Crypto Wiki
Advertisement

This is a technical feature comparison of different disk encryption software.

Background information[]

Name Developer First released Licensing Maintained?
Template:Rh| ArchiCrypt Live Softwaredevelopment Remus ArchiCrypt 1998 Template:Proprietary Template:Yes
Template:Rh| BestCrypt Jetico 1993[1] Template:Proprietary Template:Yes
Template:Rh| BitArmor DataControl BitArmor Systems Inc. May 2008 Template:Proprietary Template:Yes
Template:Rh| BitLocker Drive Encryption Microsoft 2006 Template:Proprietary Template:Yes
Template:Rh| Bloombase Keyparc Bloombase 2007 Template:Proprietary Template:Yes
Template:Rh| CGD Roland C. Dowdeswell 2002-10-04[2] Template:Free Template:Yes
Template:Rh| CenterTools DriveLock CenterTools 2008 Template:Proprietary Template:Yes
Template:Rh| Check Point Full Disk Encryption Check Point Software Technologies Ltd 1999[3][4][5] Template:Proprietary Template:Yes
Template:Rh| CrossCrypt Steven Scherrer 2004-02-10[6] Template:Free Template:No
Template:Rh| Cryptainer Cypherix (Secure-Soft India) Template:? Template:Proprietary Template:Yes
Template:Rh| CryptArchiver WinEncrypt Template:? Template:Proprietary Template:Yes
Template:Rh| cryptoloop Template:? 2003-07-02[7] Template:Free Template:No
Template:Rh| cryptoMill SEAhawk Template:Proprietary Template:Yes
Template:Rh| Discryptor Cosect Ltd. 2008 Template:Proprietary Template:Yes
Template:Rh| DiskCryptor ntldr 2007 Template:Free Template:Yes
Template:Rh| DISK Protect Becrypt Ltd 2001 Template:Proprietary Template:Yes
Template:Rh| dm-crypt/cryptsetup Christophe Saout 2004-03-11[8] Template:Free Template:Yes
Template:Rh| dm-crypt/LUKS Clemens Fruhwirth (LUKS) 2005-02-05[9] Template:Free Template:Yes
Template:Rh| DriveCrypt SecurStar GmbH 2001 Template:Proprietary Template:Yes
Template:Rh| DriveSentry GoAnywhere 2 DriveSentry 2008 Template:Proprietary Template:Yes
Template:Rh| E4M Paul Le Roux 1998-12-18[10] Template:Free Template:No
Template:Rh| e-Capsule Private Safe EISST Ltd. 2005 Template:Proprietary Template:Yes
Template:Rh| eCryptfs Dustin Kirkland, Tyler Hicks, (formerly Mike Halcrow) 2005[11] Template:Free Template:Yes
Template:Rh| FileVault Apple Inc. 2003-10-24 Template:Proprietary Template:Yes
Template:Rh| FinallySecure Enterprise SECUDE 2006 Template:Proprietary Template:Yes
Template:Rh| FREE CompuSec CE-Infosys 2002 Template:Proprietary Template:Yes
Template:Rh| FreeOTFE Sarah Dean 2004-10-10[12] Template:Free Template:Yes
Template:Rh| GBDE Poul-Henning Kamp 2002-10-19[13] Template:Free Template:Yes
Template:Rh| GELI Pawel Jakub Dawidek 2005-04-11[14] Template:Free Template:Yes
Template:Rh| KryptOS The MorphOS Development Team 2010 Template:Proprietary Template:Yes
Template:Rh| loop-AES Jari Ruusu 2001-04-11 Template:Free Template:Yes
Template:Rh| n-Crypt Pro n-Trance Security Ltd 2005 Template:Proprietary Template:Yes
Template:Rh| PGPDisk PGP Corporation 1998-09-01[15] Template:Proprietary Template:Yes
Template:Rh| Private Disk Dekart 1993[16] Template:Proprietary Template:Yes
Template:Rh| R-Crypto R-Tools Technology Inc 2008 Template:Proprietary Template:Yes
Template:Rh| McAfee Endpoint Encryption (SafeBoot) McAfee, Inc. 2007[17] Template:Proprietary Template:Yes
Template:Rh| SafeGuard Easy Sophos (Utimaco) 1993[18] Template:Proprietary Template:Yes
Template:Rh| SafeGuard Enterprise Sophos (Utimaco) 2007[19] Template:Proprietary Template:Yes
Template:Rh| SafeGuard PrivateDisk
Sophos (Utimaco)[20] 2000 Template:Proprietary Template:Yes
Template:Rh| SafeHouse Professional PC Dynamics, Inc. 1992 Template:Proprietary Template:Yes
Template:Rh| Scramdisk Shaun Hollingworth 1997-07-01 Template:Free Template:No
Template:Rh| Scramdisk 4 Linux Hans-Ulrich Juettner 2005-08-06[21] Template:Free Template:Yes
Template:Rh| SecuBox Aiko Solutions 2007-02-19 Template:Proprietary Template:Yes
Template:Rh| SECUDE Secure Notebook SECUDE 2003 Template:Proprietary Template:Yes
Template:Rh| SecureDoc WinMagic Inc. 1997 Template:Proprietary Template:Yes
Template:Rh| Sentry 2020 SoftWinter 1998[22] Template:Proprietary Template:Yes
Template:Rh| softraid / RAID C OpenBSD 2007-11-01[23] Template:Free Template:Yes
Template:Rh| SpyProof! Information Security Corp. 2002 Template:Proprietary Template:Yes
Template:Rh| svnd / vnconfig OpenBSD 2000-12-01[24] Template:Free Template:Yes
Template:Rh| Symantec Endpoint Encryption Symantec Corporation 2008 Template:Proprietary Template:Yes
Template:Rh| TrueCrypt TrueCrypt Foundation 2004-02-02[25] Template:Free Template:Yes
Template:Rh| Aloaha Secure Stick Aloaha 2008 Template:Proprietary Template:Yes
Template:Rh| Name Template:Rh| Developer Template:Rh| First released Template:Rh| Licensing Template:Rh| Maintained?

Operating systems[]

Name Windows NT-based Pre-Windows NT Windows Mobile/Pocket PC FreeBSD Linux Mac OS NetBSD OpenBSD
Template:Rh| ArchiCrypt Live Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| BestCrypt Template:Yes Template:No Template:No Template:No Template:Yes Template:No Template:No Template:No
Template:Rh| BitArmor DataControl Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| BitLocker Drive Encryption Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| Bloombase Keyparc Template:Yes Template:Yes Template:No Template:No Template:Yes Template:Yes Template:No Template:No
Template:Rh| CenterTools DriveLock Template:Yes Template:No Template:No Template:No Template:No Template:No Template:Yes Template:No
Template:Rh| CGD Template:No Template:No Template:No Template:No Template:No Template:No Template:Yes Template:No
Template:Rh| Check Point Full Disk Encryption Template:Yes Template:No Template:Yes Template:No Template:Yes Template:Yes Template:No Template:No
Template:Rh| CrossCrypt Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| Cryptainer Template:Yes Template:No Template:Yes[26] Template:No Template:No Template:No Template:No Template:No
Template:Rh| CryptArchiver Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| cryptoloop Template:Yes[27] Template:No Template:No Template:No Template:Yes Template:No Template:No Template:No
Template:Rh| Discryptor Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| DiskCryptor Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| DISK Protect Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| dm-crypt/cryptsetup Template:Yes[27] Template:No Template:No Template:No Template:Yes Template:No Template:No Template:No
Template:Rh| dm-crypt/LUKS Template:Yes[27] Template:No Template:Yes[28] Template:No Template:Yes Template:No Template:No Template:No
Template:Rh| DriveCrypt Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| DriveSentry GoAnywhere 2 Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| E4M Template:Yes Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| e-Capsule Private Safe Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| eCryptfs Template:No Template:No Template:No Template:No Template:Yes Template:No Template:No Template:No
Template:Rh| FileVault Template:No Template:No Template:No Template:No Template:No Template:Yes Template:No Template:No
Template:Rh| FREE CompuSec Template:Yes Template:No Template:No Template:No Template:Yes Template:No Template:No Template:No
Template:Rh| FreeOTFE Template:Yes Template:No Template:Yes Template:No Template:No[29] Template:No Template:No Template:No
Template:Rh| GBDE Template:No Template:No Template:No Template:Yes Template:No Template:No Template:No Template:No
Template:Rh| GELI Template:No Template:No Template:No Template:Yes Template:No Template:No Template:No Template:No
Template:Rh| loop-AES Template:No Template:No Template:No Template:No Template:Yes Template:No Template:No Template:No
Template:Rh| n-Crypt Pro Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| PGPDisk Template:Yes Template:No Template:No Template:No Template:No Template:Yes Template:No Template:No
Template:Rh| Private Disk Template:Yes Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| R-Crypto Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| McAfee Endpoint Encryption (SafeBoot) Template:Yes Template:No Template:Yes[30] Template:No Template:No Template:No Template:No Template:No
Template:Rh| SafeGuard Easy Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| SafeGuard Enterprise Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| SafeGuard PrivateDisk Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| SafeHouse Professional Template:Yes Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| Scramdisk Template:Yes Template:Yes Template:No Template:No Template:Yes Template:No Template:No Template:No
Template:Rh| Scramdisk 4 Linux Template:No Template:No Template:No Template:No Template:Yes Template:No Template:No Template:No
Template:Rh| SecuBox Template:No Template:No Template:Yes Template:No Template:No Template:No Template:No Template:No
Template:Rh| FinallySecure Enterprise (SECUDE) Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| SecureDoc Template:Yes Template:No Template:No Template:No Template:Yes Template:Yes Template:No Template:No
Template:Rh| Sentry 2020 Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| softraid / RAID C Template:No Template:No Template:No Template:No Template:No Template:No Template:No Template:Yes
Template:Rh| SpyProof! Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| svnd / vnconfig Template:No Template:No Template:No Template:No Template:No Template:No Template:No Template:Yes
Template:Rh| Symantec Endpoint Encryption Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Template:Rh| TrueCrypt Template:Yes Template:No Template:No Template:No[31] Template:Yes Template:Yes Template:No Template:No
Template:Rh| Aloaha Secure Stick Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:No
Name Windows NT-based Pre-Windows NT Windows Mobile/Pocket PC FreeBSD Linux Mac OS NetBSD OpenBSD

Features[]

  • Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established)[32] can be created for deniable encryption. Note that some modes of operation like CBC with a plain IV can be more prone to watermarking attacks than others.
  • Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk.
  • Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications.
  • Multiple keys: Whether an encrypted volume can have more than one active key.
  • Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2.
  • Hardware acceleration: Whether dedicated cryptography acceleration extension cards can be taken advantage of.
  • Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor.
  • Two-factor authentication: Whether optional security tokens (hardware security modules, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11)
Name Hidden containers Pre-boot authentication Custom authentication Multiple keys Passphrase strengthening Hardware acceleration TPM Filesystems Two-factor authentication
BestCrypt Template:Yes Template:Yes Template:No Template:Yes[33] Template:Yes Template:No Template:No Template:Yes Template:Yes[34]
BitArmor DataControl Template:No Template:Yes Template:No Template:Yes Template:Yes Template:No Template:No Template:Yes Template:No
BitLocker Drive Encryption Template:No Template:Yes
(With PIN or USB key)[35]
Template:Yes[36] Template:Yes[35]
Template:Yes
(Recovery keys only)
Template:No Template:Yes[35] Template:Yes Template:R Template:Yes Template:R
Bloombase Keyparc Template:No Template:No Template:Yes Template:Yes Template:Yes Template:Yes Template:No Template:? Template:?
CGD Template:No Template:No Template:Yes[37] Template:Yes[38] Template:Yes[37] Template:No Template:No Template:Yes Template:Yes[37]
CenterTools DriveLock Template:No Template:Yes Template:No Template:No Template:Yes Template:No Template:No Template:Yes Template:Yes
Checkpoint Full Disk Encryption Template:? Template:Yes Template:Yes Template:Yes Template:Yes Template:? Template:Yes[39] Template:? Template:Yes
CrossCrypt Template:No Template:No Template:No Template:No Template:No Template:No Template:No Template:? Template:No
CryptArchiver Template:No Template:No Template:No Template:No Template:? Template:No Template:No Template:? Template:?
cryptoloop Template:No Template:Yes[40] Template:Yes Template:No Template:No Template:YesTemplate:Citation needed Template:No Template:Yes Template:?
DiskCryptor Template:No Template:Yes Template:Yes Template:No Template:Yes Template:Yes[41] Template:No Template:Yes Template:Yes[41]
DISK Protect Template:? Template:Yes[42] Template:? Template:Yes[42] Template:? Template:? Template:No Template:? Template:?
dm-crypt/cryptsetup Template:No Template:Yes[40] Template:Yes Template:No Template:No Template:Yes Template:No Template:Yes Template:No
dm-crypt/LUKS Template:No Template:Yes[40] Template:Yes Template:Yes Template:Yes Template:Yes Template:No Template:Yes Template:Yes
DriveCrypt Template:Yes[43] Template:Yes Template:No Template:Yes Template:Yes Template:No Template:No Template:? Template:Yes
DriveSentry GoAnywhere 2 Template:No Template:No Template:Yes Template:No Template:Yes Template:No Template:? Template:Yes Template:Yes
E4M Template:No Template:No Template:No Template:No Template:? Template:No Template:No Template:? Template:No
e-Capsule Private Safe Template:Yes[44] Template:No Template:No Template:Yes[44] Template:No Template:Yes Template:No Template:? Template:?
eCryptfs Template:No Template:No Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes
FileVault Template:No Template:No Template:No Template:Partial[45] Template:Yes[45] Template:No Template:No Template:? Template:?
FREE CompuSec Template:No Template:Yes Template:No Template:No Template:No Template:No Template:No Template:Yes Template:No
FreeOTFE Template:Yes Template:No Template:Yes[46] Template:Yes[47] Template:Yes Template:No Template:No Template:Yes Template:Yes
GBDE Template:No Template:No[48] Template:Yes Template:Yes[49] Template:No[49] Template:No[48] Template:No Template:Yes Template:Yes
GELI Template:No Template:Yes[48] Template:Yes Template:Yes[50] Template:Yes[50] Template:Yes[48] Template:No Template:Yes Template:Yes
GuardianEdge Hard Disk Encryption Template:No Template:Yes Template:Yes Template:Yes Template:Yes Template:No Template:No Template:Yes Template:Yes
loop-AES Template:No Template:Yes[51] Template:Yes[51] Template:Yes[51] Template:Yes[51] Template:Yes[51] Template:No Template:Yes Template:No
n-Crypt Pro Template:No Template:No Template:No Template:No Template:N/a[52] Template:No Template:No Template:? Template:?
PGPDisk Template:No Template:Yes[53] Template:? Template:Yes Template:Yes[54] Template:? Template:Yes Template:? Template:Yes
Private Disk Template:No Template:No Template:No Template:Yes Template:Yes Template:No Template:No Template:Yes Template:Yes
R-Crypto Template:? Template:No Template:? Template:? Template:? Template:? Template:? Template:Yes Template:?
McAfee Endpoint Encryption Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes[55] Template:Yes Template:Yes Template:Yes
SafeGuard Easy Template:No Template:Yes Template:No Template:Yes Template:Yes Template:No Template:Yes[56] Template:Yes Template:Yes
SafeGuard Enterprise Template:No Template:Yes Template:No Template:Yes Template:Yes Template:No Template:Yes[57] Template:Yes Template:Yes
SafeGuard PrivateDisk Template:No Template:No Template:No Template:Yes Template:Yes Template:No Template:Yes[39] Template:Yes Template:Yes
SafeHouse Professional Template:No Template:No Template:Yes Template:Yes Template:Yes Template:No Template:No Template:Yes Template:Yes
Scramdisk Template:Yes Template:No Template:No Template:No Template:No Template:No Template:No Template:? Template:Yes
Scramdisk 4 Linux Template:Yes[58] Template:No Template:No Template:No Template:Yes[58] Template:No Template:No Template:Yes Template:No
SecuBox Template:No Template:No Template:No Template:No Template:Yes Template:No Template:No Template:? Template:No
FinallySecure Enterprise (SECUDE) Template:No Template:Yes Template:Yes Template:No Template:Yes Template:No Template:Yes Template:? Template:Yes
SecureDoc Template:No Template:Yes[59] Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes Template:? Template:Yes
Sentry 2020 Template:No Template:No Template:No Template:No Template:No Template:No Template:No Template:? Template:No
softraid / RAID C Template:No Template:No Template:? Template:? Template:? Template:Yes Template:? Template:Yes Template:?
svnd / vnconfig Template:No Template:No Template:No Template:No Template:Yes (optional by using -K) [60] Template:Yes Template:? Template:Yes Template:?
Symantec Endpoint Encryption Template:No Template:Yes Template:Yes Template:Yes Template:Yes Template:No Template:No Template:Yes Template:Yes
TrueCrypt Template:Yes
(limited to one per
"outer" container)
Template:Partial[61] Template:No Template:No[62] Template:Yes Template:Yes Template:No Template:Yes Template:Yes
Aloaha Secure Stick Template:Yes Template:No Template:Yes Template:Yes Template:No Template:No Template:No Template:Yes Template:Yes
Name Hidden containers Pre-boot authentication Custom authentication Multiple keys Passphrase strengthening Hardware acceleration TPM Filesystems Two-factor authentication
  1. Template:Cite web
  2. Template:Cite web
  3. Original release as Protect Data Security Inc.'s "Protect!Template:Rh|"Template:Cite web Template:Dead link
  4. Company and product name change to Pointsec Template:Cite web
  5. Template:Cite web
  6. Template:Cite web
  7. Initial cryptoloop patches for the Linux 2.5 development kernel: http://uwsg.iu.edu/hypermail/linux/kernel/0307.0/0348.html
  8. dm-crypt was first included in Linux kernel version 2.6.4: http://lwn.net/Articles/75404/
  9. Template:Cite web
  10. Template:Cite web).
  11. Template:Cite web
  12. Template:Cite web
  13. Template:Cite web
  14. Template:Cite web
  15. Template:Cite newsgroup
  16. Template:Cite web
  17. Template:Cite web
  18. Template:Cite web
  19. Template:Cite web
  20. Rebranded as ThinkVantage Client Security Template:Cite web
  21. Template:Cite web
  22. Template:Cite web
  23. OpenBSD 4.2 change notes
  24. OpenBSD 2.8 change notes
  25. TrueCrypt version history
  26. [1] PocketPC freeware release- SmartPhone beta available
  27. 27.0 27.1 27.2 [2] FreeOTFE supports cryptoloop, dm-crypt/cryptsetup, and dm-crypt/LUKS volumes
  28. [3] FreeOTFE4PDA supports dm-crypt/LUKS volumes
  29. [4] Supports Linux volumes
  30. Template:Cite web
  31. [5] Although TrueCrypt can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when TrueCrypt is attempted to be used
  32. [6] Hidden containers description from Jetico (BestCrypt)
  33. Supported by the BestCrypt container format; see BestCrypt SDK
  34. Supported by the BestCrypt Volume Encryption software
  35. 35.0 35.1 35.2 Template:Cite web
  36. BitLocker Drive Encryption: Value Add Extensibility Options
  37. 37.0 37.1 37.2 Template:Cite paper
  38. Template:Cite web
  39. 39.0 39.1 Template:Cite web
  40. 40.0 40.1 40.2 dm-crypt and cryptoloop volumes can be mounted from the initrd before the system is booted
  41. 41.0 41.1 Template:Cite web
  42. 42.0 42.1 Template:Cite web
  43. Template:Cite web
  44. 44.0 44.1 Template:Cite web
  45. 45.0 45.1 Template:Cite paper
  46. FreeOTFE has a modular architecture and set of components to allow 3rd party integration
  47. FreeOTFE allows multiple keys to mount the same container file via encrypted keyfiles
  48. 48.0 48.1 48.2 48.3 Template:Cite web
  49. 49.0 49.1 Template:Cite paper
  50. 50.0 50.1 Template:Cite web
  51. 51.0 51.1 51.2 51.3 51.4 Template:Cite web
  52. n-Crypt Pro does not use password authentication— biometric/USB dongle authentication only
  53. Template:Cite web
  54. PGP private keys are always protected by strengthened passphrases
  55. Template:Cite web
  56. Template:Cite web
  57. Template:Cite web
  58. 58.0 58.1 For Truecrypt containers
  59. Template:Cite web
  60. http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8 OpenBSD Manual Pages: vnconfig(8)
  61. http://www.truecrypt.org/docs/sys-encryption-supported-os.php
  62. Although each volume encrypted with TrueCrypt can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (cf. TrueCrypt FAQ: Is there a way for an administrator to reset a password when a user forgets it?)

Layering[]

Template:Details

  • Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to "pre-boot authentication" in the features comparison table.
  • Partition: Whether individual disk partitions can be encrypted.
  • File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices).
  • Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly.
  • Hibernation file: Whether the hibernation file is encrypted (if hibernation is supported).
Name Whole disk Partition File Swap space Hibernation file
ArchiCrypt Live Template:Yes
(except for the boot volume)
Template:Yes Template:Yes Template:No Template:No
BestCrypt Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes[1]
BitArmor DataControl Template:No Template:Yes Template:No Template:Yes Template:Yes
BitLocker Drive Encryption Template:Yes
(except for the boot volume)
Template:Yes Template:No Template:Yes
(parent volume is encrypted)
Template:Yes
(parent volume is encrypted)
Bloombase Keyparc Template:Yes Template:Yes Template:Yes Template:Yes Template:No
CenterTools DriveLock Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes
CGD Template:Yes Template:Yes Template:Yes[2] Template:Yes Template:No
Check Point Full Disk Encryption Template:Yes Template:Yes Template:? Template:Yes Template:Yes
CrossCrypt Template:No Template:No Template:Yes Template:No Template:No
CryptArchiver Template:No Template:No Template:Yes Template:No Template:No
cryptoloop Template:Yes Template:Yes Template:Yes Template:Yes Template:No
DiskCryptor Template:Yes Template:Yes Template:No Template:Yes Template:Yes
dm-crypt Template:Yes Template:Yes Template:Yes[3] Template:Yes Template:Yes[4]
DriveCrypt Template:Yes Template:Yes[5] Template:Yes[5] Template:No Template:No
DriveSentry GoAnywhere 2 Template:No Template:Yes Template:Yes Template:No Template:No
E4M Template:No Template:Yes Template:Yes Template:No Template:No
e-Capsule Private Safe Template:No Template:No Template:Yes[6] Template:No Template:No
eCryptfs Template:No Template:No Template:Yes Template:No Template:No
FileVault Template:No Template:No Template:Yes[7] Template:Yes[7] Template:No
FREE CompuSec Template:Yes Template:No Template:Yes Template:Yes Template:Yes
FreeOTFE Template:Yes
(except for the boot volume)
Template:Yes Template:Yes Template:No Template:No
GBDE Template:Yes Template:Yes Template:Yes[8] Template:Yes Template:No
GELI Template:Yes Template:Yes Template:Yes[8] Template:Yes Template:No
GuardianEdge Hard Disk Encryption Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes
loop-AES Template:Yes Template:Yes[9] Template:Yes[9] Template:Yes[9] Template:No
n-Crypt Pro Template:Yes Template:Yes Template:Yes Template:No Template:No
PGPDisk Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes
Private Disk Template:No Template:No Template:Yes Template:No Template:No
R-Crypto Template:No Template:No Template:Yes Template:No Template:No
Safeboot Device Encryption
(Now McAfee Endpoint Encryption)
Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes[10]
SafeGuard Easy Template:Yes Template:Yes Template:No Template:Yes Template:Yes
SafeGuard Enterprise Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes
SafeGuard PrivateDisk Template:No Template:No Template:Yes Template:No Template:No
SafeHouse Professional Template:No Template:No Template:Yes Template:No Template:No
Scramdisk Template:No Template:Yes Template:Yes Template:No Template:No
Scramdisk 4 Linux Template:Yes Template:Yes Template:Yes Template:Yes Template:No
SecuBox Template:No Template:No Template:Yes Template:N/a Template:No
FinallySecure Enterprise (SECUDE) Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes
SecureDoc Template:Yes[11] Template:Yes Template:Yes Template:Yes Template:Yes
Sentry 2020 Template:No Template:No Template:Yes Template:No Template:No
softraid / RAID C Template:Yes Template:Yes Template:No Template:Yes (encrypted by default in OpenBSD)[12] Template:No
svnd / vnconfig Template:? Template:Yes Template:Yes Template:Yes (encrypted by default in OpenBSD) Template:?
SpyProof! Template:No Template:Yes Template:Yes Template:No Template:No
Symantec Endpoint Encryption Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes
TrueCrypt Template:Yes Template:Yes Template:Yes Template:Yes Template:Partial[13]
Aloaha Secure Stick Template:No Template:No Template:Yes Template:No Template:No
Name Whole disk Partition File Swap space Hibernation file

Modes of operation[]

Template:Details

Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.

  • CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks.
  • CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
  • CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details)
  • LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.[14]
  • XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWG (IEEE P1619) standard for disk encryption.
Name CBC w/ predictable IVs CBC w/ secret IVs CBC w/ random per-sector keys LRW XTS
ArchiCrypt Live Template:No Template:No Template:No Template:Partial [15] Template:Yes
BestCrypt Template:No Template:No Template:No Template:Yes[16] Template:Yes[17]
BitArmor DataControl Template:No Template:Yes Template:Yes Template:No Template:No
BitLocker Drive Encryption Template:No[18] Template:Yes[18] Template:No Template:No Template:No
Bloombase Keyparc Template:? Template:Yes Template:? Template:? Template:?
CGD Template:No Template:Yes[19] Template:No Template:No Template:No
CenterTools DriveLock Template:? Template:? Template:? Template:? Template:?
Check Point Full Disk Encryption Template:? Template:? Template:? Template:? Template:?
CrossCrypt Template:Yes Template:No Template:No Template:No Template:No
CryptArchiver Template:? Template:? Template:? Template:? Template:?
cryptoloop Template:Yes Template:No Template:No Template:No Template:No
DiskCryptor Template:No Template:No Template:No Template:No Template:Yes
dm-crypt Template:Yes Template:Yes Template:No Template:Yes[20] Template:Yes
DriveCrypt Template:? Template:? Template:? Template:? Template:?
DriveSentry GoAnywhere 2 Template:? Template:? Template:? Template:? Template:?
E4M Template:? Template:? Template:? Template:No Template:No
e-Capsule Private Safe Template:? Template:? Template:? Template:? Template:?
eCryptfs Template:No Template:Yes Template:? Template:No Template:No
FileVault Template:Yes[7] Template:No Template:No Template:No Template:No
FREE CompuSec Template:Yes Template:No Template:No Template:No Template:No
FreeOTFE Template:Yes Template:Yes Template:No Template:Yes Template:Yes
GBDE Template:No Template:No Template:Yes[21] Template:No Template:No
GELI Template:No Template:Yes[22] Template:No Template:No Template:Yes
GuardianEdge Hard Disk Encryption Template:No Template:No Template:Yes Template:No Template:No
loop-AES Template:Yes[9] Template:Yes[9] Template:No Template:No Template:No
n-Crypt Pro Template:? Template:? Template:No Template:No Template:No
PGPDisk Template:? Template:? Template:? Template:? Template:?
Private Disk Template:Yes Template:No Template:YesTemplate:Citation needed Template:No Template:No
R-Crypto Template:? Template:? Template:? Template:? Template:?
McAfee Endpoint Encryption for PC's (SafeBoot Device Encryption) Template:No Template:Yes Template:No Template:No Template:No
SafeGuard Easy Template:? Template:? Template:? Template:? Template:?
SafeGuard Enterprise Template:? Template:? Template:? Template:? Template:?
SafeGuard PrivateDisk Template:? Template:? Template:? Template:? Template:?
SafeHouse Professional Template:Yes Template:No Template:No Template:No Template:No
Scramdisk Template:No Template:Yes Template:No Template:No Template:No
Scramdisk 4 Linux Template:No Template:Yes[23] Template:No Template:Yes[24] Template:Yes[25]
SecuBox Template:Yes Template:No Template:No Template:No Template:No
FinallySecure Enterprise (SECUDE) Template:? Template:? Template:? Template:? Template:?
SecureDoc Template:? Template:? Template:? Template:? Template:?
Sentry 2020 Template:? Template:? Template:? Template:? Template:?
softraid / RAID C Template:? Template:? Template:? Template:? Template:Yes [26]
svnd / vnconfig Template:? Template:? Template:? Template:? Template:?
Symantec Endpoint Encryption Template:No Template:No Template:Yes Template:No Template:No
TrueCrypt Template:Partial [27] Template:No Template:No Template:Partial [28] Template:Yes [29]
Aloaha Secure Stick Template:No Template:No Template:No Template:Yes Template:Yes
Name CBC w/ predictable IVs CBC w/ secret IVs CBC w/ random per-sector keys LRW XTS

See also[]

Notes and references[]

  1. http://www.jetico.com/data-protection-encryption-bestcrypt-volume-encryption-enterprise/
  2. Cite error: Invalid <ref> tag; no text was provided for refs named cgd-paper
  3. dm-crypt can encrypt a file-based volume when used with the losetup utility included with all major Linux distributions
  4. yes, but the user needs custom scripts: http://www.linuxquestions.org/questions/slackware-14/luks-encryption-swap-and-hibernate-627958/
  5. 5.0 5.1 Cite error: Invalid <ref> tag; no text was provided for refs named drivecrypt
  6. Uses proprietary e-Capsule file system not exposed to the OS.
  7. 7.0 7.1 7.2 Cite error: Invalid <ref> tag; no text was provided for refs named nsa-vilefault
  8. 8.0 8.1 File-based volume encryption is possible when used with mdconfig(8) utility.
  9. 9.0 9.1 9.2 9.3 9.4 Cite error: Invalid <ref> tag; no text was provided for refs named loop-aes
  10. Template:Cite web
  11. Cite error: Invalid <ref> tag; no text was provided for refs named sdoc-faq
  12. http://www.openbsd.org/plus38.html OpenBSD 3.8 change notes
  13. Cite error: Invalid <ref> tag; no text was provided for refs named truecrypt.org
  14. LRW_issue
  15. Containers created with ArchiCrypt Live version 5 use LRW
  16. Template:Cite web
  17. Template:Cite web
  18. 18.0 18.1 Template:Cite paper
  19. Template:Cite web
  20. Starting with Linux kernel version 2.6.20, CryptoAPI supports the LRW mode: http://lwn.net/Articles/213650/
  21. Cite error: Invalid <ref> tag; no text was provided for refs named gbde-paper
  22. Template:Cite web
  23. For Scramdisk containers
  24. For Truecrypt 4 containers
  25. For Truecrypt 5 and 6 containers
  26. Commit enabling AES XTS
  27. Containers created with TrueCrypt versions 1.0 through 4.0 use CBC.
  28. Containers created with TrueCrypt versions 4.1 through 4.3a use LRW, and support CBC for opening legacy containers only.
  29. Containers created with TrueCrypt versions 5.0 or later use XTS, and support LRW/CBC for opening legacy containers only.


External links[]

id:Perbandingan perangkat lunak enkripsi cakram keras

Advertisement