FreeOTFE

Last updated
FreeOTFE
Developer(s) Sarah Dean
Stable release
5.21 / 7 February 2010;13 years ago (2010-02-07)
Written in C, Delphi (GUI)
Operating system Microsoft Windows and Windows Mobile
Available inCroatian, Czech, English, French, German, Greek, Italian, Japanese, Russian and Spanish
Type Disk encryption software
License Free and open-source software that requires attribution [1]
Website FreeOTFE at the Wayback Machine (archived May 31, 2013)
FreeOTFE4PDA FreeOTFE4PDA.png
FreeOTFE4PDA

FreeOTFE is a discontinued open source computer program for on-the-fly disk encryption (OTFE). On Microsoft Windows, and Windows Mobile (using FreeOTFE4PDA), it can create a virtual drive within a file or partition, to which anything written is automatically encrypted before being stored on a computer's hard or USB drive. It is similar in function to other disk encryption programs including TrueCrypt and Microsoft's BitLocker. [2]

Contents

The author, Sarah Dean, went absent as of 2011. The FreeOTFE website is unreachable as of June 2013 and the domain name is now registered by a domain squatter. The original program can be downloaded from a mirror at Sourceforge. In June 2014, a fork of the project now named LibreCrypt appeared on GitHub. [3]

Overview

FreeOTFE was initially released by Sarah Dean in 2004, and was the first open source code disk encryption system that provided a modular architecture allowing 3rd parties to implement additional algorithms if needed. Older FreeOTFE licensing required that any modification to the program be placed in the public domain. This does not conform technically to section 3 of the Open Source definition. Newer program licensing omits this condition. The FreeOTFE license has not been approved by the Open Source Initiative and is not certified to be labeled with the open-source certification mark.

This software is compatible with Linux encrypted volumes (e.g. LUKS, cryptoloop, dm-crypt), allowing data encrypted under Linux to be read (and written) freely. It was the first open source transparent disk encryption system to support Windows Vista and PDAs. [4] [5] [6] [7]

Optional two-factor authentication using smart cards and/or hardware security modules (HSMs, also termed security tokens) [8] was introduced in v4.0, using the PKCS#11 (Cryptoki) standard developed by RSA Laboratories.

FreeOTFE also allows any number of "hidden volumes" to be created, giving plausible deniability and deniable encryption, and also has the option of encrypting full partitions or disks (but not the system partition). [9]

Portable use

FreeOTFE Explorer allows access to encrypted disks, without installing any drivers. FreeOTFEExplorer.png
FreeOTFE Explorer allows access to encrypted disks, without installing any drivers.

FreeOTFE can be used in "portable" (or "traveller") mode, which allows it to be kept on a USB drive or other portable media, together with its encrypted data, and carried around. This allows it to be used under Microsoft Windows without installation of the complete program to "mount" and access the encrypted data through a virtual disk.

The use of this mode requires installing device drivers (at least temporarily) to create virtual disks, and as a consequence administrator rights are needed to start this traveller mode. As with most open source software that uses device drivers, the user must enable test signing [10] when running Windows Vista x64 and Windows 7 x64 systems. [11]

Driverless operation

Packaged with FreeOTFE is another program called "FreeOTFE Explorer", [12] which provides a driverless system that allows encrypted disks to be used without administrator rights.

This allows FreeOTFE encrypted data to be used on (for example) public computers found in libraries or computer kiosks (interactive kiosks), where administrator rights are unavailable.

Unlike FreeOTFE, FreeOTFE Explorer does not provide on-the-fly encryption through a virtual drive. [12] Instead it lets files be stored and extracted from encrypted disk images, in a similar manner as ZIP and RAR archives, by using a Windows Explorer like interface.

Algorithms implemented

Due to its architecture, FreeOTFE provides great flexibility to the user with its encryption options.

Ciphers

FreeOTFE implements several ciphers, including:

It includes all National Institute of Standards and Technology (NIST) Advanced Encryption Standard (AES) finalists, and all ciphers can be used with multiple different keylengths.

Cipher modes

FreeOTFE originally offered encryption using cipher-block chaining (CBC) with encrypted salt-sector initialization vector (ESSIV), though from v3.00 introduced LRW and also the more secure XTS mode, which supersedes LRW in the IEEE P1619 standard for disk encryption.

Hashes

As with its cipher options, FreeOTFE offers many different hash algorithms:

See also

Related Research Articles

Articles related to cryptography include:

CrossCrypt is an open-source on-the-fly encryption program for the Microsoft Windows XP/2000 operating systems. CrossCrypt allows a user to make virtual drives which encrypt any files stored on them, making the encryption process seamless to the user.

<span class="mw-page-title-main">TrueCrypt</span> Discontinued source-available disk encryption utility

TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device.

In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists.

Disk encryption software is computer security software that protects the confidentiality of data stored on computer media by using disk encryption.

Encryption software is software that uses cryptography to prevent unauthorized access to digital information. Cryptography is used to protect digital information on computers as well as the digital information that is sent to other computers over the Internet.

Disk encryption is a special case of data at rest protection when the storage medium is a sector-addressable device. This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussion of different software packages and hardware devices devoted to this problem, see disk encryption software and disk encryption hardware.

Encryption for the Masses (E4M) is a free disk encryption software for Windows NT and Windows 9x families of operating systems. E4M is discontinued; it is no longer maintained. Its author, former criminal cartel boss Paul Le Roux, joined Shaun Hollingworth to produce the commercial encryption product DriveCrypt for the security company SecurStar.

Institute of Electrical and Electronics Engineers (IEEE) standardization project for encryption of stored data, but more generically refers to the Security in Storage Working Group (SISWG), which includes a family of standards for protection of stored data and for the corresponding cryptographic key management.

The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux.

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

<span class="mw-page-title-main">BestCrypt</span> Commercial disk encryption app available for Windows, Linux, macOS and Android

BestCrypt, developed by Jetico, is a commercial disk encryption app available for Windows, Linux, macOS and Android.

This is a technical feature comparison of different disk encryption software.

dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks. In addition to that, dm-crypt addresses some reliability problems of cryptoloop.

<span class="mw-page-title-main">Private Disk</span>

Private Disk is a disk encryption application for the Microsoft Windows operating system, developed by Dekart SRL. It works by creating a virtual drive, the contents of which is encrypted on-the-fly; other software can use the drive as if it were a usual one.

Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection. RDS was first released in 1998 as Terminal Server in Windows NT 4.0 Terminal Server Edition, a stand-alone edition of Windows NT 4.0 Server that allowed users to log in remotely. Starting with Windows 2000, it was integrated under the name of Terminal Services as an optional component in the server editions of the Windows NT family of operating systems, receiving updates and improvements with each version of Windows. Terminal Services were then renamed to Remote Desktop Services with Windows Server 2008 R2 in 2009.

There are various implementations of the Advanced Encryption Standard, also known as Rijndael.

wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS written in the C programming language. It includes SSL/TLS client libraries and an SSL/TLS server implementation as well as support for multiple APIs, including those defined by SSL and TLS. wolfSSL also includes an OpenSSL compatibility interface with the most commonly used OpenSSL functions.

<span class="mw-page-title-main">Xor–encrypt–xor</span> Block cypher operating mode

The xor–encrypt–xor (XEX) is a (tweakable) mode of operation of a block cipher. In tweaked-codebook mode with ciphertext stealing, it is one of the more popular modes of operation for whole-disk encryption. XEX is also a common form of key whitening, and part of some smart card proposals.

<span class="mw-page-title-main">VeraCrypt</span> Free and open-source disk encryption utility

VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or the entire storage device with pre-boot authentication.

References

  1. FreeOTFE license
  2. David A. Karp, Windows Vista annoyances, O'Reilly Media, Inc., 2008, ISBN   0-596-52762-4, page 5.
  3. LibreCrypt on GitHub
  4. FreeOTFE version history
  5. Michael Mandaville, Citizen-Soldier Handbook: 101 Ways Every American Can Fight Terrorism, Dog Ear Publishing, 2009 ISBN   1-59858-671-8, page 253.
  6. Gregory B. White, Wm. Arthur Conklin, Dwayne Williams, Roger L. Davis, Chuck Cothren, CompTIA Security+ All-in-One Exam Guide, Second Edition, McGraw Hill Professional, 2008, ISBN   0-07-160127-9, page 103.
  7. Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Security power tools, O'Reilly Media, Inc., 2007, ISBN   0-596-00963-1, page 523.
  8. Security Token/Smartcard Support
  9. Partition/Entire Disk Based Volumes
  10. What is Windows 7 Test Mode
  11. Additional Information for Windows Vista x64 and Windows 7 x64 Users
  12. 1 2 FreeOTFE v. FreeOTFE Explorer Comparison