Comparison of disk encryption software

Last updated

This is a technical feature comparison of different disk encryption software .

Contents

Background information

NameDeveloperFirst releasedLicensingMaintained?
Aloaha Crypt DiskAloaha2008Source Auditable for Commercial CustomersYes
ArchiCrypt LiveSoftwaredevelopment Remus ArchiCrypt1998 Proprietary Yes
BestCrypt Jetico1993 [1] Proprietary Yes
BitArmor DataControl BitArmor Systems Inc. 2008-05 Proprietary Yes
BitLocker Microsoft 2006 Proprietary Yes
Bloombase StoreSafe Bloombase 2012 Proprietary No [2]
Boxcryptor Secomba GmbH2011 Proprietary No
CGDRoland C. Dowdeswell2002-10-04 [3] BSD Yes
CenterTools DriveLockCenterTools2008 Proprietary Yes
Check Point Full Disk Encryption Check Point Software Technologies Ltd 1999 [4] [5] [6] Proprietary Yes
CipherShed CipherShed Project2014 [7] TrueCrypt License Version 3.0 [8] No
CrossCrypt Steven Scherrer2004-02-10 [9] GPL No
CryFSSebastian Messmer2015 LGPLv3 Yes
CryhodPrim'X Technologies2010 Proprietary Yes
CryptainerCypherix Software1998 Proprietary Yes
Cryptic DiskExlade2003 Proprietary Yes
CryptArchiverWinEncrypt ? Proprietary Yes
Cryptoloop  ?2003-07-02 [10] GPL No
Cryptomator Skymatic UG (haftungsbeschränkt)2016-03-09 [11] GPLv3 Yes
CryptoPro Secure Disk Enterprisecpsd it-services GmbH2010 Proprietary Yes
CryptoPro Secure Disk for BitLockercpsd it-services GmbH2012 Proprietary Yes
CryptSyncStefan Küng2012 GPL v2 Yes
DiscryptorCosect Ltd.2008 Proprietary No
DiskCryptor ntldr, David Xanatos2007 GPL No [12]
DISK ProtectBecrypt Ltd2001 Proprietary Yes
Cryptsetup / Dmsetup Christophe Saout2004-03-11 [13] GPL Yes
Dm-crypt / LUKS Clemens Fruhwirth (LUKS)2005-02-05 [14] GPL Yes
DriveSentry GoAnywhere 2DriveSentry2008 Proprietary No
E4M Paul Le Roux 1998-12-18 [15] Open source No
e-Capsule Private SafeEISST Ltd.2005 Proprietary Yes
eCryptfs Dustin Kirkland, Tyler Hicks, (formerly Mike Halcrow)2005 [16] GPL Yes
EgoSecure HDD EncryptionEgoSecure GmbH2006 Proprietary Yes
EncFS Valient Gough2003 [17] LGPLv3 No
EncryptStickENC Security Systems2009 Proprietary Yes
FileVault Apple Inc. 2003-10-24 Proprietary Yes
FileVault 2 Apple Inc. 2011-07-20 Proprietary Yes
FREE CompuSecCE-Infosys2002 Proprietary Yes
FreeOTFE Sarah Dean2004-10-10 [18] Open source No
GBDE Poul-Henning Kamp 2002-10-19 [19] BSD No
GELI Pawel Jakub Dawidek2005-04-11 [20] BSD Yes
GnuPG Werner Koch 1999-09-07 [21] GPL Yes
gocryptfsJakob Unterwurzacher2015-10-07 [22] MIT / X Consortium License Yes
KnoxAgileBits2010 Proprietary Yes
KryptOSThe MorphOS Development Team2010 Proprietary Yes
LibreCrypttdk2014-06-19 [23] Open source No
Loop-AESJari Ruusu2001-04-11 GPL Yes
McAfee Drive Encryption (SafeBoot) McAfee, LLC 2007 [24] Proprietary Yes
n-Crypt Pron-Trance Security Ltd2005 Proprietary Yes
PGPDisk PGP Corporation (acquired by Symantec in 2010)1998-09-01 [25] Proprietary Yes
Private Disk Dekart1993 [26] Proprietary Yes
ProxyCryptv772013 Open source Yes
R-CryptoR-Tools Technology Inc2008 Proprietary Yes
SafeGuard Easy Sophos (Utimaco)1993 [27] Proprietary Yes
SafeGuard Enterprise Sophos (Utimaco)2007 [28] Proprietary Yes
SafeGuard PrivateDisk Sophos (Utimaco) [29] 2000 Proprietary Yes
SafeHouse ProfessionalPC Dynamics, Inc.1992 Proprietary Yes
Scramdisk Shaun Hollingworth1997-07-01 Open source No
Scramdisk 4 LinuxHans-Ulrich Juettner2005-08-06 [30] GPL No
SecuBoxAiko Solutions2007-02-19 Proprietary Yes
SECUDE Secure NotebookSECUDE2003 Proprietary Yes
Seqrite Encryption Manager Quick Heal Technologies Ltd.2017 Proprietary Yes
Sentry 2020 SoftWinter1998 [31] Proprietary No
Softraid / RAID COpenBSD2007-11-01 [32] BSD Yes
SpyProof!Information Security Corp.2002 Proprietary Yes
Svnd / VnconfigOpenBSD2000-12-01 [33] BSD Yes
Symantec Endpoint Encryption Symantec Corporation 2008 Proprietary Yes
TcplayAlex Hornung2012-01-28 [34] BSD No [35]
Trend Micro Endpoint Encryption (Mobile Armor) Trend Micro [36] 2004 or earlier [37] Proprietary Yes
TrueCrypt TrueCrypt Foundation2004-02-02 [38] TrueCrypt License 3.1 [39] No
USBCryptWinAbility Software Corp.2010 Proprietary Yes
VeraCrypt IDRIX2013-06-22 [40] Apache License 2.0 [41]

TrueCrypt License Version 3.0 (legacy code only)

Yes
CyberSafe Top SecretCyberSoft2013 Proprietary Yes
NameDeveloperFirst releasedLicensingMaintained?
ZzEnc IMDTech 2013Commercial

Operating systems

Name Android Windows NT iOS Mac OS X Linux FreeBSD OpenBSD NetBSD
Aloaha Crypt Disk ?Yes ?NoNoNoNoNo
BestCrypt Volume Encryption ?Yes ?YesNo [42] NoNoNo
BitArmor DataControl ?Yes ?NoNoNoNoNo
BitLocker NoYes ?Partial [43] Partial [43] NoNoNo
Bloombase StoreSafe ?Yes ?YesYesYesYesYes
BoxcryptorYesYesYesYesYesNoNoNo
CenterTools DriveLock ?Yes ?NoNoNoNoNo
CGD ?No ?NoNoNoNoYes
Check Point Full Disk Encryption ?Yes ?YesYes [44] NoNoNo
CipherShed Yes [45] Yes ?YesYesNo [46] NoNo
CrossCrypt NoYes [47]  ?NoNoNoNoNo
CryFSNoYes ?YesYesYesNoYes
Cryhod ?Yes ?NoYesNoNoNo
Cryptainer ?Yes ?NoNoNoNoNo
CryptArchiver ?Yes ?NoNoNoNoNo
Cryptic DiskNoYesNoNoNoNoNoNo
Cryptoloop  ?Yes [48]  ?NoYesNoNoNo
Cryptomator YesYes [49] YesYesYesNoNoNo
CryptoPro Secure Disk EnterpriseNoYes ?NoNoNoNoNo
CryptoPro Secure Disk for BitLockerNoYes ?NoNoNoNoNo
Cryptsetup / Dmsetup  ?Yes [48]  ?NoYesNoNoNo
CryptSyncNoYes ?YesYesNoNoNo
Discryptor ?No ?NoNoNoNoNo
DiskCryptor  ?Yes ?NoNoNoNoNo
DISK Protect ?Yes ?NoNoNoNoNo
Dm-crypt / LUKS  ?Yes [48]  ?NoYesNoNoNo
DriveSentry GoAnywhere 2 ?Yes ?NoNoNoNoNo
E4M  ?Yes ?NoNoNoNoNo
e-Capsule Private Safe ?Yes ?NoNoNoNoNo
eCryptfs  ?No ?NoYesNoNoNo
EgoSecure HDD Encryption ?Yes ?NoNoNoNoNo
EncFS Yes [50] Yes [51]  ?Yes [51] Yes (FUSE)Yes (FUSE)Yes (FUSE)Yes (FUSE)
EncryptStick ?Yes ?YesYesNoNoNo
EncryptUSB ?Yes ?YesNoNoNoNo
FileVault  ?No ?YesNoNoNoNo
FileVault 2  ?No ?YesPartial [52] NoNoNo
FREE CompuSec ?Yes ?NoNoNoNoNo
FreeOTFE NoYes ?NoPartial [53] NoNoNo
GBDE  ?No ?NoNoYesNoNo
GELI  ?No ?NoNoYesNoNo
Knox ?No ?YesNoNoNoNo
LibreCryptYes [54] Yes ?NoPartial [55] NoNoNo
Loop-AES ?No ?NoYesNoNoNo
McAfee Drive Encryption (SafeBoot) ?Yes ?YesNoNoNoNo
n-Crypt Pro ?Yes ?NoNoNoNoNo
PGPDisk  ?Yes ?YesNoNoNoNo
PGP Whole Disk Encryption  ?Yes ?YesYesNoNoNo
Private Disk  ?Yes ?NoNoNoNoNo
ProxyCryptNoYes ?NoNoNoNoNo
R-Crypto ?Yes ?NoNoNoNoNo
SafeGuard Easy ?Yes ?NoNoNoNoNo
SafeGuard Enterprise ?Yes ?YesNoNoNoNo
SafeGuard PrivateDisk ?Yes ?NoNoNoNoNo
SafeHouse Professional ?Yes ?NoNoNoNoNo
Scramdisk  ?Yes ?NoYesNoNoNo
Scramdisk 4 Linux ?No ?NoYesNoNoNo
SecuBox ?No ?NoNoNoNoNo
SecureDoc ?Yes ?YesYesNoNoNo
Sentry 2020  ?Yes ?NoNoNoNoNo
Seqrite Volume EncryptionNoYesNoNoNoNoNoNo
Softraid / RAID C ?No ?NoNoNoYesNo
SpyProof! ?Yes ?NoNoNoNoNo
Svnd / Vnconfig ?No ?NoNoNoYesNo
Symantec Endpoint Encryption ?Yes ?YesNo [56] NoNoNo
TcplayNoNo ?NoYesNoNoNo
Trend Micro Endpoint EncryptionNoYes ?YesNoNoNoNo
TrueCrypt Yes [45] YesYesYesYesNo [57] NoNo
USBCryptNoYes ?NoNoNoNoNo
VeraCrypt Yes [58] YesYes [59] YesYesYesNoNo
CyberSafe Top SecretYesYes ?NoNoNoNoNo
Name Android Windows NT iOS Mac OS X Linux FreeBSD OpenBSD NetBSD

Features

NameHidden containersPre-boot authenticationSingle sign-onCustom authenticationMultiple keysPassphrase strengtheningHardware accelerationTPMFilesystemsTwo-factor authentication
Aloaha Secure StickYesNoYesYesNoNoNoNTFS, FAT32Yes
ArchiCrypt LiveYes [61] NoNoYes [61] [62] NoNoNo ?Yes [61] [63]
BestCrypt YesYesYesYesYes [64] YesYesYesAny supported by OSYes [65]
BitArmor DataControlNoYes ?NoYesYesNoNoNTFS, FAT32 on non-system volumesNo
BitLocker NoYes [66] NoYes [67] Yes [68] Yes [69] YesYes [68] Chiefly NTFS [Note 1] Yes [Note 2]
Bloombase StoreSafeNoNoYesYesYesYesNoAny supported by OSYes
CGDNoNoYes [70] Yes [71] Yes [70] NoNoAny supported by OSYes [70]
CenterTools DriveLockNoYesYesNoNoYesNoNoAny supported by OSYes
Check Point Full Disk EncryptionYesYesYesYesYesYesYesYesNTFS, FAT32Yes
CipherShed Yes
(limited to one per
"outer" container)
only on Windows [72]  ?Noyes with multiple keyfiles [73] [74] YesYesNo [75] Only Windows MBR volumes; no UEFI GPT drives, and dynamic drives discouraged [76] Yes
CryFSNoNoNoNoYes [77] NoNoAny supported by OSNo
CrossCrypt NoNoNoNoNoNoNo ?No
CryptArchiverNoNoNoNo ?NoNo ? ?
Cryptic DiskYesNoNoNoYesYesYesNoAny supported by OSYes
CryhodNoYesYesNoYesYesYesNoAny supported by OSYes
Cryptoloop NoYes [78]  ?YesNoNoYes[ citation needed ]NoAny supported by OS ?
Cryptomator NoNoNoNoYesYesNoAny supported by OSNo
CryptoPro Secure Disk EnterpriseYes with add-on Secure DeviceYesYesYesYesYesYesYesAny supported by OSYes
CryptoPro Secure Disk for BitLockerYes with add-on Secure DeviceYesYesYesYesYesYesYesAny supported by OSYes
Cryptsetup / Dmsetup NoYes [78]  ?YesNoNoYesNoAny supported by OSYes
DiskCryptor NoYes ?NoNoNoYes [79] NoWindows volumes on MBR and UEFI GPT drives, ReFs any FS supported by OS [80] Yes [79]
DISK ProtectNoYes [81] YesNoYes [81] NoYesYesNTFS, FAT32Yes
Dm-crypt / LUKS NoYes [78]  ?YesYesYesYesPartial [82] [Note 3] Any supported by OSYes
DriveSentry GoAnywhere 2NoNoYesNoYesNo ?Any supported by OSYes
E4M NoNoNoNo ?NoNo ?No
e-Capsule Private SafeYes [83] NoNoYes [83] NoYesNo ? ?
eCryptfs NoNoYesYesYesYesYesYes [84] Yes
EgoSecure HDD EncryptionNoYesYesYesYesYesYes [85] YesNTFS, FAT32Yes
EncryptUSBNoNoNoNoNoYesNoNoNTFS, FAT32, exFATNo
FileVault NoNoNoTwo passwords [86] Yes [86]  ?NoHFS+, possibly othersNo
FileVault 2 NoYesYesNoYesYesYes [87] NoHFS+, possibly othersNo
FREE CompuSecNoYes ?NoNoNoNoNoAny supported by OSNo
FreeOTFE YesNoYes [88] Yes [89] YesYesNoAny supported by OSYes
GBDE NoNo [90] YesYes [91] No [91] No [90] NoAny supported by OSYes
GELI NoYes [90]  ?YesYes [92] Yes [92] Yes [90] NoAny supported by OSYes
Loop-AESNoYes [93]  ?Yes [93] Yes [93] Yes [93] Yes [93] NoAny supported by OSYes [94]
McAfee Drive Encryption (SafeBoot)YesYesYesYesYesYesYes [85] [95] YesAny supported by OSYes
n-Crypt ProNoNoNoNo [96] NoNo ? ?
PGPDisk NoYes [97] Yes ?YesYes [98]  ?Yes ?Yes
Private Disk NoNoNoYesYesNoNoAny supported by OSYes
ProxyCryptYesNoNoNoNoYesYesNoAny supported by OSYes
R-Crypto ?No ? ? ? ? ?Any supported by OS ?
SafeGuard EasyNoYes ?NoYesYesNoYes [99] Any supported by OSYes
SafeGuard EnterpriseNoYesYesNoYesYesNoYes [99] Any supported by OSYes
SafeGuard PrivateDiskNoNoNoYesYesNoYes [100] Any supported by OSYes
SafeHouse ProfessionalNoNoYesYesYesNoNoAny supported by OSYes
Scramdisk YesNoNoNoNoNoNo ?Last update to web site 2009-07-02
Scramdisk 4 LinuxYes [101] NoNoNoYes [101] NoNoext2, ext3, reiserfs, minix, ntfs, vfat/msdosNo
SecuBoxNoNoNoNoYesNoNo ?No
SecureDocNoYes [102]  ?YesYesYesYesYes ?Yes
Seqrite Encryption ManagerNoYesYesNoYesYesYesNoAny supported by OSNo
Sentry 2020 NoNo ?NoNoNoNoNo ?No
Softraid / RAID CNoNo ? ? ? ?Yes ?Any supported by OS ?
Svnd / VnconfigNoNoNoNoYes [103] Yes ?Any supported by OS ?
Symantec Endpoint EncryptionNoYesYesYesYesYesNoNoNTFS, FAT32Yes
Trend Micro Endpoint EncryptionNoYesYesYes YesYes [104] Yes [105] NoAny supported by OSYes [106]
TrueCrypt [Note 4] Yes
(limited to one per
"outer" container)
only on Windows [107]  ?Noyes with multiple keyfiles [74] [108] YesYesNo [75] Only Windows MBR volumes; no UEFI GPT drives, and dynamic drives discouraged [76] Yes
VeraCrypt Yes
(limited to one per
"outer" container)
only on Windows [109] NoNoyes with multiple keyfilesYesYesNoWindows on both MBR and UEFI GPT drives; dynamic drives discouragedYes
CyberSafe Top SecretYesNoNoNoYesYesYesNoOnly Windows MBR volumes; no UEFI GPT drives, and dynamic drives discouragedYes
NameHidden containersPre-boot authenticationSingle sign-onCustom authenticationMultiple keysPassphrase strengtheningHardware accelerationTPMFilesystemsTwo-factor authentication
ZzEncNoYesYesYesYesYesNoNoWindows, Legacy BIOS & UEFIIn UEFI with removable keys store on USB-flash
  1. Windows 7 introduces Bitlocker-To-Go which supports NTFS, FAT32 or exFAT, however for hard drive encryption, Windows Vista and later are limited to be installable only on NTFS volumes
  2. BitLocker can be used with a TPM PIN + external USB key for two-factor authentication
  3. An external tool can be used to read the key from the TPM and then have the key passed on to dm-crypt/LUKS via the standard input
  4. The current situation around TrueCrypt project is controversial. On 28.05.2014 after many years of development and broad usage the open-source (although anonymous) project was suddenly stopped, and all previous official materials and complete (encrypt/decrypt) binaries were withdrawn from its website citing some "unfixed security issues" and Windows XP end of support. The technical information herein is valid only for previous versions of TrueCrypt (v7.1a and some earlier). The latest available version (v7.2) is decrypt only, its authenticity and actual reasons behind the move are unclear, and its usage is not recommended. https://www.zdnet.com/article/truecrypt-quits-inexplicable/

Layering

NameWhole diskPartitionFileSwap spaceHibernation fileRAID
Aloaha Secure StickNoNoYesNoNo ?
ArchiCrypt LiveYes
(except for the boot volume)
YesYesNoNo ?
BestCrypt YesYesYesYesYes [110]  ?
BitArmor DataControlNoYesNoYesYes ?
BitLocker Yes
(except for the boot volume)
YesYes [111] Yes
(parent volume is encrypted)
Yes
(parent volume is encrypted)
 ?
Bloombase StoreSafeYesYesYesYesNoYes
CenterTools DriveLockYesYesYesYesYes ?
CGDYesYesYes [70] YesNo ?
Check Point Full Disk EncryptionYesYesYesYesYes ?
CipherShed YesYesYesYesonly on Windows ?
CrossCrypt NoNoYesNoNo ?
CryFSNoNoNoNoNo ?
CryptArchiverNoNoYesNoNo ?
Cryptic DiskNoYesYesNoNo ?
CryhodNoYesNoYesYes
(parent volume is encrypted)
 ?
Cryptoloop YesYesYesYesNo ?
CryptomillYesYes ?
CryptoPro Secure Disk EnterpriseYesYesYes
(add-on Secure Device)
YesYes ?
CryptoPro Secure Disk for BitLockerYesYesYesYesYes ?
DiskCryptor NoYesNoYesYes ?
Disk Protect YesNoNoYesYes ?
Dm-crypt / LUKS YesYesYes [112] YesYes [113]  ?
DriveSentry GoAnywhere 2NoYesYesNoNo ?
E4M NoYesYesNoNo ?
e-Capsule Private SafeNoNoYes [114] NoNo ?
eCryptfsNoNoYesNoNo ?
EgoSecure HDD EncryptionYesYesYesYesYes ?
EncryptUSBNoNoYesNoNo ?
FileVault NoNoYes [86] Yes [115] [86] Yes [115] [116]
FileVault 2 Yes [117] Yes [87] NoYesYes ?
FREE CompuSecYesNoYesYesYes ?
FreeOTFE Yes
(except for the boot volume)
YesYesNoNo ?
GBDE YesYesYes [118] YesNo ?
GELI YesYesYes [118] YesNo ?
Loop-AESYesYes [93] Yes [93] Yes [93] Yes [93]  ?
McAfee Drive Encryption (SafeBoot)YesYesYesYesYes [119]  ?
n-Crypt ProYesYesYesNoNo ?
PGPDisk YesYesYesYesonly on Windows ?
Private Disk NoNoYesNoNo ?
ProxyCryptYesYesYesNoNo ?
R-CryptoNoNoYesNoNo ?
SafeGuard EasyYesYesextra moduleYesEach sector on disk is encrypted ?
SafeGuard EnterpriseYesYesYesYesEach sector on disk is encrypted ?
SafeGuard PrivateDiskNoNoYesNoNo ?
SafeHouse ProfessionalNoNoYesNoNo ?
Scramdisk NoYesYesNoNo ?
Scramdisk 4 LinuxYesYesYesYesNo ?
SecuBoxNoNoYesNo ?
Sentry 2020 NoNoYesNoNo ?
Seqrite Encryption ManagerYesYesYesYesYesRAID-5
Softraid / RAID CYesYesNoYes (encrypted by default in OpenBSD) [120] No ?
Svnd / Vnconfig ?YesYesYes (encrypted by default in OpenBSD) ? ?
SpyProof!NoYesYesNoNo ?
Symantec Endpoint EncryptionYesYesYesYesYes ?
Trend Micro Endpoint EncryptionYesYesYesYesYes ?
TrueCrypt Yes [121] YesYesYesonly on Windows [107]  ?
VeraCrypt YesYesYesYesonly on Windows [107]  ?
CyberSafe Top SecretNoYesYesNoNo ?
NameWhole diskPartitionFileSwap spaceHibernation fileRAID

Modes of operation

Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.

NameCBC w/ predictable IVsCBC w/ secret IVsCBC w/ random per-sector keysLRWXTSAuthenticated encryption
Aloaha Crypt DiskNoNoNoYesYes ?
ArchiCrypt LiveNoNoNoLegacy support [123] Yes ?
BestCrypt NoYesNoYes [124] Yes [125]  ?
BitArmor DataControlNoYesPlumb-IVNoNo ?
BitLocker No [126] Yes [126] NoNoYes, Windows 10 10547+ ?
Bloombase StoreSafeYesYesYesYesYes ?
CGDNoYes [127] NoNoNo ?
CenterTools DriveLock ? ? ? ? ? ?
Check Point Full Disk EncryptionNoNoYesYesYes ?
CipherShed Legacy support [128] NoNoLegacy support [129] Yes [130]  ?
CrossCrypt YesNoNoNoNo ?
CryFSNoNoYesNoNo ?
CryptArchiver ? ? ? ? ? ?
Cryptic DiskNoNoNoNoYesNo
CryhodNoYesNoNoNo ?
Cryptoloop YesNoNoNoNoNo
DiskCryptorNoNoNoNoYes ?
Dm-crypt / LUKS YesYesNoYes, using *-lrw-benbi [131] Yes, using *-xts-plainYes, using --integrity mode [132]
DriveSentry GoAnywhere 2 ? ? ? ? ? ?
E4M  ? ? ?NoNo ?
e-Capsule Private Safe ? ? ? ? ? ?
eCryptfsNoYes ?NoNo ?
EgoSecure HDD EncryptionNoYesNoNoNo ?
FileVault Yes [86] NoNoNoNo ?
FileVault 2 NoNoNoNoYes [133]  ?
FREE CompuSecYesNoNoNoNo ?
FreeOTFE YesYesNoYesYesNo
GBDE NoNoYes [91] NoNo ?
GELI NoYes [134] NoNoYesYes, using -a option [135]
Loop-AESsingle-key, multi-key-v2 modes [93] multi-key-v3 mode [93] NoNoNoNo
McAfee Drive Encryption (SafeBoot)NoYesNoNoNo ?
n-Crypt Pro ? ?NoNoNo ?
PGPDisk  ? ? ? ? ? ?
Private Disk NoYesNoNoNo ?
ProxyCryptNoNoNoNoYes ?
R-Crypto ? ? ? ? ? ?
SafeGuard Easy ? ? ? ? ? ?
SafeGuard Enterprise ? ? ? ? ? ?
SafeGuard PrivateDisk ? ? ? ? ? ?
SafeHouse ProfessionalYesNoNoNoNo ?
Scramdisk NoYesNoNoNo ?
Scramdisk 4 LinuxNoYes [136] NoYes [137] Yes [138]  ?
SecuBoxYesNoNoNoNo ?
SecureDoc ? ? ? ? ? ?
Sentry 2020  ? ? ? ? ? ?
Seqrite Encryption ManagerNoYesNoYesYes ?
Softraid / RAID C ? ? ? ?Yes [139]  ?
Svnd / Vnconfig ? ? ? ? ? ?
Symantec Endpoint EncryptionNoNoYesNoNo ?
TrueCrypt Legacy support [128] NoNoLegacy support [129] Yes [140] No
USBCryptNoYesNoNoYes ?
VeraCrypt NoNoNoNoYes ?
CyberSafe Top SecretNoNoNoNoYes ?
NameCBC w/ predictable IVsCBC w/ secret IVsCBC w/ random per-sector keysLRWXTSAuthenticated encryption

See also

Notes and references

  1. "Jetico Mission". Jetico. Retrieved 2014-05-30.
  2. "Bloombase StoreSafe". Bloombase. Retrieved 2014-11-28.
  3. Roland Dowdeswell (2002-10-04). "CryptoGraphic Disk". mailing list announcement. Retrieved 2007-01-14.
  4. "Protect guards laptop and desktop data". Archived from the original on March 2, 2005. Retrieved 2008-09-03.
  5. Company and product name change to Pointsec "Protect Data Security Inc. changes name to Pointsec Mobile Technologies Inc". Archived from the original on 2004-08-20. Retrieved 2008-09-03.
  6. "Check Point Completes the Offer for Protect Data with Substantial Acceptance of 87.1 Percent". Archived from the original on 2008-08-20. Retrieved 2008-09-03.
  7. Niklas Lemcke (2014-12-15). "Pre-Alpha testing started" . Retrieved 2014-12-24.
  8. "TrueCrypt License Version 3.0". TrueCrypt Foundation. 2012-02-07. Retrieved 2014-12-24.
  9. Sarah Dean (2004-02-10). "OTFEDB entry". Archived from the original on 2008-12-11. Retrieved 2008-08-10.
  10. Initial cryptoloop patches for the Linux 2.5 development kernel: "Archived copy". Archived from the original on 2005-01-10. Retrieved 2006-12-24.{{cite web}}: CS1 maint: archived copy as title (link)
  11. "Home". cryptomator.org.
  12. "Releases · DavidXanatos/DiskCryptor". GitHub .
  13. dm-crypt was first included in Linux kernel version 2.6.4: https://lwn.net/Articles/75404/
  14. Clemens Fruhwirth. "LUKS version history". Archived from the original on 2006-12-25. Retrieved 2006-12-24.
  15. "archived E4M documentation". Archived from the original on 2000-05-24.
  16. "eCryptfs" . Retrieved 2008-04-29.
  17. Valient Gough (2003). "EncFS - an Encrypted Filesystem". README.md file. Retrieved 2007-01-14.
  18. "FreeOTFE version history". Archived from the original on 2006-12-07. Retrieved 2006-12-24.
  19. "gbde(4) man page in FreeBSD 4.11". GBDE manual page as it appeared in FreeBSD 4.11. Retrieved 2006-12-24.
  20. "geli(8) man page in FreeBSD 6.0". GELI manual page as it first appeared in FreeBSD 6.0. Retrieved 2006-12-24.
  21. Release Notes. GnuPG
  22. "gocryptfs changelog on github". GitHub . Retrieved 2018-01-16.
  23. "as received from FreeOTFE version v5.21 with small changes". GitHub . 2014-06-20. Retrieved 2015-09-14.
  24. "McAfee Drive Encryption". product description. McAfee. Retrieved 2019-07-31.
  25. "PGP 6.0 Freeware released- any int'l links?". Newsgroup:  comp.security.pgp. Usenet:   6sh4vm$jbf$1@news.cybercity.dk . Retrieved 2007-01-04.
  26. "Dekart Encryption software timeline". Dekart.
  27. "SafeGuard Easy 4.5 Technical Whitepaper" (PDF). Utimaco. Retrieved 2009-08-10.
  28. "SafeGuard Enterprise Technical Whitepaper" (PDF). Utimaco. Retrieved 2009-08-10.
  29. Rebranded as ThinkVantage Client Security "ThinkVantage Technologies Deployment Guide" (PDF). Lenovo . Retrieved 2008-03-05.[ permanent dead link ]
  30. "ScramDisk 4 Linux Releases".
  31. "Sentry 2020 news" . Retrieved 2007-01-02.
  32. "OpenBSD 4.2 Changelog".
  33. "OpenBSD 2.8 Changelog".
  34. "bwalex/tc-play". GitHub . 2019-08-27.
  35. Last update: 2020-03-02 "bwalex/tc-play". Github. 2023-04-03.
  36. Trend Micro
  37. "Mobile Armor: Your Data.Secure. Everywhere". 4 September 2004. Archived from the original on 4 September 2004.
  38. "TrueCrypt".
  39. "TrueCrypt License Version 3.1". TrueCrypt Foundation. 2014-05-28. Retrieved 2014-05-29.
  40. "VeraCrypt".
  41. "Apache License 2.0". IDRIX. 2015-06-28. Archived from the original on 2015-07-09. Retrieved 2015-08-08.
  42. "Whole Hard Disk Encryption Software - BestCrypt Volume Encryption - Jetico Inc. Oy".
  43. 1 2 https://github.com/Aorimn/dislocker FUSE driver to read/write Windows BitLocker-ed volumes under Linux / Mac OSX
  44. "Archived copy" (PDF). Archived from the original (PDF) on 2015-09-23. Retrieved 2014-12-14.{{cite web}}: CS1 maint: archived copy as title (link)
  45. 1 2 https://play.google.com/store/apps/details?id=com.sovworks.edslite Third party app allows to open containers encryptes with AES-256, SHA-512 hash and FAT file system
  46. http://www.truecrypt.org/misc/freebsd Although CipherShed can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when CipherShed is attempted to be used
  47. CrossCrypt - Only for the Microsoft Windows XP/2000 operating systems
  48. 1 2 3 http://www.freeotfe.org/docs/Main/Linux_volumes.htm FreeOTFE supports cryptoloop, dm-crypt/cryptsetup/dmsetup, and dm-crypt/LUKS volumes
  49. "Cryptomator - Free Cloud Encryption".
  50. "Boxcryptor - Encryption for cloud storage - Window, Mac, Android, iOS".
  51. 1 2 "Safe - Protect Your Files". Archived from the original on 2016-04-21. Retrieved 2016-03-29.
  52. https://code.google.com/p/libfvde/ libfvde supports reading FileVault2 Drive Encryption (FVDE) encrypted volumes
  53. http://www.freeotfe.org/docs/Main/Linux_volumes.htm Supports Linux volumes
  54. https://play.google.com/store/apps/details?id=com.nemesis2.luksmanager&hl=en_GB Third party app allows a user to open LibreCrypt compatible LUKS containers
  55. https://github.com/t-d-k/LibreCrypt/blob/master/docs/Linux_volumes.md Supports Linux volumes
  56. "Endpoint Encryption Powered by PGP Technology - Symantec".
  57. http://www.truecrypt.org/misc/freebsd Although TrueCrypt can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when TrueCrypt is attempted to be used
  58. https://play.google.com/store/apps/details?id=com.sovworks.eds.android Third party app allows to encrypt and decrypt VeraCrypt containers (only available in the paid version)
  59. https://apps.apple.com/de/app/disk-decipher/id516538625 Third party app allows to encrypt and decrypt VeraCrypt containers (only available in the paid version)
  60. http://www.jetico.com/linux/bcrypt-help/c_hiddn.htm Hidden containers description from Jetico (BestCrypt)
  61. 1 2 3 Secret-containers and Camouflage files ArchiCrypt Live Description Archived 2011-08-24 at the Wayback Machine
  62. Supports "Guest" keys
  63. Using "Archicrypt Card"
  64. Supported by the BestCrypt container format; see BestCrypt SDK
  65. Supported by the BestCrypt Volume Encryption software
  66. With PIN or USB key
  67. BitLocker Drive Encryption: Value Add Extensibility Options
  68. 1 2 "BitLocker Drive Encryption Technical Overview". Microsoft. Archived from the original on 2008-02-24. Retrieved 2008-03-13.
  69. Recovery keys only.
  70. 1 2 3 4 Roland C. Dowdeswell, John Ioannidis. "The CryptoGraphic Disk Driver" (PDF). CGD Design Paper. Retrieved 2006-12-24.
  71. Federico Biancuzzi (2005-12-21). "Inside NetBSD's CGD". interview with Roland Dowdeswell. ONLamp.com. Archived from the original on 2007-09-29. Retrieved 2006-12-24.
  72. "Operating Systems Supported for System Encryption" (PDF). CipherShed Documentation. CipherShed Project. Retrieved 2014-12-27.
  73. Although each volume encrypted with CipherShed can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (cf. TrueCrypt FAQ: Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)? )
  74. 1 2 "Keyfiles". TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-28.
  75. 1 2 "Some encryption programs use TPM to prevent attacks. Will TrueCrypt use it too?". TrueCrypt FAQ. TrueCrypt Foundation. Archived from the original on 2013-04-16. Retrieved 2014-05-28.
  76. 1 2 "Future". TrueCrypt Foundation. Retrieved 2014-05-24.[ permanent dead link ]
  77. "CryFS: How it works" . Retrieved 2016-09-23.
  78. 1 2 3 dm-crypt and cryptoloop volumes can be mounted from the initrd before the system is booted
  79. 1 2 "DiskCryptor Features". Archived from the original on 2010-05-29. Retrieved 2010-05-25.
  80. "DiskCryptor". GitHub . 10 February 2022.
  81. 1 2 "DISK Protect Data Sheet" (PDF). Retrieved 2018-12-02.
  82. "cryptsetup Frequently Asked Questions" . Retrieved 2016-01-07.
  83. 1 2 "Multi level access with separate access credentials, each enabling a different set of functional or logical operations". EISST Ltd. Archived from the original on 2007-09-28. Retrieved 2007-07-25.
  84. uses the lower filesystem (stacking)
  85. 1 2 "Intel Advanced Encryption Standard (AES) Instructions Set - Rev 3". Intel. Retrieved 2012-07-26.
  86. 1 2 3 4 5 Jacob Appelbaum, Ralf-Philipp Weinmann (2006-12-29). "Unlocking FileVault: An Analysis of Apple's disk encryption" (PDF). Retrieved 2012-01-03.{{cite journal}}: Cite journal requires |journal= (help)
  87. 1 2 "Mac OS X 10.7 Lion: the Ars Technica review". Ars Technica. 2011-07-20. Retrieved 2012-01-03.
  88. FreeOTFE has a modular architecture and set of components to allow 3rd party integration
  89. FreeOTFE allows multiple keys to mount the same container file via encrypted keyfiles
  90. 1 2 3 4 "FreeBSD Handbook: Encrypting Disk Partitions" . Retrieved 2006-12-24.
  91. 1 2 3 Poul-Henning Kamp. "GBDE - GEOM Based Disk Encryption" (PDF). GBDE Design Document. Retrieved 2006-12-24.
  92. 1 2 "geli(8) man page in FreeBSD-current". GELI manual page in current FreeBSD. Retrieved 2006-12-24.
  93. 1 2 3 4 5 6 7 8 9 10 11 Jari Ruusu. "loop-AES README file". Archived from the original on 2023-08-23. Retrieved 2007-04-23.
  94. Using customization
  95. "McAfee Endpoint Encryption" (PDF). McAfee. Archived from the original (PDF) on 2010-12-17. Retrieved 2012-07-26.
  96. n-Crypt Pro does not use password authentication— biometric/USB dongle authentication only
  97. "PGP Whole Disk Encryption FAQ". PGP Corporation. Archived from the original on 2006-12-24. Retrieved 2006-12-24.
  98. PGP private keys are always protected by strengthened passphrases
  99. 1 2 "Embedded Security: Trusted Platform Module Technology Comes of Age". Utimaco. Archived from the original on 2006-08-23. Retrieved 2008-03-04.
  100. "ThinkVantage Technologies Deployment Guide" (PDF). Lenovo . Retrieved 2008-03-05.
  101. 1 2 For TrueCrypt containers
  102. "SecureDoc Product Information". WinMagic Inc. Archived from the original on 2008-03-13. Retrieved 2008-03-05.
  103. optional by using -K OpenBSD Manual Pages: vnconfig(8)
  104. "Endpoint Encryption".
  105. "Solutions for Solid-State Drives (SSD) - Endpoint Encryption". Archived from the original on 2014-11-29. Retrieved 2014-11-17.
  106. "Support for smart card readers - Endpoint Encryption".
  107. 1 2 3 "Operating Systems Supported for System Encryption". TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 2013-01-08. Retrieved 2014-05-28.
  108. Although each volume encrypted with TrueCrypt can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (cf. TrueCrypt FAQ: Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)? )
  109. "Operating Systems Supported for System Encryption". VeraCrypt Documentation. IDRIX. Retrieved 2017-10-11.
  110. "Whole Hard Disk Encryption Software - BestCrypt Volume Encryption - Jetico Inc. Oy". Archived from the original on 2009-08-29. Retrieved 2009-09-17.
  111. Within a VHD http://www.howtogeek.com/193013/how-to-create-an-encrypted-container-file-with-bitlocker-on-windows/
  112. dm-crypt can encrypt a file-based volume when used with the losetup utility included with all major Linux distributions
  113. yes, but the user needs custom scripts: http://www.linuxquestions.org/questions/slackware-14/luks-encryption-swap-and-hibernate-627958/
  114. Uses proprietary e-Capsule file system not exposed to the OS.
  115. 1 2 not technically part of FileVault, but provided by many versions of Mac OS X; can be enabled independently of FileVault
  116. http://macmarshal.com/images/Documents/mm_wp_102.pdf%5B%5D
  117. "Use FileVault to encrypt the startup disk on your Mac".
  118. 1 2 File-based volume encryption is possible when used with mdconfig(8) utility.
  119. "Control Break International Debuts SafeBoot Version 4.27". September 2004. Archived from the original on 2015-04-02. Retrieved 2015-03-05.
  120. http://www.openbsd.org/plus38.html OpenBSD 3.8 change notes
  121. however, not Windows UEFI-based computers with a GUID partition table (GPT)
  122. LRW_issue
  123. Containers created with ArchiCrypt Live version 5 use LRW
  124. "New features in BestCrypt version 8". Jetico. Archived from the original on 2007-02-04. Retrieved 2007-03-02.
  125. "New features in version 2". Jetico. Archived from the original on 2008-09-05. Retrieved 2009-03-01.
  126. 1 2 Niels Fergusson (August 2006). "AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista" (PDF). Microsoft . Retrieved 2008-02-22.{{cite journal}}: Cite journal requires |journal= (help)
  127. "man 4 cgd in NetBSD-current". NetBSD current manual page on CGD. 2006-03-11. Retrieved 2006-12-24.
  128. 1 2 Containers created with TrueCrypt versions 1.0 through 4.0 use CBC.
  129. 1 2 Containers created with TrueCrypt versions 4.1 through 4.3a use LRW, and support CBC for opening legacy containers only.
  130. Containers created with CipherShed or TrueCrypt versions 5.0+ use XTS, and support LRW/CBC for opening legacy containers only.
  131. Starting with Linux kernel version 2.6.20, CryptoAPI supports the LRW mode: https://lwn.net/Articles/213650/
  132. "cryptsetup - manage plain dm-crypt and LUKS encrypted volumes". 2018-01-01. Retrieved 2018-05-08.
  133. "OS X Lion: About FileVault 2" . Retrieved 2011-01-03.
  134. "Linux/BSD disk encryption comparison". Archived from the original on 2007-06-29. Retrieved 2006-12-24.
  135. Pawel Jakub Dawidek (2006-06-08). "Data authentication for geli(8) committed to HEAD" . Retrieved 2021-11-22.
  136. For Scramdisk containers
  137. For TrueCrypt 4 containers
  138. For TrueCrypt 5 and 6 containers
  139. "'CVS: cvs.openbsd.org: src' - MARC".
  140. Containers created with TrueCrypt versions 5.0 or later use XTS, and support LRW/CBC for opening legacy containers only.


Related Research Articles

FileVault is a disk encryption program in Mac OS X 10.3 Panther (2003) and later. It performs on-the-fly encryption with volumes on Mac computers.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

<span class="mw-page-title-main">TrueCrypt</span> Discontinued source-available disk encryption utility

TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the whole storage device.

In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists.

Disk encryption software is a computer security software that protects the confidentiality of data stored on computer media by using disk encryption.

Encryption software is software that uses cryptography to prevent unauthorized access to digital information. Cryptography is used to protect digital information on computers as well as the digital information that is sent to other computers over the Internet.

Disk encryption is a special case of data at rest protection when the storage medium is a sector-addressable device. This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussion of different software packages and hardware devices devoted to this problem, see disk encryption software and disk encryption hardware.

<span class="mw-page-title-main">FreeOTFE</span> Disk encryption software application

FreeOTFE is a discontinued open source computer program for on-the-fly disk encryption (OTFE). On Microsoft Windows, and Windows Mobile, it can create a virtual drive within a file or partition, to which anything written is automatically encrypted before being stored on a computer's hard or USB drive. It is similar in function to other disk encryption programs including TrueCrypt and Microsoft's BitLocker.

Institute of Electrical and Electronics Engineers (IEEE) standardization project for encryption of stored data, but more generically refers to the Security in Storage Working Group (SISWG), which includes a family of standards for protection of stored data and for the corresponding cryptographic key management.

The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux.

Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

<span class="mw-page-title-main">BestCrypt</span> Commercial disk encryption app available for Windows, Linux, macOS and Android

BestCrypt, developed by Jetico, is a commercial disk encryption app available for Windows, Linux, macOS and Android.

dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks. In addition to that, dm-crypt addresses some reliability problems of cryptoloop.

<span class="mw-page-title-main">Private Disk</span>

Private Disk is a disk encryption application for the Microsoft Windows operating system, developed by Dekart SRL. It works by creating a virtual drive, the contents of which is encrypted on-the-fly; other software can use the drive as if it were a usual one.

Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD/SSD) vendors, including: Hitachi, Integral Memory, iStorage Limited, Micron, Seagate Technology, Samsung, Toshiba, Viasat UK, Western Digital. The symmetric encryption key is maintained independently from the computer's CPU, thus allowing the complete data store to be encrypted and removing computer memory as a potential attack vector.

geli is a block device-layer disk encryption system written for FreeBSD, introduced in version 6.0. It uses the GEOM disk framework. It was designed and implemented by Paweł Jakub Dawidek.

There are various implementations of the Advanced Encryption Standard, also known as Rijndael.

crypt is a POSIX C library function. It is typically used to compute the hash of user account passwords. The function outputs a text string which also encodes the salt, and identifies the hash algorithm used. This output string forms a password record, which is usually stored in a text file.

<span class="mw-page-title-main">VeraCrypt</span> Free and open-source disk encryption utility

VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or the entire storage device with pre-boot authentication.