help) - ^ a b c d "FreeBSD Handbook: Encrypting Disk Partitions". Retrieved 2006-12-24.
- ^ a b c Poul-Henning Kamp. "GBDE - GEOM Based Disk Encryption" (PDF). GBDE design document. Retrieved 2006-12-24.
- ^ a b c dm-crypt and cryptoloop volumes can be mounted from the initrd before the system is booted
- ^ a b c d e Jacob Appelbaum, Ralf-Philipp Weinmann (2006-12-29). "Unlocking FileVault: An Analysis of Apple's disk encryption" (PDF). Retrieved 2007-03-31.
{{cite journal}}
: Check date values in:|date=
(help); Cite journal requires|journal=
(help) - ^ FreeOTFE allows multiple keys to mount the same container file via encrypted keyfiles
- ^ a b "geli(8) man page in FreeBSD-current". GELI manual page in current FreeBSD. Retrieved 2006-12-24.
- ^ n-Crypt Pro does not use password authentication — biometric/USB dongle authentication only
- ^ a b c For TrueCrypt containers
- ^ a b c "TrueCrypt documentation: TrueCrypt Volume". Retrieved 2007-01-08.
- ^ "Third-Party Project: TCTEMP". Retrieved 2007-01-08. "TCTEMP automates the process of using TrueCrypt to on-the-fly encrypt the Windows paging (swap) file, temporary files, and print spooler files."
- ^ a b File-based volume encryption is possible when used with mdconfig(8) utility.
- ^ dm-crypt can encrypt a file-based volume when used with the losetup utility included with all major Linux distributions
- ^ For container functionality SafeGuard PrivateDisk is available from Utimaco.
- ^ "New features in BestCrypt version 8". Jetico. Retrieved 2007-03-02.
- ^ "TrueCrypt - Free Open-Source Disk Encryption Software - Documentation - Modes of Operation". 2007-07-18. Retrieved 2007-07-18.
{{cite web}}
: Check date values in:|date=
(help) - ^ "TrueCrypt - Free Open-Source Disk Encryption Software - Documentation - Version history". 2007-07-18. Retrieved 2007-07-18.
{{cite web}}
: Check date values in:|date=
(help) - ^ "man 4 cgd in NetBSD-current". NetBSD current manual page on CGD. 2006-03-11. Retrieved 2006-12-24.
{{cite web}}
: Check date values in:|date=
(help) - ^ Starting with Linux kernel version 2.6.20, CryptoAPI supports the LRW mode: http://lwn.net/Articles/213650/
- ^ "Linux/BSD disk encryption comparison". Retrieved 2006-12-24.
- ^ For Scramdisk containers