Comparison of disk encryption software: Difference between revisions

Technical feature comparison of different disk encryption software.

Background information

Name	Developer	Release date	Licensing	Operating system support	Development status
BestCrypt	Jetico	1993[1]	Commercial, limited source code	Linux 2.6, Windows NT-based, Windows 9x, Windows 3.1, MS-DOS	Actively developed
TrueCrypt	TrueCrypt Foundation	1998	Free, open source (custom)	Linux 2.6, Windows NT-based	Actively developed
Sentry 2020	SoftWinter	1998[2]	Commercial, closed source	Windows NT-based, Pocket PC	Actively developed
PGPDisk	PGP Corporation	1998-09-01[3]	Commercial, closed source	Windows NT-based, Mac OS X	Maintained
CrossCrypt	Steven Scherrer	1999-06-09[4]	Free, open source (GPL)	Windows NT-based	?
Private Disk	Dekart	1999[5]	Commercial, closed source	Windows NT-based, Windows 9x	Actively developed
loop-AES	Jari Ruusu	2001-04-11	Free, open source (GPL)	Linux 2.0+	Actively developed
DriveCrypt	SecurStar GmbH	2001	Commercial, closed source	Windows NT-based	Maintained
DISK Protect	BeCrypt Ltd	2001	Commercial, closed source	Windows NT-based	Maintained
CGD	Roland C. Dowdeswell	2002-10-04[6]	Free, open source (BSD)	NetBSD 2.0+	Maintained
GBDE	Poul-Henning Kamp	2002-10-19[7]	Free, open source (BSD)	FreeBSD 5.0+	Maintained
cryptoloop	?	2003-07-02[8]	Free, open source (GPL)	Linux 2.5–2.6	Deprecated, known vulnerabilities
FileVault	Apple Computer	2003-10-24	Included with OS X, closed source	Mac OS X v10.3 "Panther"	?
dm-crypt/cryptsetup	Christophe Saout	2004-03-11[9]	Free, open source (GPL)	Linux 2.6 Windows NT-based(via FreeOTFE)	Actively developed
dm-crypt/LUKS	Clemens Fruhwirth (LUKS)	2005-02-05[10]	Free, open source (GPL)	Linux 2.6 Windows NT-based(via FreeOTFE)	Actively developed
FreeOTFE	Sarah Dean	2004-10-10[11]	Free, open source (custom)	Windows NT-based, Pocket PC	Actively developed
GELI	Pawel Jakub Dawidek	2005-04-11[12]	Free, open source (BSD)	FreeBSD 6.0+	Maintained
CryptArchiver	WinEncrypt	?	Commercial, closed source	Windows NT-based	Maintained
n-Crypt Pro	n-Trance Security Ltd	2005	Commercial, closed source	Windows NT-based	Maintained
Scramdisk	Shaun Hollingworth	1997-07-01	Free, open source (custom)	Windows 9x, Windows NT-2K	Unmaintained
Scramdisk 4 Linux	Hans-Ulrich Juettner	2005-08-06 [13]	Free, open source (GPL)	Linux 2.4–2.6	Actively developed
SecuBox	Aiko Solutions	2007-02-19[14]	Commercial, closed source	Windows CE, Windows Mobile	Actively developed
Safeboot Device Encryption	Safeboot	?[15]	Commercial, closed source	Windows NT-based, Windows Mobile	Actively developed
SafeGuard Easy	Utimaco	1993[16]	Commercial, closed source	Windows NT-based[17]	Actively developed

Features

• Hidden containers: Whether hidden containers can be created for deniable encryption. Note that some modes of operation can be more prone to watermarking attacks than others.
• Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk.
• Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications.
• Multiple keys: Whether an encrypted volumes can have more than one active key.
• Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2.
• Hardware acceleration: Whether dedicated cryptography acceleration extension cards can be taken advantage of.

Name	Hidden containers	Pre-boot authentication	Custom authentication	Multiple keys	Passphrase strengthening	Hardware acceleration
BestCrypt	Yes	Yes	No	Yes[18]	?	No
TrueCrypt	Yes	No	No	No	Yes	No
Sentry 2020	No	No	No	?	?	No
PGPDisk	No	Yes[19]	?	Yes	Yes[20]	?
CrossCrypt	No	No	No	No	No	No
Private Disk	No	No	No	Yes	Yes	No
loop-AES	No	Yes[21]	Yes[21]	Yes[21]	Yes[21]	Yes[21]
DriveCrypt	Yes[22]	Yes	No	Yes	Yes	No
CGD	No	No	Yes[23]	Yes[24]	Yes[23]	No
GBDE	No	No[25]	Yes	Yes[26]	No[26]	No[25]
cryptoloop	No	Yes[27]	Yes	No	No	Yes
FileVault	No	No	No	Two passwords[28]	Yes[28]	No
dm-crypt/cryptsetup	No	Yes[27]	Yes	No	No	Yes
FreeOTFE	Yes	No	No	Yes[29]	Yes	No
dm-crypt/LUKS	No	Yes[27]	Yes	Yes	Yes	Yes
GELI	No	Yes[25]	Yes	Yes[30]	Yes[30]	Yes[25]
CryptArchiver	No	No	No	No	?	No
n-Crypt Pro	No	No	No	No	—[31]	No
Scramdisk	Yes	No	No	No	No	No
Scramdisk 4 Linux	Yes[32]	No	No	No	Yes[32]	No
SecuBox	No	No	No	No	Yes	No
Safeboot Device Encryption	?	Yes	?	Yes	?	?
SafeGuard Easy	No	Yes	No	Yes	?	No

Layering

Further information: Encryption layer in storage stack

• Whole disk: Whether the whole disk can be encrypted, including the partition tables. Note that this does not imply that the encrypted disk can be booted off of; refer to "pre-boot authentication" in the features comparison table.
• Partition: Whether individual disk partitions can be encrypted.
• File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices).
• Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly.

Name	Whole disk	Partition	File	Swap space
BestCrypt	Yes	?	Yes	Yes
TrueCrypt	Yes[33]	Yes[33]	Yes[33]	Add-on[34]
Sentry 2020	No	No	Yes	No
PGPDisk	Yes	Yes	Yes	No
CrossCrypt	No	No	Yes	No
Private Disk	No	No	Yes	No
loop-AES	Yes	Yes[21]	Yes[21]	Yes[21]
DriveCrypt	No	Yes[22]	Yes[22]	No
CGD	Yes	Yes	Yes[23]	Yes
GBDE	Yes	Yes	Yes[35]	Yes
cryptoloop	Yes	Yes	Yes	Yes
FileVault	No	No	Yes[28]	Yes[28]
dm-crypt	Yes	Yes	Yes[36]	Yes
FreeOTFE	Yes	Yes	Yes	No
GELI	Yes	Yes	Yes[35]	Yes
CryptArchiver	No	No	Yes	No
n-Crypt Pro	Yes	Yes	Yes	No
Scramdisk	No	Yes	Yes	No
Scramdisk 4 Linux	No	Yes	Yes	No
SecuBox	No	No	Yes	—
Safeboot Device Encryption	?	?	?	?
SafeGuard Easy	Yes	Yes	No[37]	Yes

Modes of operation

Further information: Disk encryption theory

Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.

• CBC w/ public IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks.
• CBC w/ secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
• LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption.
• CBC /w random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details)

Name	Mode of operation
BestCrypt	LRW[38], CBC
TrueCrypt	LRW[39], deprecated format volumes use CBC with whitening[40]
Sentry 2020	?
PGPDisk	?
CrossCrypt	CBC w/ public IVs
Private Disk	CBC /w random per-sector keys
loop-AES	CBC w/ public IVs[21], CBC w/ secret IVs[21]
DriveCrypt	?
CGD	CBC w/ secret IVs[41]
GBDE	CBC /w random per-sector keys[26]
cryptoloop	CBC w/ public IVs
FileVault	CBC w/ public IVs[28]
dm-crypt	CBC w/ public IVs, CBC w/ secret IVs, LRW[42]
FreeOTFE	CBC w/ public IVs, CBC w/ secret IVs
GELI	CBC w/ public IVs[43]
CryptArchiver	?
n-Crypt Pro	?
Scramdisk	CBC w/ secret IVs
Scramdisk 4 Linux	CBC w/ secret IVs[44], LRW[32]
SecuBox	CBC w/ public IVs
Safeboot Device Encryption	?
SafeGuard Easy	?

See also

• Disk encryption software
• Disk encryption theory

Notes and references

1. "Jetico Company Info". Jetico. Retrieved 2007-01-05.
2. "Sentry 2020 news". Retrieved 2007-01-02.
3. "PGP 6.0 Freeware released - any int'l links?". Newsgroup: comp.security.pgp. 6sh4vm$jbf$1@news.cybercity.dk. Retrieved 2007-01-04.
4. Stefan Scherrer (2004-02-03). "readme.txt in CrossCrypt source distribution". Retrieved 2007-01-05. {{cite web}}: Check date values in: |date= (help)
5. "Dekart Encryption software timeline". Dekart.
6. Roland Dowdeswell (2002-10-04). "CryptoGraphic Disk". mailing list announcement. Retrieved 2007-01-14. {{cite web}}: Check date values in: |date= (help)
7. "gbde(4) man page in FreeBSD 4.11". GBDE manual page as it appeared in FreeBSD 4.11. Retrieved 2006-12-24.
8. Initial cryptoloop patches for the Linux 2.5 development kernel: http://uwsg.iu.edu/hypermail/linux/kernel/0307.0/0348.html
9. dm-crypt was first included in Linux kernel version 2.6.4: http://lwn.net/Articles/75404/
10. Clemens Fruhwirth. "LUKS version history". Retrieved 2006-12-24.
11. "FreeOTFE version history". Retrieved 2006-12-24.
12. "geli(8) man page in FreeBSD 6.0". GELI manual page as it first appeared in FreeBSD 6.0. Retrieved 2006-12-24.
13. "ScramDisk 4 Linux Releases".
14. "Secubox for Pocket PC". release announcement. Aiko Solutions. Retrieved 2007-06-27.
15. "Safeboot Device Encryption". release announcement. Safeboot. Retrieved ?. {{cite web}}: Check date values in: |accessdate= (help)
16. "SafeGuard Easy 4.0 Technical Whitepaper" (PDF). Utimaco. Retrieved 2007-07-03.
17. Former versions for MS-DOS, Windows 3.x, Windows 9x, Windows NT4, IBM OS/2 up to Warp 4.
18. Supported by the BestCrypt container format; see BestCrypt SDK
19. "PGP Whole Disk Encryption FAQ". PGP Corporation. Retrieved 2006-12-24.
20. PGP private keys are always protected by strengthened passphrases
21. Jari Ruusu. "loop-AES README file". Retrieved 2007-04-23.
22. "DriveCrypt features". SecurStar GmbH. Retrieved 2007-01-03.
23. Roland C. Dowdeswell, John Ioannidis. "The CryptoGraphic Disk Driver" (PDF). CGD design paper. Retrieved 2006-12-24.
24. Federico Biancuzzi (2005-12-21). "Inside NetBSD's CGD". interview with Roland Dowdeswell. ONLamp.com. {{cite web}}: Check date values in: |date= (help); Text "accessdate-2006-12-24" ignored (help)
25. "FreeBSD Handbook: Encrypting Disk Partitions". Retrieved 2006-12-24.
26. Poul-Henning Kamp. "GBDE - GEOM Based Disk Encryption" (PDF). GBDE design document. Retrieved 2006-12-24.
27. dm-crypt and cryptoloop volumes can be mounted from the initrd before the system is booted
28. Jacob Appelbaum, Ralf-Philipp Weinmann (2006-12-29). "Unlocking FileVault: An Analysis of Apple's disk encryption" (PDF). Retrieved 2007-03-31. {{cite journal}}: Check date values in: |date= (help); Cite journal requires |journal= (help)
29. FreeOTFE allows multiple keys to mount the same container file via encrypted keyfiles
30. "geli(8) man page in FreeBSD-current". GELI manual page in current FreeBSD. Retrieved 2006-12-24.
31. n-Crypt Pro does not use password authentication — biometric/USB dongle authentication only
32. For TrueCrypt containers
33. "TrueCrypt documentation: TrueCrypt Volume". Retrieved 2007-01-08.
34. "Third-Party Project: TCTEMP". Retrieved 2007-01-08. "TCTEMP automates the process of using TrueCrypt to on-the-fly encrypt the Windows paging (swap) file, temporary files, and print spooler files."
35. File-based volume encryption is possible when used with mdconfig(8) utility.
36. dm-crypt can encrypt a file-based volume when used with the losetup utility included with all major Linux distributions
37. For container functionality SafeGuard PrivateDisk is available from Utimaco.
38. "New features in BestCrypt version 8". Jetico. Retrieved 2007-03-02.
39. "TrueCrypt - Free Open-Source Disk Encryption Software - Documentation - Modes of Operation". 2007-07-18. Retrieved 2007-07-18. {{cite web}}: Check date values in: |date= (help)
40. "TrueCrypt - Free Open-Source Disk Encryption Software - Documentation - Version history". 2007-07-18. Retrieved 2007-07-18. {{cite web}}: Check date values in: |date= (help)
41. "man 4 cgd in NetBSD-current". NetBSD current manual page on CGD. 2006-03-11. Retrieved 2006-12-24. {{cite web}}: Check date values in: |date= (help)
42. Starting with Linux kernel version 2.6.20, CryptoAPI supports the LRW mode: http://lwn.net/Articles/213650/
43. "Linux/BSD disk encryption comparison". Retrieved 2006-12-24.
44. For Scramdisk containers