From Surf Wiki (app.surf) — the open knowledge base

Comparison of disk encryption software

None

This is a technical feature comparison of different disk encryption software.

Background information

Name	Developer	First released	Licensing	Maintained?	Aloaha Crypt Disk	ArchiCrypt Live
Aloaha	2008
Softwaredevelopment Remus ArchiCrypt	1998
Jetico	1993
BitArmor Systems Inc.	2008-05
Microsoft	2006
Bloombase	2012
Secomba GmbH	2011
Roland C. Dowdeswell	2002-10-04
CenterTools	2008
Check Point Software Technologies Ltd	title=Protect guards laptop and desktop data	url=http://www.infoworld.com/cgi-bin/displayArchive.pl?/99/25/c05-25.48.htm	access-date=2008-09-03	url-status=dead	archive-url=https://web.archive.org/web/20050302202315/http://www.infoworld.com/cgi-bin/displayArchive.pl?%2F99%2F25%2Fc05-25.48.htm	archive-date=March 2, 2005 }}
CipherShed Project	2014
Steven Scherrer	2004-02-10
Sebastian Messmer	2015
Prim'X Technologies	2010
Cypherix Software	1998
Exlade	2003
WinEncrypt
	2003-07-02
Skymatic UG (limited liability)	2016-03-09
cpsd it-services GmbH	2010
cpsd it-services GmbH	2012
Stefan Küng	2012
Cosect Ltd.	2008
ntldr, David Xanatos	2007
Becrypt Ltd	2001
Christophe Saout	2004-03-11
Clemens Fruhwirth (LUKS)	2005-02-05
DriveSentry	2008
Paul Le Roux	1998-12-18
EISST Ltd.	2005
Dustin Kirkland, Tyler Hicks, (formerly Mike Halcrow)	2005
EgoSecure GmbH	2006
Valient Gough	2003
ENC Security Systems	2009
Apple Inc.	2003-10-24
Apple Inc.	2011-07-20
CE-Infosys	2002
Sarah Dean	2004-10-10
Poul-Henning Kamp	2002-10-19
Pawel Jakub Dawidek	2005-04-11
Werner Koch	1999-09-07
Jakob Unterwurzacher	2015-10-07
AgileBits	2010
The MorphOS Development Team	2010
tdk	2014-06-19
Jari Ruusu	2001-04-11
McAfee, LLC	2007
n-Trance Security Ltd	2005
PGP Corporation (acquired by Symantec in 2010)	1998-09-01
Dekart	1993
v77	2013
R-Tools Technology Inc	2008
Sophos (Utimaco)	1993
Sophos (Utimaco)	2007
url=ftp://ftp.software.ibm.com/pc/pccbbs/thinkcentre_pdf/rr30mst.pdf	server=Lenovo	url-status=dead	title=ThinkVantage Technologies Deployment Guide	access-date=2008-03-05}}	2000
PC Dynamics, Inc.	1992
Shaun Hollingworth	1997-07-01
Hans-Ulrich Juettner	2005-08-06
Aiko Solutions	2007-02-19
SECUDE	2003
Quick Heal Technologies Ltd.	2017
SoftWinter	1998
OpenBSD	2007-11-01
Information Security Corp.	2002
OpenBSD	2000-12-01
Symantec Corporation	2008
Alex Hornung	2012-01-28
Trend Micro	2004 or earlier
TrueCrypt Foundation	2004-02-02
WinAbility Software Corp.	2010
IDRIX	2013-06-22
CyberSoft	2013

Operating systems

Name	Android	Windows NT	iOS	Mac OS X	Linux	FreeBSD	OpenBSD	NetBSD		Aloaha Crypt Disk		BestCrypt Volume Encryption		BitArmor DataControl		BitLocker		Bloombase StoreSafe		Boxcryptor		CenterTools DriveLock		CGD		Check Point Full Disk Encryption		CipherShed		CrossCrypt		CryFS		Cryhod		Cryptainer		CryptArchiver		Cryptic Disk		Cryptoloop		Cryptomator		CryptoPro Secure Disk Enterprise		CryptoPro Secure Disk for BitLocker		Cryptsetup / Dmsetup		CryptSync		Discryptor		DiskCryptor		DISK Protect		Dm-crypt / LUKS		DriveSentry GoAnywhere 2		E4M		e-Capsule Private Safe		eCryptfs		EgoSecure HDD Encryption		EncFS		EncryptStick		EncryptUSB		FileVault		FileVault 2		FREE CompuSec		FreeOTFE		GBDE		GELI		Knox		LibreCrypt		Loop-AES		McAfee Drive Encryption (SafeBoot)		n-Crypt Pro		PGPDisk		PGP Whole Disk Encryption		Private Disk		ProxyCrypt		R-Crypto		SafeGuard Easy		SafeGuard Enterprise		SafeGuard PrivateDisk		SafeHouse Professional		Scramdisk		Scramdisk 4 Linux		SecuBox		SecureDoc		Sentry 2020		Seqrite Volume Encryption		Softraid / RAID C		SpyProof!		Svnd / Vnconfig		Symantec Endpoint Encryption		Tcplay		Trend Micro Endpoint Encryption		TrueCrypt		USBCrypt		VeraCrypt		CyberSafe Top Secret	Name	Android	Windows NT	iOS	Mac OS X	Linux	FreeBSD	OpenBSD	NetBSD
	url=http://www.cryptomator.org	title = Cryptomator - Free Cloud Encryption}}
url=https://www.boxcryptor.com/	title=Boxcryptor - Encryption for cloud storage - Window, Mac, Android, iOS}}	url=http://www.getsafe.org/	title=Safe - Protect Your Files	access-date=2016-03-29	archive-url=https://web.archive.org/web/20160421064348/http://www.getsafe.org/	archive-date=2016-04-21	url-status=dead}}			(FUSE)	(FUSE)	(FUSE)	(FUSE)

Features

Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established) can be created for deniable encryption. Note that some modes of operation like CBC with a plain IV can be more prone to watermarking attacks than others.
Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk.
Single sign-on: Whether credentials provided during pre-boot authentication will automatically log the user into the host operating system, thus preventing password fatigue and reducing the need to remember multiple passwords.
Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications.
Multiple keys: Whether an encrypted volume can have more than one active key.
Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2 or Argon2.
Hardware acceleration: Whether dedicated cryptographic accelerator expansion cards can be taken advantage of.
Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor.
Filesystems: What filesystems are supported.
Two-factor authentication: Whether optional security tokens (hardware security modules, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11)

Name	Hidden containers	Pre-boot authentication	Single sign-on	Custom authentication	Multiple keys	Passphrase strengthening	Hardware acceleration	TPM	Filesystems	Two-factor authentication	Aloaha Secure Stick	ArchiCrypt Live	BestCrypt	BitArmor DataControl	BitLocker	Bloombase StoreSafe	CGD
url=https://web.archive.org/web/20110824163518/http://www.archicrypt-shop.com/ArchiCrypt-Live.htm	date=2011-08-24 }}
							url=http://technet2.microsoft.com/windowsserver2008/en/library/ce4d5a2e-59a5-4742-89cc-ef9f5908b4731033.mspx?mfr=true	title=BitLocker Drive Encryption Technical Overview	publisher=Microsoft	access-date=2008-03-13	url-status=dead	archive-url=https://web.archive.org/web/20080224023214/http://technet2.microsoft.com/windowsserver2008/en/library/ce4d5a2e-59a5-4742-89cc-ef9f5908b4731033.mspx?mfr=true	archive-date=2008-02-24}}
			author=Roland C. Dowdeswell, John Ioannidis	title=The CryptoGraphic Disk Driver	journal=CGD Design Paper	url=http://www.imrryr.org/~elric/cgd/cgd.pdf	access-date=2006-12-24 }}	author=Federico Biancuzzi	date=2005-12-21	title=Inside NetBSD's CGD	work=interview with Roland Dowdeswell	url=http://www.onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html?page=1	publisher=ONLamp.com	access-date=2006-12-24	archive-date=2007-09-29	archive-url=https://web.archive.org/web/20070929091538/http://www.onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html?page=1	url-status=dead }}

(limited to one per
"outer" container)							title=Some encryption programs use TPM to prevent attacks. Will TrueCrypt use it too?	work=TrueCrypt FAQ	publisher=TrueCrypt Foundation	url=http://www.truecrypt.org/faq#tpm	archive-url=https://archive.today/20130416052646/http://www.truecrypt.org/faq	url-status=dead	archive-date=2013-04-16	access-date=2014-05-28 }}
						title=DiskCryptor Features	url=http://diskcryptor.net/wiki/Main_Page/en	access-date=2010-05-25	url-status=dead	archive-url=https://web.archive.org/web/20100529120057/http://diskcryptor.net/wiki/Main_Page/en	archive-date=2010-05-29 }}
	title=DISK Protect Data Sheet	url=https://www.becrypt.com/uk/uploads/files/Disk%20Protect%20Standard_.pdf	access-date=2018-12-02 }}
title=Multi level access with separate access credentials, each enabling a different set of functional or logical operations	publisher=EISST Ltd.	url=http://www.eisst.com/products/private_safe/compare/	access-date=2007-07-25	archive-date=2007-09-28	archive-url=https://web.archive.org/web/20070928145451/http://www.eisst.com/products/private_safe/compare/	url-status=dead }}
						url=http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set/	title=Intel Advanced Encryption Standard (AES) Instructions Set - Rev 3	publisher=Intel	access-date=2012-07-26}}
					author=Jacob Appelbaum, Ralf-Philipp Weinmann	date=2006-12-29	title=Unlocking FileVault: An Analysis of Apple's disk encryption	url=https://events.ccc.de/congress/2006/Fahrplan/attachments/1244-23C3VileFault.pdf	access-date=2012-01-03 }}	?
						url=https://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/13	title= Mac OS X 10.7 Lion: the Ars Technica review	website=Ars Technica	date=2011-07-20	access-date=2012-01-03 }}
	title=FreeBSD Handbook: Encrypting Disk Partitions	url=http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html	access-date=2006-12-24 }}			author=Poul-Henning Kamp	title=GBDE - GEOM Based Disk Encryption	journal=GBDE Design Document	url=http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf	access-date=2006-12-24	author-link=Poul-Henning Kamp }}
				title=geli(8) man page in FreeBSD-current	work=GELI manual page in current FreeBSD	url=http://www.freebsd.org/cgi/man.cgi?query=geli&apropos=0&sektion=0&manpath=FreeBSD+7-current&format=html	access-date=2006-12-24 }}
	author=Jari Ruusu	title=loop-AES README file	url=https://loop-aes.sourceforge.net/loop-AES.README	access-date=2007-04-23	archive-date=2023-08-23	archive-url=https://web.archive.org/web/20230823163835/https://loop-aes.sourceforge.net/loop-AES.README	url-status=dead }}
						url=http://www.mcafee.com/us/resources/data-sheets/ds-endpoint-encryption.pdf	title=McAfee Endpoint Encryption	publisher=McAfee	access-date=2012-07-26	url-status=dead	archive-url=https://web.archive.org/web/20101217175911/http://mcafee.com/us/resources/data-sheets/ds-endpoint-encryption.pdf	archive-date=2010-12-17}}
	title=PGP Whole Disk Encryption FAQ	publisher=PGP Corporation	url=http://www.pgp.com/products/wholediskencryption/faq.html	access-date=2006-12-24	archive-date=2006-12-24	archive-url=https://web.archive.org/web/20061224231228/http://www.pgp.com/products/wholediskencryption/faq.html	url-status=dead }}
							url=http://americas.utimaco.com/encryption/TPM-Technology-Comes-Of-Age.html	title=Embedded Security: Trusted Platform Module Technology Comes of Age	publisher=Utimaco	access-date=2008-03-04	url-status=dead	archive-url=https://web.archive.org/web/20060823075648/http://americas.utimaco.com/encryption/TPM-Technology-Comes-Of-Age.html	archive-date=2006-08-23}}
							url=http://download.lenovo.com/ibmdl/pub/pc/pccbbs/thinkcentre_pdf/rr30mst.pdf	title=ThinkVantage Technologies Deployment Guide	publisher=Lenovo	access-date=2008-03-05}}
	title=SecureDoc Product Information	publisher=WinMagic Inc.	url=http://www.winmagic.com/solutions/securedoc.html	access-date=2008-03-05	archive-url=https://web.archive.org/web/20080313174257/http://www.winmagic.com/solutions/securedoc.html	archive-date=2008-03-13	url-status=dead }}

(limited to one per
"outer" container)

(limited to one per
"outer" container)

Layering

Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to pre-boot authentication in the features comparison table.
Partition: Whether individual disk partitions can be encrypted.
File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices).
Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly.
Hibernation file: Whether the hibernation file is encrypted (if hibernation is supported).

Name	Whole disk	Partition	File	Swap space	Hibernation file	RAID	Aloaha Secure Stick	ArchiCrypt Live	BestCrypt	BitArmor DataControl

(except for the boot volume)

(except for the boot volume)
(parent volume is encrypted)
(parent volume is encrypted)
(parent volume is encrypted)
(add-on Secure Device)
				date=August 2017	bot=InternetArchiveBot	fix-attempted=yes }}
url=http://support.apple.com/kb/HT4790?viewlocale=en_US&locale=en_US	title=Use FileVault to encrypt the startup disk on your Mac}}

(except for the boot volume)
		mdconfig(8)}}] utility.
				title=Control Break International Debuts SafeBoot Version 4.27	date=September 2004	url=http://connection.ebscohost.com/c/articles/14197489/control-break-international-debuts-safeboot-version-4-27	archive-url=https://web.archive.org/web/20150402092906/http://connection.ebscohost.com/c/articles/14197489/control-break-international-debuts-safeboot-version-4-27	url-status=dead	archive-date=2015-04-02	access-date=2015-03-05}}
			(encrypted by default in OpenBSD)
			(encrypted by default in OpenBSD)

Modes of operation

Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.

CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks.
CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details)
LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.
XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWG (IEEE P1619) standard for disk encryption.
Authenticated encryption: Protection against ciphertext modification by an attacker

Name	CBC w/ predictable IVs	CBC w/ secret IVs	CBC w/ random per-sector keys	LRW	XTS	Authenticated encryption	Aloaha Crypt Disk	ArchiCrypt Live	BestCrypt	BitArmor DataControl	BitLocker	Bloombase StoreSafe	CGD	CenterTools DriveLock	Check Point Full Disk Encryption	CipherShed
author=Niels Fergusson	title=AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista	access-date=2008-02-22	publisher=Microsoft	date=August 2006	url=http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf}}
					{{yes	Yes, using `--integrity` mode{{cite web	url = https://man.cx/?page=cryptsetup(8)	title = cryptsetup - manage plain dm-crypt and LUKS encrypted volumes	access-date = 2018-05-08
	title=Linux/BSD disk encryption comparison	url=http://mareichelt.de/pub/notmine/linuxbsd-comparison.html	access-date=2006-12-24	url-status=dead	archive-url=https://web.archive.org/web/20070629214031/http://mareichelt.de/pub/notmine/linuxbsd-comparison.html	archive-date=2007-06-29 }}				{{yes	Yes, using `-a` option{{cite web	url = https://docs.freebsd.org/cgi/getmsg.cgi?fetch=326862+0+archive/2006/freebsd-current/20060611.freebsd-current	title = Data authentication for geli(8) committed to HEAD.	author = Pawel Jakub Dawidek	date = 2006-06-08	access-date = 2021-11-22

References

"Jetico Mission". Jetico.
"Bloombase StoreSafe". Bloombase.
Roland Dowdeswell. (2002-10-04). "CryptoGraphic Disk". mailing list announcement.
"Protect guards laptop and desktop data".
"Protect Data Security Inc. changes name to Pointsec Mobile Technologies Inc.".
"Check Point Completes the Offer for Protect Data with Substantial Acceptance of 87.1 Percent".
Niklas Lemcke. (2014-12-15). "Pre-Alpha testing started".
(2012-02-07). "TrueCrypt License Version 3.0". TrueCrypt Foundation.
Sarah Dean. (2004-02-10). "OTFEDB entry".
"Archived copy".
"Home".
"Releases · DavidXanatos/DiskCryptor".
dm-crypt was first included in Linux kernel version 2.6.4: https://lwn.net/Articles/75404/
Clemens Fruhwirth. "LUKS version history".
"archived E4M documentation".
"eCryptfs".
Valient Gough. (2003). "EncFS - an Encrypted Filesystem". README.md file.
"FreeOTFE version history".
"gbde(4) man page in FreeBSD 4.11". GBDE manual page as it appeared in FreeBSD 4.11.
"geli(8) man page in FreeBSD 6.0". GELI manual page as it first appeared in FreeBSD 6.0.
[https://gnupg.org/download/release_notes.html Release Notes. GnuPG]
"gocryptfs changelog on github".
(2014-06-20). "as received from FreeOTFE version v5.21 with small changes".
"McAfee Drive Encryption". McAfee.
"PGP 6.0 Freeware released- any int'l links?".
"Dekart Encryption software timeline". Dekart.
"SafeGuard Easy 4.5 Technical Whitepaper". Utimaco.
"SafeGuard Enterprise Technical Whitepaper". Utimaco.
"ThinkVantage Technologies Deployment Guide".
"ScramDisk 4 Linux Releases".
"Sentry 2020 news".
"OpenBSD 4.2 Changelog".
"OpenBSD 2.8 Changelog".
(2019-08-27). "bwalex/tc-play".
(2023-04-03). "bwalex/tc-play". Github.
[[Trend Micro]]
(4 September 2004). "Mobile Armor: Your Data.Secure. Everywhere.".
"TrueCrypt".
(2014-05-28). "TrueCrypt License Version 3.1". TrueCrypt Foundation.
"VeraCrypt".
(2015-06-28). "Apache License 2.0". IDRIX.
"Whole Hard Disk Encryption Software - BestCrypt Volume Encryption - Jetico Inc. Oy".
https://github.com/Aorimn/dislocker FUSE driver to read/write Windows BitLocker-ed volumes under Linux / Mac OSX. In addition cryptsetup and Linux 5.6+ can open bitlocker volumes (except volumes with legacy header used in Windows Vista or partially decrypted volumes) with either a password, a recovery passphrase, a startup key, or the volume key.
"Archived copy".
https://play.google.com/store/apps/details?id=com.sovworks.edslite Third party app allows to open containers encryptes with AES-256, SHA-512 hash and FAT file system
http://www.truecrypt.org/misc/freebsd Although CipherShed can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when CipherShed is attempted to be used
CrossCrypt - Only for the Microsoft Windows XP/2000 operating systems
http://www.freeotfe.org/docs/Main/Linux_volumes.htm FreeOTFE supports cryptoloop, dm-crypt/[[cryptsetup]]/[[dmsetup]], and dm-crypt/LUKS volumes
"Cryptomator - Free Cloud Encryption".
"Boxcryptor - Encryption for cloud storage - Window, Mac, Android, iOS".
"Safe - Protect Your Files".
https://code.google.com/p/libfvde/ libfvde supports reading FileVault2 Drive Encryption (FVDE) encrypted volumes. In addition cryptsetup also has partial FileVault2 support: it can open FileVault2 volumes with Core Storage and HFS+ filesystem, with a password.
http://www.freeotfe.org/docs/Main/Linux_volumes.htm Supports Linux volumes
https://play.google.com/store/apps/details?id=com.nemesis2.luksmanager&hl=en_GB Third party app allows a user to open LibreCrypt compatible LUKS containers
https://github.com/t-d-k/LibreCrypt/blob/master/docs/Linux_volumes.md Supports Linux volumes
"Endpoint Encryption Powered by PGP Technology - Symantec".
http://www.truecrypt.org/misc/freebsd Although TrueCrypt can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when TrueCrypt is attempted to be used
https://play.google.com/store/apps/details?id=com.sovworks.eds.android Third party app allows to encrypt and decrypt VeraCrypt containers (only available in the paid version)
https://apps.apple.com/de/app/disk-decipher/id516538625 Third party app allows to encrypt and decrypt VeraCrypt containers (only available in the paid version)
http://www.jetico.com/linux/bcrypt-help/c_hiddn.htm Hidden containers description from Jetico (BestCrypt)
Secret-containers and Camouflage files [http://www.archicrypt-shop.com/ArchiCrypt-Live.htm ArchiCrypt Live Description] {{Webarchive. link. (2011-08-24)
Supports "Guest" keys
Using "Archicrypt Card"
Supported by the BestCrypt container format; see BestCrypt SDK
Supported by the BestCrypt Volume Encryption software
With PIN or USB key
[http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/BitLockerExt.doc BitLocker Drive Encryption: Value Add Extensibility Options]
Recovery keys only.
"BitLocker Drive Encryption Technical Overview". [[Microsoft]].
Roland C. Dowdeswell, John Ioannidis. "The CryptoGraphic Disk Driver". CGD Design Paper.
Federico Biancuzzi. (2005-12-21). "Inside NetBSD's CGD". ONLamp.com.
"Operating Systems Supported for System Encryption". CipherShed Project.
Although each volume encrypted with CipherShed can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (''cf.'' TrueCrypt FAQ: ''[http://www.truecrypt.org/faq Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?]'')
"Keyfiles". TrueCrypt Foundation.
"Some encryption programs use TPM to prevent attacks. Will TrueCrypt use it too?". TrueCrypt Foundation.
(November 2016). "Future". TrueCrypt Foundation.
"CryFS: How it works".
dm-crypt and cryptoloop volumes can be mounted from the [[initrd]] before the system is booted
"DiskCryptor Features".
(10 February 2022). "DiskCryptor".
"DISK Protect Data Sheet".
"cryptsetup Frequently Asked Questions".
"Multi level access with separate access credentials, each enabling a different set of functional or logical operations". EISST Ltd..
uses the lower filesystem (stacking)
"Intel Advanced Encryption Standard (AES) Instructions Set - Rev 3". Intel.
Jacob Appelbaum, Ralf-Philipp Weinmann. (2006-12-29). "Unlocking FileVault: An Analysis of Apple's disk encryption".
(2011-07-20). "Mac OS X 10.7 Lion: the Ars Technica review".
FreeOTFE has a modular architecture and set of components to allow 3rd party integration
FreeOTFE allows multiple keys to mount the same container file via encrypted keyfiles
"FreeBSD Handbook: Encrypting Disk Partitions".
Poul-Henning Kamp. "GBDE - GEOM Based Disk Encryption". GBDE Design Document.
"geli(8) man page in FreeBSD-current". GELI manual page in current FreeBSD.
Jari Ruusu. "loop-AES README file".
Using customization
"McAfee Endpoint Encryption". McAfee.
n-Crypt Pro does not use password authentication— biometric/USB dongle authentication only
"PGP Whole Disk Encryption FAQ". PGP Corporation.
PGP private keys are always protected by strengthened passphrases
"Embedded Security: Trusted Platform Module Technology Comes of Age". Utimaco.
"ThinkVantage Technologies Deployment Guide". [[Lenovo]].
For TrueCrypt containers
"SecureDoc Product Information". WinMagic Inc..
optional by using -K [https://man.openbsd.org/mount_vnd.8#K OpenBSD Manual Pages: vnconfig(8)]
"Endpoint Encryption".
"Solutions for Solid-State Drives (SSD) - Endpoint Encryption".
"Support for smart card readers - Endpoint Encryption".
"Operating Systems Supported for System Encryption". TrueCrypt Foundation.
Although each volume encrypted with TrueCrypt can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (''cf.'' TrueCrypt FAQ: ''[http://www.truecrypt.org/faq Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?]'')
"Operating Systems Supported for System Encryption". IDRIX.
BitLocker can be used with a TPM PIN + external USB key for two-factor authentication
Windows 7 introduces Bitlocker-To-Go which supports NTFS, FAT32 or exFAT, however for hard drive encryption, [[Windows Vista]] and later are limited to be installable only on NTFS volumes
An external tool can be used to read the key from the TPM and then have the key passed on to dm-crypt/LUKS via the [[standard input]]
The current situation around TrueCrypt project is controversial. On 28.05.2014 after many years of development and broad usage the open-source (although anonymous) project was suddenly stopped, and all previous official materials and complete (encrypt/decrypt) binaries were withdrawn from its website citing some "unfixed security issues" and Windows XP end of support. The technical information herein is valid only for previous versions of TrueCrypt (v7.1a and some earlier). The latest available version (v7.2) is decrypt only, its authenticity and actual reasons behind the move are unclear, and its usage is not recommended. https://www.zdnet.com/article/truecrypt-quits-inexplicable/
"Whole Hard Disk Encryption Software - BestCrypt Volume Encryption - Jetico Inc. Oy".
Within a VHD http://www.howtogeek.com/193013/how-to-create-an-encrypted-container-file-with-bitlocker-on-windows/
dm-crypt can encrypt a file-based volume when used with the {{mono. losetup utility included with all major Linux distributions
yes, but the user needs custom scripts: http://www.linuxquestions.org/questions/slackware-14/luks-encryption-swap-and-hibernate-627958/
Uses proprietary e-Capsule file system not exposed to the OS.
not technically part of FileVault, but provided by many versions of Mac OS X; can be enabled independently of FileVault
http://macmarshal.com/images/Documents/mm_wp_102.pdf{{dead link. (August 2017)
"Use FileVault to encrypt the startup disk on your Mac".
mdconfig(8)] utility.
(September 2004). "Control Break International Debuts SafeBoot Version 4.27".
http://www.openbsd.org/plus38.html OpenBSD 3.8 change notes
however, [http://www.truecrypt.org/future not Windows UEFI-based computers with a GUID partition table (GPT)]
[[IEEE P1619#LRW issue. LRW_issue]]
Containers created with ArchiCrypt Live version 5 use LRW
"New features in BestCrypt version 8". Jetico.
"New features in version 2". Jetico.
Niels Fergusson. (August 2006). "AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista". [[Microsoft]].
(2006-03-11). "man 4 cgd in NetBSD-current". NetBSD current manual page on CGD.
Containers created with TrueCrypt versions 1.0 through 4.0 use CBC.
Containers created with TrueCrypt versions 4.1 through 4.3a use LRW, and support CBC for opening legacy containers only.
Containers created with CipherShed or TrueCrypt versions 5.0+ use XTS, and support LRW/CBC for opening legacy containers only.
"CIBLE DE SECURITE CRITERES COMMUNS NIVEAU EAL3+".
Starting with Linux kernel version 2.6.20, CryptoAPI supports the LRW mode: https://lwn.net/Articles/213650/
"OS X Lion: About FileVault 2".
"Linux/BSD disk encryption comparison".
For Scramdisk containers
For TrueCrypt 4 containers
For TrueCrypt 5 and 6 containers
"'CVS: cvs.openbsd.org: src' - MARC".
Containers created with TrueCrypt versions 5.0 or later use XTS, and support LRW/CBC for opening legacy containers only.
and
[[Jacob Appelbaum]]. "Modern Disk Encryption Systems".

Info: Wikipedia Source

This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page.

disk-encryption security-software-comparisons cryptographic-software cryptography-lists-and-comparisons

Want to explore this topic further?

Ask Mako anything about Comparison of disk encryption software — get instant answers, deeper analysis, and related topics.

Research with Mako

Free with your Surf account

Content sourced from Wikipedia, available under CC BY-SA 4.0.

This content may have been generated or modified by AI. CloudSurf Software LLC is not responsible for the accuracy, completeness, or reliability of AI-generated content. Always verify important information from primary sources.

Report