Still working to recover. Please don't edit quite yet.

Difference between revisions of "hard disk encryption"

From Anarchopedia
Jump to: navigation, search
(Related)
 
(2 intermediate revisions by one other user not shown)
Line 1: Line 1:
See also: [[security]] | [[cryptography]] | [[Encrypting_Your|Encrypting Your...]] | [[Cryptography/Attacks]] | [[Undelete_Attack|Undelete Attack]]
+
See also: [[cryptography]] | [[Encrypting_Your|Encrypting Your...]] | [[Cryptography/Attacks]] | [[Undelete_Attack|Undelete Attack]]
  
[[AKA]]: Volume Encryption
+
AKA: Volume Encryption, transparent encryption, on-the-fly encryption (OTFE)
  
 
A secure container [[file]] on a disk, meant to hide [[information]] that, when opened with a [[password (computing)|password]], is treated as a separate disk (for instance the H:\ drive). This is preferable to normal file encryption as the operations of encryption and decryption are transparent to the user.
 
A secure container [[file]] on a disk, meant to hide [[information]] that, when opened with a [[password (computing)|password]], is treated as a separate disk (for instance the H:\ drive). This is preferable to normal file encryption as the operations of encryption and decryption are transparent to the user.
Line 18: Line 18:
 
= Software =
 
= Software =
  
 +
===Windows===
  
===[[Microsoft Windows|Windows]]===
+
# [http://www.jetico.com Bestcrypt] - proprietary program. Windows and Linux versions, very stable, doesn't appear to lose data over an extended period. Modules for all major encryption algorithms. Finland (not USA) origins.
 
+
# [http://www.scherrer.cc/crypt/ CrossCrypt] - [[free software|Free Software]], [[open source software|open-source]] implementation of [[AES]] and [[Twofish]] for Windows 2000/XP. Compatible with Linux AES/Twofish. Use either as a command-line based system, or download [http://www.sdean12.org/CrossCryptGUI.htm CrossCryptGUI], a [[GUI]] [[Front-End]] for it
 
+
# [http://www.cypherix.com/cryptainerle/index.htm Cyptainer LE] - easy-to-use, nag-free commercial software but with a size limit of 25 megs.
Recommended:
+
# [http://www.secureaction.com/cryptoexpert/std/ CryptoExpert 2004 PE] - A commercial disk encryption tool. A professional version also available.
# [[TrueCrypt]] [http://www.truecrypt.org] - Excellent software. [[free software|Free]], [[open source software|open source]], based on [http://www.woundedmoon.org/win32/e4m202a.html E4M]. Provides two-level [[deniable encryption|plausible deniability]] (including [http://www.truecrypt.org/hiddenvolume.php hidden volumes]). Encrypts partitions, devices (USB memory sticks, etc.) or creates encrypted file-hosted containers. Supports [[Microsoft Windows|Windows]] XP/2000/2003 and [[GNU/Linux]]. [[AES]]-256, [[Triple DES|Triple DES]], [[Twofish]], [[Serpent]], [[Blowfish]]-448, [[CAST]]5, and cascades of multiple [[algorithm]]s (e.g. AES + Twofish). Fast, reliable, and stable. [[infoAnarchy|iA]] testing shows this software to be the best free, open source program so far.
+
# [http://www.dekart.com/products/file_disk_encryption/private_disk/ Dekart Private Disk] - [[AES]] encryption, flexible and easy to use - Shareware - 95/98/ME/NT/2000/XP. Allows securing hard disks and USB flash disks, runs from USB disk with no host PC installation. Provides innovative Disk Firewall mechanism - protecting access to the encrypted disk application by application. Disk firewall allows creating a white list of applications allowed to access the encrypted disk making sure that no trojans or any spyware will harm the secured data.
# [http://www.cypherix.com/cryptainerle/index.htm Cyptainer LE] - easy-to-use, nag-free commercial software but with a size limit of 25 megs. Negatively, runs as a system service even when not enabled. Advanced users with administrative access may wish to set to the system service to "Manual" under "Control Panel - Administrative Tools - Services".
+
# [http://www.jetico.com Bestcrypt] - proprietary program similar to Truecrypt. Windows and Linux versions, very stable, doesn't appear to lose data over an extended period. Modules for all major encryption algorithms. [[Finland]] (not USA) origins.
+
# [http://www.utimaco.us/products/easy/ SafeGuard Easy] - Commercial versions for [[Windows]]. Encrypts the entire disk with pre-boot authentication
+
# [http://www.utimaco.us/products/privatedisk/ SafeGuard PrivateDisk] - Commercial versions for [[Windows]] Personal and Enterprise Edition (with centralized management for enterprise customers)
+
# [http://www.pgpi.org/products/pgpdisk/ PGP Disk 6.0.1] - A free but problematic program for [[Windows]] and [[Macintosh]] OS 8 and 9, taken from an old version of commercial [[PGP]]. Must install on an [[New Technology File System|NTFS]]-only format disk or may restrict users to the [[File Alocation Table|583d FAT]] file system and require short file names ([[FAT32]] will not work). If so, use [[file compression|zip]] files to avoid losing long file names.
+
# [http://www.scherrer.cc/crypt/ CrossCrypt] - [[free software|Free Software]], [[open source software|open-source]] implementation of [[AES]] and [[Twofish]] for [[Windows 2000|Windows 2000]]/[[Windows XP|XP]]. Compatible with Linux AES/Twofish. Requires some command-line interaction or download of a [[GUI]] [[Front-End]]: [http://www.sdean12.org/CrossCryptGUI.htm CrossCryptGUI]
+
# [http://www.freeotfe.org/ FreeOTFE] - [[Free_Software|Free Software]] similar to TrueCrypt, encrypts partitions, devices ([[USB]] memory sticks, etc.) or creates encrypted file-hosted containers. Supports "hidden" volumes. Supoprts backup of critical information needed to restore volumes. [[Linux]] compatibility (both Cryptoloop "losetup", and dm-crypt). Tested under Windows 2K/XP (should work with Windows 2003). Currently in [[Beta]].
+
# [http://www.woundedmoon.org/win32/e4m202a.html E4M] - Encryption for the Masses. [[Freeware]] product (no longer being developed) for [[Windows]] NT.
+
# [http://www.dekart.com/products/file_disk_encryption/private_disk/ Dekart Private Disk] - [[AES]] encryption, flexible and easy to use - Shareware - 95/98/ME/NT/2000/XP. Allows securing hard disks and USB flash disks, runs from USB disk with no host PC installation. Provides innovative Disk Firewall mechanism - protecting access to the encrypted disk application by application. Disk firewall allows creating a white list of applications allowed to access the encrypted disk making sure that no trojans or any spyware will harm the secured data. [http://www.dekart.com/howto/howto_disk_encryption/disk_firewall/ Encrypted Disk Firewall - additional protection of confidential information]
+
# [http://www.ritlabs.com/en/products/pd/ The Bat! Private Disk] - [[Shareware]], (appears to be the same or similar to Dekart Private Disk). [[AES]] on-the-fly encryption. Super fast, easy to use. Size Limit: 2[[/wiki/index.php?|GB]] for Windows 95/98/ME and up to 4[[/wiki/index.php?|TB]] for Windows NT/2000/XP. A Google search showed that this software has not been reviewed by any outside shareware service.
+
# [http://pgp.com/products/personal/index.html PGP Disk 8.0] - commercial version for [[Windows]] and [[OS_X|OS X]]
+
# [http://www.scramdisk.clara.net/ Scramdisk] (free for [[Windows_9x|Windows 9x]] but not the [[Windows_NT|Windows NT]] series ([[Windows_2000|2000]], [[Windows_XP|XP]], etc).
+
# [http://www.cs.auckland.ac.nz/~pgut001/sfs/ SFS] - Outdated, free, secure File System for [[DOS]]/[[Windows]]. Requires some configuration. Has not been updated since September of 1996.
+
 
# [http://www.drivecrypt.com/ DriveCrypt] - commercial software for Windows
 
# [http://www.drivecrypt.com/ DriveCrypt] - commercial software for Windows
# [http://www.secureaction.com/cryptoexpert/std/ CryptoExpert 2004 PE] - A highly-rated commercial disk encryption tool. A professional version also available.
+
# [http://www.woundedmoon.org/win32/e4m202a.html E4M] - Encryption for the Masses. [[Freeware]] product (no longer being developed) for Windows NT.
 +
# [http://www.FreeOTFE.org/ FreeOTFE] - [[free software|Free]], [[open source software|open source]] encrypts partitions, devices (USB memory sticks, etc.) or creates encrypted file-hosted containers. Provides two-level [[deniable encryption|plausible deniability]] (including [http://www.freeotfe.org/docs/plausible_deniability.htm hidden volumes]). Supoprts backup of critical information needed to restore volumes. Additionally supports [[Linux]] Cryptoloop "losetup", dm-crypt and LUKS volumes. Includes ''many'' different cypher and hash algorithms, including [[AES]], [[Twofish]], [[Serpent]], [[Blowfish]], etc. Highly flexible and easy to use. Allows the use of optional PKCS#11 standard tokens (e.g. Aladdin eToken and smartcards) Supports both Windows 2K/XP/2003/Vista and Windows Mobile/PocketPC PDAs
 +
# [http://pgp.com/products/personal/index.html PGP Disk 8.0] - commercial version for Windows and Mac OS X. [http://www.pgpi.org/products/pgpdisk/ PGP v6.0.1] includes PGPDisk for free
 +
# [http://www.utimaco.us/products/easy/ SafeGuard Easy] - Commercial versions for Windows. Encrypts the entire disk with pre-boot authentication
 +
# [http://www.utimaco.us/products/privatedisk/ SafeGuard PrivateDisk] - Commercial versions for Windows Personal and Enterprise Edition (with centralized management for enterprise customers)
 +
# [http://www.scramdisk.clara.net/ Scramdisk] - free for Windows 9x but not the Windows NT
 +
# [http://www.cs.auckland.ac.nz/~pgut001/sfs/ SFS] - Outdated, free, secure File System for DOS/Windows 3.1. Requires some configuration. Has not been updated since September of 1996.
 +
# [http://www.truecrypt.org TrueCrypt] - [[free software|Free]], [[open source software|open source]], based on the now obsolete [http://www.woundedmoon.org/win32/e4m202a.html E4M]. Provides two-level [[deniable encryption|plausible deniability]] (including [http://www.truecrypt.org/hiddenvolume.php hidden volumes]). Encrypts partitions, devices (USB memory sticks, etc.) or creates encrypted file-hosted containers. Supports [[Microsoft Windows|Windows]] XP/2000/2003 and [[GNU/Linux]]. [[AES]], [[Twofish]] and [[Serpent]] and some combinations of them.
 +
# [http://www.ritlabs.com/en/products/pd/ The Bat! Private Disk] - [[Shareware]], (appears to be the same or similar to Dekart Private Disk). [[AES]] on-the-fly encryption. Super fast, easy to use. Size Limit: 2[[/wiki/index.php?|GB]] for Windows 95/98/ME and up to 4[[/wiki/index.php?|TB]] for Windows NT/2000/XP.  
  
  
'''
+
===PDAs===
: '''Notes about Windows security:'''
+
:
+
# '''Native Folder Encryption''': Although [[Windows XP]] Professional and possibly some versions of [[Windows 2000]] provide folder encryption with [[New Technology File System|NTFS]] [[filesystem]]s, they should be considered only a very basic solution. The Window's native encryption is far easier to bypass than the software listed below. (See: [[Windows XP]].)
+
# Hard Disk Encryption is '''not the only solution''' to data security in Windows:
+
  
:
+
# [http://www.FreeOTFE.org/ FreeOTFE4PDA] - [[free software|Free]], [[open source software|open source]] creates encrypted file-hosted containers. Supports hidden volumes. Supoprts backup of critical information needed to restore volumes. Additionally supports [[Linux]] Cryptoloop "losetup", dm-crypt and LUKS volumes. A PC version available (FreeOTFE) which is fully compatible is also freely available
# One of the most important parts is clearing the [[/wiki/index.php?|pagefile]] on shutdown to delete information you only thought was located in your encrypted volumes. [http://www.tech-recipes.com/modules.php?name=Recipes&rx_id=12 Editing your registry] is one option and [http://www.xp-antispy.org/ XP-antispy] is another. Doing so may slow the shutdown process but but will also improve overall system speed.
+
# Software for cleaning up Windows entirely such as [http://www.webroot.com/products/windowwasher/ Window Washer] or [http://www.google.com/Top/Computers/Software/Shareware/Windows/Security/Internet/Cache_Tools/?il=1 other items].
+
  
  
# Also see [[file wipe]] for similar tools.
+
=== Mac OS ===
  
 +
# [http://www.pgpi.org/products/pgpdisk/ PGP Disk 6.0.1] - Free for Windows and Mac OS 8+, taken from an old version of commercial [[PGP]].
 +
# [http://pgp.com/products/personal/index.html PGP Disk 8.0] - commercial version for Windows and Mac OS X
  
=== [[Mac OS]] ===
+
Note: Mac OS X version 10.3+ allows for integrated encryption of one's home directory.
  
# [http://www.pgpi.org/products/pgpdisk/ PGP Disk 6.0.1] - Free for [[Windows]] and Mac OS 8+, taken from an old version of commercial [[PGP]].
 
# [http://pgp.com/products/personal/index.html PGP Disk 8.0] - commercial version for [[Windows]] and [[OS_X|OS X]]
 
  
 +
=== For UNIX-like systems ===
  
Note: [[S X]] version 10.3+ allows for integrated encryption of one's home directory.
 
 
=== For [[UNIX]]-like systems ===
 
 
# [http://www.truecrypt.org TrueCrypt] - Free, open-source, based on [http://www.woundedmoon.org/win32/e4m202a.html E4M]. Provides two-level [[Deniable_Encryption|plausible deniability]] (including [http://www.truecrypt.org/hiddenvolume.php hidden volumes]). Encrypts partitions, devices (USB memory sticks, etc.) or creates encrypted file-hosted containers. Supports [[Windows]] XP/2000/2003 and [[Linux]]. [[AES]]-256, [[Triple_DES|Triple DES]], [[Twofish]], [[/wiki/index.php?|Serpent]], [[Blowfish]]-448, [[/wiki/index.php?|CAST]]5, and cascades of multiple [[Algorithm|algorithms]] (e.g. AES + Twofish). Fast, reliable, and stable. iA testing shows this software to be the best [[Free|free]], [[Open_source|open source]] program so far.
 
# [http://www.crypto.com/software Crypto File System] (an encrypting [[File_system|file system]] for Unix-like OSs) -- The FS code dates back to 1989, and the crypto to 1992.
 
 
# [http://www.jetico.com Bestcrypt] - proprietary program, see description under Windows version.
 
# [http://www.jetico.com Bestcrypt] - proprietary program, see description under Windows version.
 +
# [http://www.netbsd.org/guide/en/chap-cgd.html cgd] - cryptographic device driver for NetBSD. Unlike other implementations, not vulnerable to dictionary attacks. [http://www.imrryr.org/~elric/cgd/cgd.pdf Here] is a extensive [[PDF]] article concerning CGD by the authors.
 
# [http://www.kerneli.org CryptoAPI] The GNU/Linux Crypto [[API]]
 
# [http://www.kerneli.org CryptoAPI] The GNU/Linux Crypto [[API]]
# [http://www.mcdonald.org.uk/StegFS StegFS] - a [[Stenography|steganographic]] [[Filesystems|file system]] for [[Linux]]. More than just [[Encryption|encryption]], also allows one to hide (parts of) data. Be aware that only using StegFS doesn't provide a secure hiding, additional precautions should be taken; see the [[FAQ]] on the site. Currently for Linux 2.2 only.
+
# [http://www.crypto.com/software Crypto File System] (an encrypting [[File_system|file system]] for Unix-like OSs) -- The FS code dates back to 1989, and the crypto to 1992.
# [http://www.tcfs.it TCFS] - Transparent Cryptographic File System is a [[Transparent|transparent]] filesystem for both transparent local and transparent network encryption. It is supported by [[Linux]] 2.0/2.2, [[NetBSD]] and [[OpenBSD]] -- Has not been updated since late 2002.
+
# [http://www.saout.de/misc/dm-crypt/ dm-crypt] - CryptoLoop's [http://kerneltrap.org/node/view/2433 successor]. For Linux.
 +
 
 
# [http://arg0.net/users/vgough/encfs.html EncFS] - User-space encrypted filesystem implementation for Linux 2.4 & 2.6. It has some advantages over other implementations, namely the dynamic size. Other (dis)advantages are stated on the homepage as well as a comparison between EncFS and other encrypted filesystem implementations on site.
 
# [http://arg0.net/users/vgough/encfs.html EncFS] - User-space encrypted filesystem implementation for Linux 2.4 & 2.6. It has some advantages over other implementations, namely the dynamic size. Other (dis)advantages are stated on the homepage as well as a comparison between EncFS and other encrypted filesystem implementations on site.
 +
# [http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html/ GEOM Based Disk Encryption (gbde)] FreeBSD encryption - encrypts the sector payload using 128-bit AES in CBC mode. Each sector on the disk is encrypted with a different AES key. gbde transparently encrypts entire file systems. Mounts just like another drive. View the FreeBSD handbook for instructions.
 
# [http://loop-aes.sourceforge.net/ Loop-AES] - Uses [[AES]] to encrypt [[/wiki/index.php?|partitions]] under [[Linux|GNU/Linux]]. Fairly simple and effective. No real homepage, so try [http://sourceforge.net/projects/loop-aes http://sourceforge.net/projects/loop-aes]
 
# [http://loop-aes.sourceforge.net/ Loop-AES] - Uses [[AES]] to encrypt [[/wiki/index.php?|partitions]] under [[Linux|GNU/Linux]]. Fairly simple and effective. No real homepage, so try [http://sourceforge.net/projects/loop-aes http://sourceforge.net/projects/loop-aes]
# [http://www.saout.de/misc/dm-crypt/ dm-crypt] - CryptoLoop's [http://kerneltrap.org/node/view/2433 successor]. For Linux.
+
# [http://www.mcdonald.org.uk/StegFS StegFS] - a [[Stenography|steganographic]] [[Filesystems|file system]] for [[Linux]]. More than just [[Encryption|encryption]], also allows one to hide (parts of) data. Be aware that only using StegFS doesn't provide a secure hiding, additional precautions should be taken; see the [[FAQ]] on the site. Currently for Linux 2.2 only.
# [http://www.netbsd.org/guide/en/chap-cgd.html cgd] - cryptographic device driver for NetBSD. Unlike other implementations, not vulnerable to dictionary attacks. [http://www.imrryr.org/~elric/cgd/cgd.pdf Here] is a extensive [[PDF]] article concerning CGD by the authors.
+
# [http://www.tcfs.it TCFS] - Transparent Cryptographic File System is a transparent filesystem for both transparent local and transparent network encryption. It is supported by [[Linux]] 2.0/2.2, NetBSD and OpenBSD -- Has not been updated since late 2002.
 +
# [http://www.truecrypt.org TrueCrypt] - see description under Windows version.
 +
# [http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html vnconfig] under OpenBSD to configure a [http://www.openbsd.org/cgi-bin/man.cgi?query=svnd&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html svnd] (pseudo-drive) encrypted with [[Blowfish]].
 
# [http://vncrypt.sourceforge.net/ vncrypt] - FreeBSD container encryption - Uses AES-Rijndael encryption in CBC mode. Utilizes FreeBSDs vnode pseudo disk device support. Is available through the ports collection.
 
# [http://vncrypt.sourceforge.net/ vncrypt] - FreeBSD container encryption - Uses AES-Rijndael encryption in CBC mode. Utilizes FreeBSDs vnode pseudo disk device support. Is available through the ports collection.
# [http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html/ GEOM Based Disk Encryption (gbde)] FreeBSD encryption - encrypts the sector payload using 128-bit AES in CBC mode. Each sector on the disk is encrypted with a different AES key. gbde transparently encrypts entire file systems. Mounts just like another drive. View the FreeBSD handbook for instructions.
+
 
# [http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html vnconfig] under [[OpenBSD]] to configure a [http://www.openbsd.org/cgi-bin/man.cgi?query=svnd&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html svnd] (pseudo-drive) encrypted with [[Blowfish]].
+
 
 +
=Notes about Windows security=
 +
 
 +
# '''Native Folder Encryption''': Although Windows XP Professional and possibly some versions of Windows 2000 provide folder encryption with [[New Technology File System|NTFS]] [[filesystem]]s, they should be considered only a very basic solution. The Window's native encryption is far easier to bypass than the software listed below.
 +
# Hard Disk Encryption is '''not the only solution''' to data security in Windows:
 +
## One of the most important parts is clearing the [[/wiki/index.php?|pagefile]] on shutdown to delete information you only thought was located in your encrypted volumes. [http://www.tech-recipes.com/modules.php?name=Recipes&rx_id=12 Editing your registry] is one option and [http://www.xp-antispy.org/ XP-antispy] is another. Doing so may slow the shutdown process but but will also improve overall system speed.
 +
## Software for cleaning up Windows entirely such as [http://www.webroot.com/products/windowwasher/ Window Washer] or [http://www.google.com/Top/Computers/Software/Shareware/Windows/Security/Internet/Cache_Tools/?il=1 other items].
 +
 
 +
Also see [[file wipe]] for similar tools.
  
  
 
= Related =
 
= Related =
 +
# [[FreeOTFE]]
 
# [[steganography]]
 
# [[steganography]]
 
# [[file wipe]]
 
# [[file wipe]]
 
  
 
= Related Links =
 
= Related Links =

Latest revision as of 09:05, 20 January 2009

See also: cryptography | Encrypting Your... | Cryptography/Attacks | Undelete Attack

AKA: Volume Encryption, transparent encryption, on-the-fly encryption (OTFE)

A secure container file on a disk, meant to hide information that, when opened with a password, is treated as a separate disk (for instance the H:\ drive). This is preferable to normal file encryption as the operations of encryption and decryption are transparent to the user.

This software is popular on laptops, which are often stolen and can carry sensitive financial information.

How it works[edit]

Hard Disk Encryption programs run a memory-resident program is in the background, acting as an interpreter between the container file and the rest of the computer. Without the memory resident program and password, the file is indistiguishable from random data.

If the program is shut down, hard drive is removed suddenly, or system turned off, the volume is secure depending on the underlying filesystem. These days, filesystems support journaling and atomic writes hence this is of little concern.

Most implementations are vulnerable to dictionary attacks though. Also, if the source is not open, one is arguably more vulnerable because it is not known to the public how the program exactly works. It could be backdoored.

Software[edit]

Windows[edit]

  1. Bestcrypt - proprietary program. Windows and Linux versions, very stable, doesn't appear to lose data over an extended period. Modules for all major encryption algorithms. Finland (not USA) origins.
  2. CrossCrypt - Free Software, open-source implementation of AES and Twofish for Windows 2000/XP. Compatible with Linux AES/Twofish. Use either as a command-line based system, or download CrossCryptGUI, a GUI Front-End for it
  3. Cyptainer LE - easy-to-use, nag-free commercial software but with a size limit of 25 megs.
  4. CryptoExpert 2004 PE - A commercial disk encryption tool. A professional version also available.
  5. Dekart Private Disk - AES encryption, flexible and easy to use - Shareware - 95/98/ME/NT/2000/XP. Allows securing hard disks and USB flash disks, runs from USB disk with no host PC installation. Provides innovative Disk Firewall mechanism - protecting access to the encrypted disk application by application. Disk firewall allows creating a white list of applications allowed to access the encrypted disk making sure that no trojans or any spyware will harm the secured data.
  6. DriveCrypt - commercial software for Windows
  7. E4M - Encryption for the Masses. Freeware product (no longer being developed) for Windows NT.
  8. FreeOTFE - Free, open source encrypts partitions, devices (USB memory sticks, etc.) or creates encrypted file-hosted containers. Provides two-level plausible deniability (including hidden volumes). Supoprts backup of critical information needed to restore volumes. Additionally supports Linux Cryptoloop "losetup", dm-crypt and LUKS volumes. Includes many different cypher and hash algorithms, including AES, Twofish, Serpent, Blowfish, etc. Highly flexible and easy to use. Allows the use of optional PKCS#11 standard tokens (e.g. Aladdin eToken and smartcards) Supports both Windows 2K/XP/2003/Vista and Windows Mobile/PocketPC PDAs
  9. PGP Disk 8.0 - commercial version for Windows and Mac OS X. PGP v6.0.1 includes PGPDisk for free
  10. SafeGuard Easy - Commercial versions for Windows. Encrypts the entire disk with pre-boot authentication
  11. SafeGuard PrivateDisk - Commercial versions for Windows Personal and Enterprise Edition (with centralized management for enterprise customers)
  12. Scramdisk - free for Windows 9x but not the Windows NT
  13. SFS - Outdated, free, secure File System for DOS/Windows 3.1. Requires some configuration. Has not been updated since September of 1996.
  14. TrueCrypt - Free, open source, based on the now obsolete E4M. Provides two-level plausible deniability (including hidden volumes). Encrypts partitions, devices (USB memory sticks, etc.) or creates encrypted file-hosted containers. Supports Windows XP/2000/2003 and GNU/Linux. AES, Twofish and Serpent and some combinations of them.
  15. The Bat! Private Disk - Shareware, (appears to be the same or similar to Dekart Private Disk). AES on-the-fly encryption. Super fast, easy to use. Size Limit: 2GB for Windows 95/98/ME and up to 4TB for Windows NT/2000/XP.


PDAs[edit]

  1. FreeOTFE4PDA - Free, open source creates encrypted file-hosted containers. Supports hidden volumes. Supoprts backup of critical information needed to restore volumes. Additionally supports Linux Cryptoloop "losetup", dm-crypt and LUKS volumes. A PC version available (FreeOTFE) which is fully compatible is also freely available


Mac OS[edit]

  1. PGP Disk 6.0.1 - Free for Windows and Mac OS 8+, taken from an old version of commercial PGP.
  2. PGP Disk 8.0 - commercial version for Windows and Mac OS X

Note: Mac OS X version 10.3+ allows for integrated encryption of one's home directory.


For UNIX-like systems[edit]

  1. Bestcrypt - proprietary program, see description under Windows version.
  2. cgd - cryptographic device driver for NetBSD. Unlike other implementations, not vulnerable to dictionary attacks. Here is a extensive PDF article concerning CGD by the authors.
  3. CryptoAPI The GNU/Linux Crypto API
  4. Crypto File System (an encrypting file system for Unix-like OSs) -- The FS code dates back to 1989, and the crypto to 1992.
  5. dm-crypt - CryptoLoop's successor. For Linux.
  1. EncFS - User-space encrypted filesystem implementation for Linux 2.4 & 2.6. It has some advantages over other implementations, namely the dynamic size. Other (dis)advantages are stated on the homepage as well as a comparison between EncFS and other encrypted filesystem implementations on site.
  2. GEOM Based Disk Encryption (gbde) FreeBSD encryption - encrypts the sector payload using 128-bit AES in CBC mode. Each sector on the disk is encrypted with a different AES key. gbde transparently encrypts entire file systems. Mounts just like another drive. View the FreeBSD handbook for instructions.
  3. Loop-AES - Uses AES to encrypt partitions under GNU/Linux. Fairly simple and effective. No real homepage, so try http://sourceforge.net/projects/loop-aes
  4. StegFS - a steganographic file system for Linux. More than just encryption, also allows one to hide (parts of) data. Be aware that only using StegFS doesn't provide a secure hiding, additional precautions should be taken; see the FAQ on the site. Currently for Linux 2.2 only.
  5. TCFS - Transparent Cryptographic File System is a transparent filesystem for both transparent local and transparent network encryption. It is supported by Linux 2.0/2.2, NetBSD and OpenBSD -- Has not been updated since late 2002.
  6. TrueCrypt - see description under Windows version.
  7. vnconfig under OpenBSD to configure a svnd (pseudo-drive) encrypted with Blowfish.
  8. vncrypt - FreeBSD container encryption - Uses AES-Rijndael encryption in CBC mode. Utilizes FreeBSDs vnode pseudo disk device support. Is available through the ports collection.


Notes about Windows security[edit]

  1. Native Folder Encryption: Although Windows XP Professional and possibly some versions of Windows 2000 provide folder encryption with NTFS filesystems, they should be considered only a very basic solution. The Window's native encryption is far easier to bypass than the software listed below.
  2. Hard Disk Encryption is not the only solution to data security in Windows:
    1. One of the most important parts is clearing the pagefile on shutdown to delete information you only thought was located in your encrypted volumes. Editing your registry is one option and XP-antispy is another. Doing so may slow the shutdown process but but will also improve overall system speed.
    2. Software for cleaning up Windows entirely such as Window Washer or other items.

Also see file wipe for similar tools.


Related[edit]

  1. FreeOTFE
  2. steganography
  3. file wipe

Related Links[edit]

  1. Open Directory Project - Hard Disk Encryption
  2. Several papers about CryptFS. Dated from '92 till '03.
  3. Encrypted Root Filesystem HOWTO: using strong encryption to secure your root filesystem on Linux.
This article is based on a public domain infoAnarchy article: Hard_Disk_Encryption iA