DiskCryptor

Last updated

DiskCryptor
DiskCryptor logo.png
DiskCryptor 0.9.png
DiskCryptor main window
Developer(s) Anonymous ntldr David Xanatos [1]
Stable release
1.2.2/848.118.202 Stable / 27 April 2020 (2020-04-27)
Written in C, Assembly
Operating system
Available inEnglish
Type Disk encryption software
License GNU GPLv3
Website diskcryptor.org

DiskCryptor is a free and open-source full disk encryption system for Microsoft Windows. [2] [3] It allows for the encryption of a PC's entire hard drive or individual partitions. It also includes the ability to encrypt the partition and disk on which the OS is installed. [4]

Contents

DiskCryptor was originally designed to replace commercial disk encryption systems such as DriveCrypt Plus Pack and PGP Whole Disk Encryption, and uses either AES-256, Twofish, Serpent or a combination of cascaded algorithms in XTS mode to carry out encryption.

The project was originally started by a former TrueCrypt user and forum member who goes by the name of 'ntldr' (anonymous). According to the developer, it was originally fully compatible with TrueCrypt's container format as it used a corresponding partition format and encrypted data with AES-256 algorithm in LRW mode. However, according to the software's website, has since improved on the format in order to allow data-in-place encryption on Windows XP, to allow the system partition to have exactly the same format as non-system partitions and to support future project plans.

After the original TrueCrypt was discontinued, DiskCryptor is an alternative that had not been updated for a long time, but since 2020 development has restarted. [5] Notable changes are the ability to boot in an UEFI environment from GPT disks. [6] [7] Other alternatives have appeared, most notably the source-available project VeraCrypt (based on the original TrueCrypt source code). However, DiskCryptor is more efficient and faster, which is mostly noticeable on NVMe storage devices. [8] [9] [10]

Program features

For limitations in the current version, as well as other technical information, see official website Archived 4 August 2018 at the Wayback Machine .

Encryption algorithms

All algorithms are implemented in XTS mode.

Hash function

Performance

With modern computer system that have hardware accelerated AES calculations, Diskcryptor has nearly native write/read performance in the multi GB/s range even on very fast modern storage devices like NVMe. [8] On an Intel Core 2 Quad (Q6600) CPU data encryption speed amounts to 104 MB/s per core. [11] Crypto-algorithms for the x86 version are implemented in assembly language, the implementation having a maximum number of optimizations for the Intel Core line of processors, however it performs sufficiently fast on any other processor as well. [12] Almost all possible enhancements to improve the performance have been applied such as the AES algorithm code is being dynamically generated with optimization made for the usage of a particular key. [11]

Supported OS

Operating systems Service pack Instruction set architecture
Windows XPSP0–SP3x86, x64
Server 2003SP0–SP2x86, x64
VistaSP0–SP2x86, x64
Server 2008SP0–SP2x86, x64
7SP0–SP1x86, x64
Server 2008 R2x64
8, 8.1x86, x64
Server 2012x64
10x86, x64

See also

Related Research Articles

FileVault is a disk encryption program in Mac OS X 10.3 (2003) and later. It performs on-the-fly encryption with volumes on Mac computers.

Unified Extensible Firmware Interface Operating system software specification

The Unified Extensible Firmware Interface (UEFI) is a publicly available specification that defines a software interface between an operating system and platform firmware. UEFI replaces the legacy Basic Input/Output System (BIOS) firmware interface originally present in all IBM PC-compatible personal computers, with most UEFI firmware implementations providing support for legacy BIOS services. UEFI can support remote diagnostics and repair of computers, even with no operating system installed.

TrueCrypt Discontinued source-available disk encryption utility

TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device.

Encryption software is software that uses cryptography to prevent unauthorized access to digital information. Cryptography is used to protect digital information on computers as well as the digital information that is sent to other computers over the Internet.

GUID Partition Table Computer disk partitioning standard

The GUID Partition Table (GPT) is a standard for the layout of partition tables of a physical computer storage device, such as a hard disk drive or solid-state drive, using universally unique identifiers, which are also known as globally unique identifiers (GUIDs). Forming a part of the Unified Extensible Firmware Interface (UEFI) standard, it is nevertheless also used for some BIOS systems, because of the limitations of master boot record (MBR) partition tables, which use 32 bits for logical block addressing (LBA) of traditional 512-byte disk sectors.

Disk encryption is a special case of data at rest protection when the storage medium is a sector-addressable device. This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussion of different software packages and hardware devices devoted to this problem, see disk encryption software and disk encryption hardware.

BitLocker Disk encryption software for Microsoft Windows

BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.

FreeOTFE

FreeOTFE is a discontinued open source computer program for on-the-fly disk encryption (OTFE). On Microsoft Windows, and Windows Mobile, it can create a virtual drive within a file or partition, to which anything written is automatically encrypted before being stored on a computer's hard or USB drive. It is similar in function to other disk encryption programs including TrueCrypt and Microsoft's BitLocker.

Institute of Electrical and Electronics Engineers (IEEE) standardization project for encryption of stored data, but more generically refers to the Security in Storage Working Group (SISWG), which includes a family of standards for protection of stored data and for the corresponding cryptographic key management.

The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and was originally intended for Linux.

Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

BestCrypt Commercial disk encryption app available for Windows, Linux, macOS and Android

BestCrypt, developed by Jetico, is a commercial disk encryption app available for Windows, Linux, macOS and Android.

This is a technical feature comparison of different disk encryption software.

dm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks. In addition to that, dm-crypt addresses some reliability problems of cryptoloop.

The BIOS boot partition is a partition on a data storage device that GNU GRUB uses on legacy BIOS-based personal computers in order to boot an operating system, when the actual boot device contains a GUID Partition Table (GPT). Such a layout is sometimes referred to as BIOS/GPT boot.

In computer security, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used for retrieving encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes following a power switch-off.

Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD/SSD) vendors, including: ClevX, Hitachi, Integral Memory, iStorage Limited, Micron, Seagate Technology, Samsung, Toshiba, Viasat UK, Western Digital. The symmetric encryption key is maintained independently from the computer's CPU, thus allowing the complete data store to be encrypted and removing computer memory as a potential attack vector.

NVM Express (NVMe) or Non-Volatile Memory Host Controller Interface Specification (NVMHCIS) is an open, logical-device interface specification for accessing a computer's non-volatile storage media usually attached via PCI Express (PCIe) bus. The acronym NVM stands for non-volatile memory, which is often NAND flash memory that comes in several physical form factors, including solid-state drives (SSDs), PCI Express (PCIe) add-in cards, and M.2 cards, the successor to mSATA cards. NVM Express, as a logical-device interface, has been designed to capitalize on the low latency and internal parallelism of solid-state storage devices.

TRESOR is a Linux kernel patch which provides encryption using only the CPU to defend against cold boot attacks on computer systems by performing encryption inside CPU registers rather than random-access memory (RAM). It is one of two proposed solutions for general-purpose computers. The other, called "frozen cache" uses the CPU cache instead. It was developed from its predecessor AESSE, presented at EuroSec 2010 and presented at USENIX Security 2011. The authors state that it allows RAM to be treated as untrusted from a security viewpoint without hindering the system.

VeraCrypt Free and open-source disk encryption utility

VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or the entire storage device with pre-boot authentication.

References

  1. "DavidXanatos - Overview". GitHub .
  2. OTFEDB entry for DiskCryptor v0.2 Archived 11 June 2009 at the Wayback Machine
  3. Whitepaper: Full-Disk-Encryption Crash-Course – Everything to hide by Jürgen Pabel
  4. DiskCryptor version history Archived 6 September 2013 at the Wayback Machine
  5. "Releases · DavidXanatos/DiskCryptor". GitHub .
  6. "DiskCryptor". GitHub . 14 February 2022.
  7. https://diskcryptor.org/
  8. 1 2 "Very bad performance on NVME SSD · Issue #136 · veracrypt/VeraCrypt". GitHub .
  9. "VeraCrypt / Forums / Technical Topics: High CPU load while performing disk R/W".
  10. "VeraCrypt / Forums / General Discussion: SSD Very Slow Performance Compared to BitLocker (Using AES)".
  11. 1 2 "DiskCryptor official website: DiskCryptor Wiki, Main Page". Archived from the original on 4 August 2018. Retrieved 30 May 2014.
  12. "VeraCrypt / Forums / Technical Topics: High CPU load while performing disk R/W".