FreeOTFE: Difference between revisions

FreeOTFE

File:FreeOTFE-logo-32x32.png
FreeOTFE running on Windows XP
Developer(s)	Sarah Dean
Stable release	5.21 / 7 February 2010; 14 years ago (2010-02-07)
Operating system	Microsoft Windows and Windows Mobile
Available in	English, Croatian, Czech, French, German, Greek, Italian, Spanish and Japanese
Type	Disk encryption software
License	Free and open-source software that requires attribution[1]
Website	www.freeotfe.org

Template:Infobox image FreeOTFE is an open source on-the-fly disk encryption (OTFE) computer program for PCs running Microsoft Windows, and personal digital assistants (PDAs) running Windows Mobile (use FreeOTFE4PDA). It creates virtual drives, or disks, to which anything written is automatically encrypted before being stored on a computer's hard or USB drive. It is similar in function to other disk encryption programs including TrueCrypt and Microsoft's BitLocker.^[2]

Overview

FreeOTFE was initially released by Sarah Dean in 2004, and was the first open source code disk encryption system that provided a modular architecture allowing 3rd parties to implement additional algorithms if needed. Older FreeOTFE licensing required that any modification to the program be placed in the public domain. This does not conform technically to section 3 of the Open Source definition. Newer program licensing omits this condition.

This software is compatible with Linux encrypted volumes (e.g. LUKS, cryptoloop, dm-crypt), allowing data encrypted under Linux to be read (and written) freely. It was the first open source transparent disk encryption system to support Windows Vista and PDAs.^[3][4][5][6]

Optional two-factor authentication using smart cards and/or hardware security modules (HSMs, also termed security tokens)^[7] was introduced in v4.0, using the PKCS#11 (Cryptoki) standard developed by RSA Laboratories.

FreeOTFE also allows any number of "hidden volumes" to be created, giving plausible deniability and deniable encryption, and also has the option of encrypting full partitions or disks (but not the system partition).^[8]

Anti-virus software Microsoft Security Essentials label FreeOTFE and FreeOTFEPDA installation files "reported as unsafe" without providing any additional information.

Portable use

FreeOTFE Explorer allows access to encrypted disks, without installing any drivers.

Unlike most disk encryption systems, FreeOTFE can be used in "portable mode", which allows it to be kept on a USB drive or other portable media, together with its encrypted data, and carried around. This allows it to be used under Microsoft Windows without installation of the complete program to "mount" and access the encrypted data through a virtual disk.

In common with other disk encryption systems which offer a "portable" (or "traveller") mode, the use of this mode requires installing device drivers (at least temporarily) to create virtual disks, and as a consequence administrator rights are needed to start this traveller mode. Like most open source software which uses device drivers the user must enable test signing when ran under Windows Vista x64 and Windows 7 x64 systems.^[9]

Driverless operation

The author of FreeOTFE also offers another program called "FreeOTFE Explorer"^[10] which provides a driverless system that allows encrypted disks to be used without administrator rights.

This allows FreeOTFE encrypted data to be used on (for example) public computers found in libraries or computer kiosks (interactive kiosks), where administrator rights are unavailable.

Unlike FreeOTFE, FreeOTFE Explorer does not provide on-the-fly encryption through a virtual drive.^[10] Instead it works in a similar manner as some archiving software in that it lets files be stored and extracted from encrypted disk images, in a similar manner as ZIP and RAR archives, by using a Windows Explorer interface.

Algorithms implemented

Due to its architecture, FreeOTFE provides great flexibility to the user with its encryption options.

Ciphers

FreeOTFE implements several ciphers, including:

AES Blowfish CAST5 / CAST6 DES / Triple DES

MARS RC6 Serpent Twofish

It includes all National Institute of Standards and Technology (NIST) Advanced Encryption Standard (AES) finalists, and all ciphers can be used with multiple different keylengths.

Cipher modes

FreeOTFE originally offered encryption using cipher-block chaining (CBC) with encrypted salt-sector initialization vector (ESSIV), though from v3.00 introduced LRW and also the more secure XTS mode, which supersedes LRW in the IEEE P1619 standard for disk encryption.

Hashes

As with its cipher options, FreeOTFE offers many different hash algorithms:

MD2 MD4 MD5 RIPEMD-128

RIPEMD-160 RIPEMD-224 RIPEMD-320 SHA-1

SHA-224 SHA-256 SHA-384 SHA-512

Tiger Whirlpool

See also

• Disk encryption
• Disk encryption software
• On-the-fly encryption
• Comparison of disk encryption software

References

1. FreeOTFE license
2. David A. Karp, Windows Vista annoyances, O'Reilly Media, Inc., 2008, ISBN 0-596-52762-4, page 5.
3. FreeOTFE version history
4. Michael Mandaville, Citizen-Soldier Handbook: 101 Ways Every American Can Fight Terrorism, Dog Ear Publishing, 2009 ISBN 1-59858-671-8, page 253.
5. Gregory B. White, Wm. Arthur Conklin, Dwayne Williams, Roger L. Davis, Chuck Cothren, CompTIA Security+ All-in-One Exam Guide, Second Edition, McGraw Hill Professional, 2008, ISBN 0-07-160127-9, page 103.
6. Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Security power tools, O'Reilly Media, Inc., 2007, ISBN 0-596-00963-1, page 523.
7. Security Token/Smartcard Support
8. Partition/Entire Disk Based Volumes
9. Additional Information for Windows Vista x64 and Windows 7 x64 Users
10. FreeOTFE v. FreeOTFE Explorer Comparison

External links

• Official website