Comparison of disk encryption software
This is a technical feature comparison of different disk encryption software.
Background information
| Name | Developer | First released | Licensing | Operating system support | Maintained? |
|---|---|---|---|---|---|
| ArchiCrypt Live | Softwaredevelopment Remus ArchiCrypt | 1998 | Commercial, closed source |
Windows NT-based, Windows 2000, Windows XP, Windows Vista | Yes |
| BestCrypt | Jetico | 1993[1] | Commercial, limited source code | Linux 2.6, Windows NT-based, Windows 9x, Windows 3.1, MS-DOS | Yes |
| BitArmor DataControl | BitArmor Systems Inc. | May 2008 | Commercial, closed source |
Windows XP, Windows 2003 Server | Yes |
| BitLocker Drive Encryption | Microsoft | 2006 | Commercial, closed source |
Windows Vista Enterprise, Windows Vista Ultimate, Windows Server 2008 | Yes |
| CGD | Roland C. Dowdeswell | 2002-10-04[2] | Free, open source (BSD) | NetBSD 2.0+ | Yes |
| Check Point Full Disk Encryption | Check Point Software Technologies Ltd | 1999[3][4][5] | Commercial, closed source. |
Linux, Windows, Mac OS X | Yes |
| CrossCrypt | Steven Scherrer | 2004-02-10[6] | Free, open source (GPL) | Windows 2000, XP | Unmaintained |
| CryptArchiver | WinEncrypt | ? | Commercial, closed source |
Windows NT-based | Yes |
| Cryptic Disk | Exlade, Inc. | 2002 | Commercial, closed source |
Windows 2000, XP, 2003, Vista | Yes |
| cryptoloop | ? | 2003-07-02[7] | Free, open source (GPL) | Linux 2.5–2.6 | Deprecated, known vulnerabilities |
| Discryptor | Cosect | 2008 | Commercial, closed source |
Windows 2000, XP, Server 2003, Vista, Server 2008 | Yes |
| DiskCryptor | ntldr | 2007 | Free, open source (GPL) | Windows 2000, XP, Server 2003, Vista, Server 2008 | Yes |
| DISK Protect | BeCrypt Ltd | 2001 | Commercial, closed source |
Windows NT-based | Yes |
| dm-crypt/cryptsetup | Christophe Saout | 2004-03-11[8] | Free, open source (GPL) | Linux 2.6, Windows 2000, XP, Vista (via FreeOTFE) | Yes |
| dm-crypt/LUKS | Clemens Fruhwirth (LUKS) | 2005-02-05[9] | Free, open source (GPL) | Linux 2.6, Windows 2000, XP, Vista (via FreeOTFE) | Yes |
| DriveCrypt | SecurStar GmbH | 2001 | Commercial, closed source |
Windows NT-based | Yes |
| DriveSentry GoAnywhere 2 | DriveSentry | 2008 | Commercial, Free 25 Encryption Credits closed source | Windows XP, Vista | Yes |
| E4M | Paul Le Roux | 1998-12-18[10] | Free, open source (custom) | Windows 9x, Windows NT-2K | Unmaintained |
| e-Capsule Private Safe | EISST Ltd. | 2005 | Commercial, closed source |
Windows 2000, XP, 2003, Vista | Yes |
| eCryptfs | Dustin Kirkland, Tyler Hicks, (formerly Mike Halcrow) | 2005[11] | Free, open source (GPL) | Linux 2.6.19+ | Yes |
| FileVault | Apple Computer | 2003-10-24 | Commercial, closed source |
Mac OS X v10.3 and later | Yes |
| FinallySecure | Secude | 2007 | Closed source | Windows XP, Vista | Yes |
| FREE CompuSec | CE-Infosys | ? | Freeware, closed source |
Linux 2.4-2.6, Windows 2000, XP, Vista | Yes |
| FreeOTFE | Sarah Dean | 2004-10-10[12] | Freeware, open source | Linux (via dm-crypt/LUKS); Windows 2000, XP, Vista, Pocket PC | Yes |
| GBDE | Poul-Henning Kamp | 2002-10-19[13] | Free, open source (BSD) | FreeBSD 5.0+ | Yes |
| GELI | Pawel Jakub Dawidek | 2005-04-11[14] | Free, open source (BSD) | FreeBSD 6.0+ | Yes |
| Keyparc | Bloombase | 2007[15] | Free, closed source |
Windows, Linux, Mac OS | Yes |
| loop-AES | Jari Ruusu | 2001-04-11 | Free, open source (GPL) | Linux 2.0+ | Yes |
| n-Crypt Pro | n-Trance Security Ltd | 2005 | Commercial, closed source |
Windows NT-based | Yes |
| PGPDisk | PGP Corporation | 1998-09-01[16] | Commercial, source available for personal review only[17] | Windows NT-based, Mac OS X | Yes |
| Private Disk | Dekart | 1993[18] | Commercial, closed source |
Windows 9x/NT-based/2000/2003/XP/Vista (32bit and 64bit) | Yes |
| R-Crypto | R-Tools Technology Inc | 2008 | Commercial, closed source |
Windows 2000/XP/2003/Vista (32/64 bit) | Yes |
| McAfee Endpoint Encryption (SafeBoot) | McAfee, Inc. | 2007[19] | Commercial, closed source |
Microsoft Vista 32/64, Windows XP, Windows 2000, Windows Server 2003 SP1+ | Yes |
| SafeGuard Easy | Utimaco | 1993[20] | Commercial, closed source |
Windows NT-based[21] | Yes |
| SafeGuard PrivateDisk |
Utimaco[22] | ? | Commercial, closed source |
Windows | Yes |
| SafeHouse Professional | PC Dynamics, Inc. | 1992 | Commercial, closed source |
Windows 9x/2K/XP/2003/Vista (32/64 bit) |
Yes |
| Scramdisk | Shaun Hollingworth | 1997-07-01 | Free, open source (custom) | Windows 9x, Windows NT-2K | Unmaintained |
| Scramdisk 4 Linux | Hans-Ulrich Juettner | 2005-08-06 [23] | Free, open source (GPL) | Linux 2.4–2.6 | Yes |
| SecuBox | Aiko Solutions | 2007-02-19 | Commercial, closed source |
Windows CE, Windows Mobile Pocket PC, Smartphone [24] | Yes |
| Secude securenotebook | Secude | 2003 | Commercial, closed source |
Windows XP/2000 | Yes |
| SecureDoc | WinMagic Inc. | 1997 | Commercial, closed source |
Windows 2000/XP/Vista, Mac OS X[25] | Yes |
| Sentry 2020 | SoftWinter | 1998[26] | Commercial, closed source |
Windows NT-based, Pocket PC | Yes |
| SpyProof! | Information Security Corp. | 2002 | Commercial, closed source |
Windows NT4/2000/XP/Vista | Yes |
| TrueCrypt | TrueCrypt Foundation | 2004-02-02[27] | Free, proprietary (source code available) | Linux 2.4-2.6, Windows 2000, XP, 2003, Vista, Mac OS X | Yes |
| Name | Developer | First released | Licensing | Operating system support | Maintained? |
Features
- Hidden containers: Whether hidden containers can be created for deniable encryption. Note that some modes of operation can be more prone to watermarking attacks than others.
- Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk.
- Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications.
- Multiple keys: Whether an encrypted volumes can have more than one active key.
- Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2.
- Hardware acceleration: Whether dedicated cryptography acceleration extension cards can be taken advantage of.
- Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor.
- Two-factor authentication: Whether optional security tokens (hardware security modules, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11)
| Name | Hidden containers | Pre-boot authentication | Custom authentication | Multiple keys | Passphrase strengthening | Hardware acceleration | TPM | Filesystems | Two-factor authentication |
|---|---|---|---|---|---|---|---|---|---|
| BestCrypt | Yes | Yes | No | Yes[28] | ? | No | No | ? | ? |
| BitArmor DataControl | No | Yes | No | Yes | Yes | No | No | NTFS, FAT32 on non-system volumes | No |
| BitLocker Drive Encryption | No | Yes (With PIN or USB key)[29] |
Yes[30] | Yes[29] |
Yes (Recovery keys only) |
No | Yes[29] | Yes Template:Refun | Yes Template:Refun |
| CGD | No | No | Yes[31] | Yes[32] | Yes[31] | No | No | Any supported by OS | Yes[31] |
| Checkpoint Full Disk Encryption | ? | Yes | Yes | Yes | Yes | ? | Yes[33] | ? | Yes |
| CrossCrypt | No | No | No | No | No | No | No | ? | No |
| CryptArchiver | No | No | No | No | ? | No | No | ? | ? |
| cryptoloop | No | Yes[34] | Yes | No | No | Yes[citation needed] | No | Any supported by OS | ? |
| DiskCryptor | No | Yes | No | No | Yes | Yes[35] | No | Any supported by OS | Yes[36] |
| DISK Protect | ? | Yes[37] | ? | Yes[37] | ? | ? | No | ? | ? |
| dm-crypt/cryptsetup | No | Yes[34] | Yes | No | No | Yes | No | Any supported by OS | No |
| dm-crypt/LUKS | No | Yes[34] | Yes | Yes | Yes | Yes | No | Any supported by OS | No |
| DriveCrypt | Yes[38] | Yes | No | Yes | Yes | No | No | ? | Yes |
| DriveSentry GoAnywhere 2 | No | No | Yes | No | Yes | No | ? | Any supported by OS | Yes |
| E4M | No | No | No | No | ? | No | No | ? | No |
| e-Capsule Private Safe | Yes[39] | No | No | Yes[39] | No | Yes | No | ? | ? |
| eCryptfs | No | No | Yes | Yes | Yes | Yes | Yes | uses the lower filesystem (stacking) | Yes |
| FileVault | No | No | No | Two passwords[40] | Yes[40] | No | No | ? | ? |
| FinallySecure | No | Yes | Yes | No | Yes | Yes | Yes | ? | ? |
| FREE CompuSec | No | Yes | No | No | No | No | No | ? | ? |
| FreeOTFE | Yes | No | Yes[41] | Yes[42] | Yes | No | No | Any supported by OS | Yes |
| GBDE | No | No[43] | Yes | Yes[44] | No[44] | No[43] | No | Any supported by OS | ? |
| GELI | No | Yes[43] | Yes | Yes[45] | Yes[45] | Yes[43] | No | Any supported by OS | ? |
| Keyparc | No | No | Yes | Yes | Yes | Yes | No | ? | ? |
| loop-AES | No | Yes[46] | Yes[46] | Yes[46] | Yes[46] | Yes[46] | No | Any supported by OS | No |
| n-Crypt Pro | No | No | No | No | —[47] | No | No | ? | ? |
| PGPDisk | No | Yes[48] | ? | Yes | Yes[49] | ? | Yes | ? | Yes |
| Private Disk | No | No | No | Yes | Yes | No | No | Any supported by OS | Yes |
| R-Crypto | ? | No | ? | ? | ? | ? | ? | Any supported by OS | ? |
| McAfee Endpoint Encryption | Yes | Yes | Yes | Yes | Yes | No | Yes | ? | Yes |
| SafeGuard Easy | No | Yes | No | Yes | ? | No | Yes[50] | ? | Yes |
| SafeGuard PrivateDisk | ? | ? | ? | ? | ? | ? | Yes[33] | ? | ? |
| SafeHouse Professional | No | No | Yes | Yes | Yes | No | No | Any supported by OS | Yes |
| Scramdisk | Yes | No | No | No | No | No | No | ? | ? |
| Scramdisk 4 Linux | Yes[51] | No | No | No | Yes[51] | No | No | ext2, ext3, reiserfs, minix, ntfs, vfat/msdos | No |
| SecuBox | No | No | No | No | Yes | No | No | ? | No |
| Secude securenotebook | No | Yes | Yes | No | Yes | No | No | ? | ? |
| SecureDoc | No | Yes[52] | Yes | Yes | Yes | Yes | Yes | ? | Yes |
| Sentry 2020 | No | No | No | ? | ? | No | No | ? | ? |
| TrueCrypt | Yes (limited to one per "outer" container) |
only on Windows[53] | No | No[54] | Yes | No | No | Any supported by OS | Yes |
| Name | Hidden containers | Pre-boot authentication | Custom authentication | Multiple keys | Passphrase strengthening | Hardware acceleration | TPM | Filesystems | Two-factor authentication |
- ^ Windows 7 introduces Bitlocker-To-Go which supports NTFS, FAT32 or exFAT, however for hard drive encryption, Windows Vista and later are limited to be installable only on NTFS volumes
- ^ BitLocker can be used with a TPM PIN + external USB key for two-factor authentication
Layering
- Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be booted off of; refer to "pre-boot authentication" in the features comparison table.
- Partition: Whether individual disk partitions can be encrypted.
- File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices).
- Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly.
- Hibernation file: Whether the hibernation file is encrypted (if hibernation is supported).
| Name | Whole disk | Partition | File | Swap space | Hibernation file |
|---|---|---|---|---|---|
| ArchiCrypt Live | Yes (except for the boot volume) |
Yes | Yes | No | No |
| BestCrypt | Yes | Yes[citation needed] | Yes | Yes | Yes[citation needed] |
| BitArmor DataControl | No | Yes | No | Yes | Yes |
| BitLocker Drive Encryption | Yes (except for the boot volume) |
Yes | No | Yes (parent volume is encrypted) |
Yes (parent volume is encrypted) |
| CGD | Yes | Yes | Yes[31] | Yes | No |
| Check Point Full Disk Encryption | Yes | Yes | ? | Yes | Yes |
| CrossCrypt | No | No | Yes | No | No |
| CryptArchiver | No | No | Yes | No | No |
| cryptoloop | Yes | Yes | Yes | Yes | No |
| DiskCryptor | Yes | Yes | No | Yes | Yes |
| dm-crypt | Yes | Yes | Yes[55] | Yes | Yes[56] |
| DriveCrypt | Yes | Yes[38] | Yes[38] | No | No |
| DriveSentry GoAnywhere 2 | No | Yes | Yes | No | No |
| E4M | No | Yes | Yes | No | No |
| e-Capsule Private Safe | No | No | Yes[57] | No | No |
| eCryptfs | No | No | Yes | No | No |
| FileVault | No | No | Yes[40] | Yes[40] | No |
| FinallySecure | Yes | Yes | No | No | No |
| FREE CompuSec | Yes | No | Yes | Yes | Yes |
| FreeOTFE | Yes (except for the boot volume) |
Yes | Yes | No | No |
| GBDE | Yes | Yes | Yes[58] | Yes | No |
| GELI | Yes | Yes | Yes[58] | Yes | No |
| Keyparc | Yes | Yes | Yes | Yes | No |
| loop-AES | Yes | Yes[46] | Yes[46] | Yes[46] | No |
| n-Crypt Pro | Yes | Yes | Yes | No | No |
| PGPDisk | Yes | Yes | Yes | Yes | Yes |
| Private Disk | No | No | Yes | No | No |
| R-Crypto | No | No | Yes | No | No |
| Safeboot Device Encryption (Now McAfee Endpoint Encryption) |
Yes | Yes | Yes | Yes | Yes[59] |
| SafeGuard Easy | Yes | Yes | No | Yes | Yes[citation needed] |
| SafeHouse Professional | No | No | Yes | No | No |
| Scramdisk | No | Yes | Yes | No | No |
| Scramdisk 4 Linux | Yes | Yes | Yes | Yes | No |
| SecuBox | No | No | Yes | — | No |
| Secude securenotebook | Yes | Yes | No | No | No |
| SecureDoc | Yes[52] | Yes | Yes | Yes | Yes |
| Sentry 2020 | No | No | Yes | No | No |
| SpyProof! | No | Yes | Yes | No | No |
| TrueCrypt | Yes | Yes | Yes | Yes | only on Windows[60] |
| Name | Whole disk | Partition | File | Swap space | Hibernation file |
Modes of operation
Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.
- CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks.
- CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
- CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details)
- LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.[61]
- XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWG (IEEE P1619) standard for disk encryption.
| Name | CBC w/ predictable IVs | CBC w/ secret IVs | CBC w/ random per-sector keys | LRW | XTS |
|---|---|---|---|---|---|
| ArchiCrypt Live | No | No | No | Legacy support [62] | Yes |
| BestCrypt | ? | ? | No | Yes[63] | Yes[64] |
| BitArmor DataControl | No | Yes | Plumb-IV | No | No |
| BitLocker Drive Encryption | No[65] | Yes[65] | No | No | No |
| CGD | No | Yes[66] | No | No | No |
| Check Point Full Disk Encryption | ? | ? | ? | ? | ? |
| CrossCrypt | Yes | No | No | No | No |
| CryptArchiver | ? | ? | ? | ? | ? |
| cryptoloop | Yes | No | No | No | No |
| DiskCryptor | No | No | No | No | Yes |
| dm-crypt | Yes | Yes | No | Yes, using *-lrw-benbi[67] | Yes, using *-xts-plain |
| DriveCrypt | ? | ? | ? | ? | ? |
| DriveSentry GoAnywhere 2 | ? | ? | ? | ? | ? |
| E4M | ? | ? | ? | No | No |
| e-Capsule Private Safe | ? | ? | ? | ? | ? |
| eCryptfs | No | Yes | ? | No | No |
| FileVault | Yes[40] | No | No | No | No |
| FinallySecure | ? | ? | ? | ? | ? |
| FREE CompuSec | ? | ? | ? | ? | ? |
| FreeOTFE | Yes | Yes | No | Yes | Yes |
| GBDE | No | No | Yes[44] | No | No |
| GELI | No | Yes[68] | No | No | No |
| Keyparc | ? | Yes | ? | ? | ? |
| loop-AES | single-key, multi-key-v2 modes[46] | multi-key-v3 mode[46] | No | No | No |
| n-Crypt Pro | ? | ? | No | No | No |
| PGPDisk | ? | ? | ? | ? | ? |
| Private Disk | Yes | No | Yes[citation needed] | No | No |
| R-Crypto | ? | ? | ? | ? | ? |
| McAfee Endpoint Encryption for PC's (SafeBoot Device Encryption) | No | Yes | No | No | No |
| SafeGuard Easy | ? | ? | ? | ? | ? |
| SafeHouse Professional | Yes | No | No | No | No |
| Scramdisk | No | Yes | No | No | No |
| Scramdisk 4 Linux | No | Yes[69] | No | Yes[70] | Yes[71] |
| SecuBox | Yes | No | No | No | No |
| Secude securenotebook | ? | ? | ? | ? | ? |
| SecureDoc | ? | ? | ? | ? | ? |
| Sentry 2020 | ? | ? | ? | ? | ? |
| TrueCrypt | Legacy support [72] | No | No | Legacy support [73] | Yes [74] |
| Name | CBC w/ predictable IVs | CBC w/ secret IVs | CBC w/ random per-sector keys | LRW | XTS |
See also
External links
- On-The-Fly Encryption: A Comparison - A much larger comparison of disk encryption software, sorted by OS
Notes and references
- ^ "Jetico Company Info". Jetico. Retrieved 2007-01-05.
- ^ Roland Dowdeswell (2002-10-04). "CryptoGraphic Disk". mailing list announcement. Retrieved 2007-01-14.
{{cite web}}: Check date values in:|date=(help) - ^ Original release as Protect Data Security Inc.'s "Protect!""Protect guards laptop and desktop data". Retrieved 2008-09-03.
- ^ Company and product name change to Pointsec "Protect Data Security Inc. changes name to Pointsec Mobile Technologies Inc". Retrieved 2008-09-03.
- ^ "Check Point Completes the Offer for Protect Data with Substantial Acceptance of 87.1 Percent". Retrieved 2008-09-03.
- ^ Sarah Dean (2004-02-10). "OTFEDB entry". Retrieved 2008-08-10.
{{cite web}}: Check date values in:|date=(help) - ^ Initial cryptoloop patches for the Linux 2.5 development kernel: http://uwsg.iu.edu/hypermail/linux/kernel/0307.0/0348.html
- ^ dm-crypt was first included in Linux kernel version 2.6.4: http://lwn.net/Articles/75404/
- ^ Clemens Fruhwirth. "LUKS version history". Retrieved 2006-12-24.
- ^ "archived E4M documentation".).
- ^ "eCryptfs". Retrieved 2008-04-29.
- ^ "FreeOTFE version history". Retrieved 2006-12-24.
- ^ "gbde(4) man page in FreeBSD 4.11". GBDE manual page as it appeared in FreeBSD 4.11. Retrieved 2006-12-24.
- ^ "geli(8) man page in FreeBSD 6.0". GELI manual page as it first appeared in FreeBSD 6.0. Retrieved 2006-12-24.
- ^ "Keyparc - Free Encryption for Everyone". Bloombase.
- ^ "PGP 6.0 Freeware released - any int'l links?". Newsgroup: comp.security.pgp. 6sh4vm$jbf$1@news.cybercity.dk. Retrieved 2007-01-04.
- ^ PGPdisk source for review only. See [1].
- ^ "Dekart Encryption software timeline". Dekart.
- ^ "McAfee Endpoint Encryption". product description. McAfee. Retrieved 2009-03-04.
- ^ "SafeGuard Easy 4.0 Technical Whitepaper" (PDF). Utimaco. Retrieved 2007-07-03.
- ^ Former versions for MS-DOS, Windows 3.x, Windows 9x, Windows NT4, IBM OS/2 up to Warp 4.
- ^ Rebranded as ThinkVantage Client Security "ThinkVantage Technologies Deployment Guide" (PDF). Lenovo. Retrieved 2008-03-05.
- ^ "ScramDisk 4 Linux Releases".
- ^ "SecuBox versions for SH3, SH4, MIPS processors, Smartphone version".).
- ^ SecureDoc Full-Disk Encryption for Mac
- ^ "Sentry 2020 news". Retrieved 2007-01-02.
- ^ TrueCrypt version history
- ^ Supported by the BestCrypt container format; see BestCrypt SDK
- ^ a b c "BitLocker Drive Encryption Technical Overview". Microsoft. Retrieved 2008-03-13.
- ^ BitLocker Drive Encryption: Value Add Extensibility Options
- ^ a b c d Roland C. Dowdeswell, John Ioannidis. "The CryptoGraphic Disk Driver" (PDF). CGD design paper. Retrieved 2006-12-24.
- ^ Federico Biancuzzi (2005-12-21). "Inside NetBSD's CGD". interview with Roland Dowdeswell. ONLamp.com.
{{cite web}}: Check date values in:|date=(help); Text "accessdate-2006-12-24" ignored (help) - ^ a b "ThinkVantage Technologies Deployment Guide" (PDF). Lenovo. Retrieved 2008-03-05.
- ^ a b c dm-crypt and cryptoloop volumes can be mounted from the initrd before the system is booted
- ^ Support for hardware cryptography found in VIA processors. http://diskcryptor.net/index.php/DiskCryptor_en#Program_features
- ^ Ability to place boot loader on external medium and to authenticate using the key medium. Support for key files. http://diskcryptor.net/index.php/DiskCryptor_en#Program_features
- ^ a b "DISK Protect 4.2 Data Sheet" (PDF). Retrieved 2008-02-27.
- ^ a b c "DriveCrypt features". SecurStar GmbH. Retrieved 2007-01-03.
- ^ a b "Multi level access with separate access credentials, each enabling a different set of functional or logical operations". EISST Ltd. Retrieved 2007-07-25.
- ^ a b c d e Jacob Appelbaum, Ralf-Philipp Weinmann (2006-12-29). "Unlocking FileVault: An Analysis of Apple's disk encryption" (PDF). Retrieved 2007-03-31.
{{cite journal}}: Check date values in:|date=(help); Cite journal requires|journal=(help) - ^ FreeOTFE has a modular architecture and set of components to allow 3rd party integration
- ^ FreeOTFE allows multiple keys to mount the same container file via encrypted keyfiles
- ^ a b c d "FreeBSD Handbook: Encrypting Disk Partitions". Retrieved 2006-12-24.
- ^ a b c Poul-Henning Kamp. "GBDE - GEOM Based Disk Encryption" (PDF). GBDE design document. Retrieved 2006-12-24.
- ^ a b "geli(8) man page in FreeBSD-current". GELI manual page in current FreeBSD. Retrieved 2006-12-24.
- ^ a b c d e f g h i j Jari Ruusu. "loop-AES README file". Retrieved 2007-04-23.
- ^ n-Crypt Pro does not use password authentication — biometric/USB dongle authentication only
- ^ "PGP Whole Disk Encryption FAQ". PGP Corporation. Retrieved 2006-12-24.
- ^ PGP private keys are always protected by strengthened passphrases
- ^ "Embedded Security: Trusted Platform Module Technology Comes of Age". Utimaco. Retrieved 2008-03-04.
- ^ a b For Truecrypt containers
- ^ a b "SecureDoc Product Information". WinMagic Inc. Retrieved 2008-03-05. Cite error: The named reference "sdoc-faq" was defined multiple times with different content (see the help page).
- ^ http://www.truecrypt.org/docs/sys-encryption-supported-os.php
- ^ Although each volume encrypted with TrueCrypt can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (cf. TrueCrypt FAQ: Is there a way for an administrator to reset a password when a user forgets it?)
- ^ dm-crypt can encrypt a file-based volume when used with the losetup utility included with all major Linux distributions
- ^ yes, but the user needs custom scripts: http://www.linuxquestions.org/questions/slackware-14/luks-encryption-swap-and-hibernate-627958/
- ^ Uses proprietary e-Capsule file system not exposed to the OS.
- ^ a b File-based volume encryption is possible when used with mdconfig(8) utility.
- ^ "Control Break Internation Debuts SafeBoot Version 4.27". Retrieved 2008-08-12.
- ^ http://www.truecrypt.org/docs/sys-encryption-supported-os.php
- ^ LRW_issue
- ^ Containers created with ArchiCrypt Live version 5 use LRW
- ^ "New features in BestCrypt version 8". Jetico. Retrieved 2007-03-02.
- ^ "New features in version 2". Jetico. Retrieved 2009-03-01.
- ^ a b Niels Fergusson (August 2006). "AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista" (PDF). Microsoft. Retrieved 2008-02-22.
{{cite journal}}: Cite journal requires|journal=(help) - ^ "man 4 cgd in NetBSD-current". NetBSD current manual page on CGD. 2006-03-11. Retrieved 2006-12-24.
{{cite web}}: Check date values in:|date=(help) - ^ Starting with Linux kernel version 2.6.20, CryptoAPI supports the LRW mode: http://lwn.net/Articles/213650/
- ^ "Linux/BSD disk encryption comparison". Retrieved 2006-12-24.
- ^ For Scramdisk containers
- ^ For Truecrypt 4 containers
- ^ For Truecrypt 5 and 6 containers
- ^ Containers created with TrueCrypt versions 1.0 through 4.0 use CBC.
- ^ Containers created with TrueCrypt versions 4.1 through 4.3a use LRW, and support CBC for opening legacy containers only.
- ^ Containers created with TrueCrypt versions 5.0 or later use XTS, and support LRW/CBC for opening legacy containers only.