Академический Документы
Профессиональный Документы
Культура Документы
Background information
Name ArchiCrypt Live BestCrypt BitArmor DataControl BitLocker Drive Encryption Bloombase Keyparc CGD CenterTools DriveLock Check Point Full Disk Encryption CrossCrypt Cryptainer CryptArchiver cryptoloop cryptoMill Discryptor DiskCryptor DISK Protect cryptsetup/dmsetup dm-crypt/LUKS DriveCrypt DriveSentry GoAnywhere 2 E4M e-Capsule Private Safe eCryptfs FileVault FileVault 2 FinallySecure Enterprise (SECUDE) FREE CompuSec FreeOTFE GBDE Developer Softwaredevelopment Remus ArchiCrypt Jetico BitArmor Systems Inc. Microsoft Bloombase Roland C. Dowdeswell CenterTools Check Point Software Technologies Ltd Steven Scherrer Cypherix (Secure-Soft India) WinEncrypt ? SEAhawk Cosect Ltd. ntldr Becrypt Ltd Christophe Saout Clemens Fruhwirth (LUKS) SecurStar GmbH DriveSentry Paul Le Roux EISST Ltd. Dustin Kirkland, Tyler Hicks, (formerly Mike Halcrow) Apple Inc. Apple Inc. SECUDE 2008 2007 2001 2004-03-11 2005-02-05 2001 2008 1998-12-18 2005 2005 [11] [10] [8] [9] First released 1998 1993 [1] Licensing Proprietary Proprietary Proprietary Proprietary Proprietary [2] BSD Proprietary Proprietary GPL Proprietary Proprietary [7] GPL Proprietary Proprietary GPL Proprietary GPL GPL Proprietary Proprietary Open source Proprietary GPL Proprietary Proprietary Proprietary Proprietary [12] [13] Open source BSD Maintained? Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes
2004-02-10 ? ? 2003-07-02
2
Pawel Jakub Dawidek
GELI KryptOS loop-AES n-Crypt Pro PGPDisk Private Disk R-Crypto McAfee Endpoint Encryption (SafeBoot) SafeGuard Easy SafeGuard Enterprise SafeGuard PrivateDisk SafeHouse Professional Scramdisk Scramdisk 4 Linux SecuBox SECUDE Secure Notebook SecureDoc Sentry 2020 softraid / RAID C SpyProof! svnd / vnconfig Symantec Endpoint Encryption TrueCrypt Aloaha Secure Stick Name Developer
2005-04-11 2010
Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Maintained?
The MorphOS Development Team Jari Ruusu n-Trance Security Ltd PGP Corporation Dekart R-Tools Technology Inc McAfee, Inc.
Proprietary Proprietary Proprietary Proprietary Proprietary Proprietary Proprietary Proprietary Open source GPL Proprietary Proprietary Proprietary Proprietary BSD Proprietary
[16]
1993 2007
[18] [19]
PC Dynamics, Inc. Shaun Hollingworth Hans-Ulrich Juettner Aiko Solutions SECUDE WinMagic Inc. SoftWinter OpenBSD Information Security Corp. OpenBSD Symantec Corporation TrueCrypt Foundation
[24]
BSD Proprietary
[25]
Aloaha
Operating systems
Name
Windows NT-based
Pre-Windows NT
FreeBSD
Linux
ArchiCrypt Live BestCrypt BitArmor DataControl BitLocker Drive Encryption Bloombase Keyparc CenterTools DriveLock CGD Check Point Full Disk Encryption CrossCrypt Cryptainer CryptArchiver cryptoloop Discryptor DiskCryptor DISK Protect cryptsetup/dmsetup dm-crypt/LUKS DriveCrypt DriveSentry GoAnywhere 2 E4M e-Capsule Private Safe eCryptfs FileVault FileVault 2 FREE CompuSec FreeOTFE GBDE GELI loop-AES n-Crypt Pro PGPDisk PGP Whole Disk Encryption Private Disk
Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes [28]
No Yes No No Yes No No Yes No No No Yes No No No Yes Yes No No No No Yes No No Yes Partial [30]
No No No No No No Yes No No No No No No No No No No No No No No No No No No No No No No No No No No
No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No
No No No No No No No No No No No No No No No Yes Yes No No No No No No No No No No No No No No No No
No No No No No No Yes [29]
Yes Yes Yes Yes No No No Yes Yes No No No Yes Yes Yes Yes
No No No No No No No No Yes No No No No No No No
No No Yes No No Yes No
4
No No No No No Yes Yes No No No No No No No No No No No No Yes [31] No No No No No No No No No No No No No No No No No [32] No No No No No No Yes Yes No No Yes No No No No No Yes No Linux No Yes No Yes No No No No No No Yes No No No No No Yes No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No Yes No Yes No No No No No No No No No No No No No No No No No No No No No
R-Crypto McAfee Endpoint Encryption (SafeBoot) SafeGuard Easy SafeGuard Enterprise SafeGuard PrivateDisk SafeHouse Professional Scramdisk Scramdisk 4 Linux SecuBox FinallySecure Enterprise (SECUDE) SecureDoc Sentry 2020 softraid / RAID C SpyProof! svnd / vnconfig Symantec Endpoint Encryption TrueCrypt Aloaha Secure Stick Name
Yes Yes Yes Yes Yes Yes Yes No No Yes Yes Yes No Yes No Yes Yes Yes Windows NT-based
No FreeBSD
Pre-Windows NT
Features
Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established)[33] can be created for deniable encryption. Note that some modes of operation like CBC with a plain IV can be more prone to watermarking attacks than others. Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk. Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications. Multiple keys: Whether an encrypted volume can have more than one active key. Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2. Hardware acceleration: Whether dedicated cryptographic accelerator expansion cards can be taken advantage of. Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor. Filesystems: what filesystems are supported. Two-factor authentication: Whether optional security tokens (hardware security modules, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11)
Name
Multiple keys
TPM
Filesystems
Yes
[34][35]
No
? Any supported by OS NTFS, FAT32 on non-system volumes Chiefly [43] NTFS ? Any supported by OS Any supported by OS ? ? ? Any supported by OS Any supported by OS ? Any supported by OS Any supported by OS ? Any supported by OS ? ? [52] Yes
Yes
Yes
No
Yes
[37]
Yes
Yes
Yes
Yes
[38]
BitArmor DataControl
No
Yes
No
Yes
Yes
No
No
No
No
Yes
[39]
Yes
[40]
Yes
[41]
Yes
[42]
Yes
Yes
[41]
Yes
[44]
No
No
Yes
Yes
Yes
Yes
No
No
No
Yes
[45]
Yes
[46]
Yes
[45]
No
No
Yes
[]
CenterTools DriveLock
No
Yes
No
No
Yes
No
No
Yes
? No No
Yes No No [47]
Yes No No
Yes No No
Yes No ?
? No No
? No No
Yes No ?
No
Yes
Yes
No
No
Yes
No
Yes
[48]
Yes
[49]
Yes
[49]
No
No
Yes
[47]
Yes
No
No
Yes
No
No
Yes
Yes
[50]
Yes
No
Yes
Yes
No
No
Yes
No
No
Yes
No
Yes
No
Yes
No Yes [51]
No No No
No No Yes
No Yes []
? No Yes
No Yes Yes
No No Yes
No ? Yes
No
Yes
6
? HFS+, possibly others HFS+, possibly others Any supported by OS Any supported by OS Any supported by OS Any supported by OS NTFS, FAT32 Any supported by OS ? ? Any supported by OS Any supported by OS Any supported by OS Any supported by OS Any supported by OS Any supported by OS Any supported by OS
No
No
No
No
Yes
Yes
GELI No Yes [57] Yes Yes [59] Yes [59] Yes [57] No
Yes
No
Yes
Yes
Yes
Yes
No
No
Yes
No
Yes
[60]
Yes
[60]
Yes
[60]
Yes
[60]
Yes
[60]
No
Yes
[61]
No No
No Yes [63]
No ?
No Yes
N/A Yes
[62]
No ?
No Yes
? Yes
[64]
No
No
No
Yes
Yes
No
No
Yes
R-Crypto ? No ? ? ? ? ?
Yes
Yes
Yes
Yes
Yes
Yes
[65]
Yes
Yes
No
Yes
No
Yes
Yes
No
Yes
[66]
Yes
SafeGuard Enterprise
No
Yes
No
Yes
Yes
No
Yes
[66]
Yes
SafeGuard PrivateDisk
No
N/A
No
Yes
Yes
No
Yes
[67]
Yes
SafeHouse Professional
No
No
Yes
Yes
Yes
No
No
Yes
Scramdisk Yes No No No No No No ?
7
ext2, ext3, reiserfs, minix, ntfs, vfat/msdos ?
No
No
No
No
No
Yes
No
No
No
No
Yes
Yes
No
Yes
No
Yes
Yes
No No
Yes
[69]
Yes No
Yes No
Yes No
Yes No
Yes No
Yes No
No
No
No
Yes
No
Yes
Yes
Yes
Yes
No
No
Yes
No
Yes
Yes
No
Any supported by OS
Yes
No
Yes
No
No
No TPM
[1] "Jetico Company Info" (http:/ / www. jetico. com/ company. htm). Jetico. . Retrieved 2007-01-05. [2] Roland Dowdeswell (2002-10-04). "CryptoGraphic Disk" (http:/ / mail-index. netbsd. org/ current-users/ 2002/ 10/ 04/ 0008. html). mailing list announcement. . Retrieved 2007-01-14. [3] Original release as Protect Data Security Inc.'s "Protect!style="background: #ececec; color: black; font-weight: bold; vertical-align: middle; text-align: left; " class="table-rh"|" "Protect guards laptop and desktop data" (http:/ / www. infoworld. com/ cgi-bin/ displayArchive. pl?/ 99/ 25/ c05-25. 48. htm). . Retrieved 2008-09-03. [4] Company and product name change to Pointsec "Protect Data Security Inc. changes name to Pointsec Mobile Technologies Inc." (http:/ / web. archive. org/ web/ 20040820174918/ www. pointsec. com/ news/ news. asp?newsid=85). Archived from the original (http:/ / www. pointsec. com/ news/ news. asp?newsid=85) on 2004-08-20. . Retrieved 2008-09-03. [5] "Check Point Completes the Offer for Protect Data with Substantial Acceptance of 87.1 Percent" (http:/ / www. checkpoint. com/ press/ 2007/ protectdataacquisition011107. html). . Retrieved 2008-09-03. [6] Sarah Dean (2004-02-10). "OTFEDB entry" (http:/ / otfedb. sdean12. org/ cgi-bin/ pub_factsheet. cgi?SYSTEM_ID=46). . Retrieved 2008-08-10. [7] Initial cryptoloop patches for the Linux 2.5 development kernel: http:/ / uwsg. iu. edu/ hypermail/ linux/ kernel/ 0307. 0/ 0348. html [8] dm-crypt was first included in Linux kernel version 2.6.4: http:/ / lwn. net/ Articles/ 75404/ [9] Clemens Fruhwirth. "LUKS version history" (http:/ / luks. endorphin. org/ dm-crypt). . Retrieved 2006-12-24. [10] "archived E4M documentation" (http:/ / web. archive. org/ web/ 20000524061402/ www. e4m. net/ news. html). Archived from the original (http:/ / www. e4m. net/ news. html) on 2000-05-24. .). [11] "eCryptfs" (http:/ / ecryptfs. sourceforge. net). . Retrieved 2008-04-29. [12] "FreeOTFE version history" (http:/ / web. archive. org/ web/ 20061207224351/ http:/ / www. freeotfe. org/ docs/ version_history. htm#version_history). Archived from the original (http:/ / www. freeotfe. org/ docs/ version_history. htm#version_history) on 2006-12-07. . Retrieved 2006-12-24. [13] "gbde(4) man page in FreeBSD 4.11" (http:/ / www. freebsd. org/ cgi/ man. cgi?query=gbde& apropos=0& sektion=4& manpath=FreeBSD+ 5. 0-RELEASE& format=html). GBDE manual page as it appeared in FreeBSD 4.11. . Retrieved 2006-12-24.
Layering
Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to "pre-boot authentication" in the features comparison table. Partition: Whether individual disk partitions can be encrypted. File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices). Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly. Hibernation file: Whether the hibernation file is encrypted (if hibernation is supported).
Name ArchiCrypt Live Whole disk Yes (except for the boot volume) Yes No Yes (except for the boot volume) Yes Yes Yes Yes Partition File Swap space Hibernation file
Yes
Yes
No
No
Yes Yes
Yes No
Yes Yes Yes (parent volume is encrypted) Yes Yes Yes Yes
Yes
No
Bloombase Keyparc CenterTools DriveLock CGD Check Point Full Disk Encryption
10
No No Yes Yes Yes Yes No No No No No No Yes No No Yes Yes Yes Yes [50] Yes Yes Yes No [2] Yes [50] Yes Yes Yes [4] Yes Yes [53] Yes No Yes No No Yes Yes Yes No No No No No [5][53] Yes Yes Yes No No No Yes [3] Yes No No No No No Yes [5][6]
CrossCrypt CryptArchiver cryptoloop DiskCryptor dm-crypt DriveCrypt DriveSentry GoAnywhere 2 E4M e-Capsule Private Safe eCryptfs FileVault FileVault 2 FREE CompuSec FreeOTFE
Yes Yes
No
Yes (except for the boot volume) Yes Yes Yes Yes Yes Yes No No Yes
Yes
Yes
No
No
GBDE GELI GuardianEdge Hard Disk Encryption loop-AES n-Crypt Pro PGPDisk Private Disk R-Crypto McAfee Endpoint Encryption (SafeBoot) SafeGuard Easy
[7] Yes [7] Yes Yes [60] Yes Yes Yes Yes Yes Yes extra module Yes Yes Yes Yes Yes Yes Yes Yes Yes
No No Yes [60] Yes No only on Windows No No [8] Yes Each sector on disk is encrypted Each sector on disk is encrypted No No No No No Yes Yes No
No Yes No No Yes
Yes
Yes
Yes
SafeGuard Enterprise
SafeGuard PrivateDisk SafeHouse Professional Scramdisk Scramdisk 4 Linux SecuBox FinallySecure Enterprise (SECUDE) SecureDoc Sentry 2020
No
11
Yes (encrypted by default in [9] OpenBSD) Yes (encrypted by default in OpenBSD) No Yes Yes No N/A Swap space
No
SpyProof! Symantec Endpoint Encryption TrueCrypt Aloaha Secure Stick Cryptomill Name
Modes of operation
Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation. CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks. CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD). CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details) LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.[10] XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWG (IEEE P1619) standard for disk encryption.
Name CBC w/ predictable IVs CBC w/ secret IVs No Yes Yes [14] Yes Yes [15] Yes ? ? No ? No CBC w/ random per-sector keys No No Plumb-IV No ? No ? ? No ? No LRW XTS
ArchiCrypt Live BestCrypt BitArmor DataControl BitLocker Drive Encryption Bloombase Keyparc CGD CenterTools DriveLock Check Point Full Disk Encryption CrossCrypt CryptArchiver cryptoloop
No No No No [14]
[11]
No No ? No ? ? No ? No
No No ? No ? ? No ? No
? No ? ? Yes ? Yes
12
No Yes ? ? ? ? Yes No No No Yes No [18] Yes No multi-key-v3 [60] mode ? ? No ? Yes ? ? ? No Yes [68] Yes No ? ? ? ? ? No No No ? ? ? ? ? No No No No [58] Yes No Yes No Yes, using [16] *-lrw-benbi ? ? No ? No No No No Yes No No No Yes Yes, using *-xts-plain ? ? No ? No No Yes [17]
DiskCryptor dm-crypt
No Yes
DriveCrypt DriveSentry GoAnywhere 2 E4M e-Capsule Private Safe eCryptfs FileVault FileVault 2 FREE CompuSec FreeOTFE GBDE GELI GuardianEdge Hard Disk Encryption loop-AES
? ? ? ? No Yes [53]
No Yes No Yes No
No No ? Yes ? No ? ? ? No No No No ? ? ? ? ? Yes
No No ? No ? No ? ? ? No No Yes [68]
No No ? No ? No ? ? ? No No Yes [68]
n-Crypt Pro PGPDisk Private Disk R-Crypto McAfee Endpoint Encryption (SafeBoot) SafeGuard Easy SafeGuard Enterprise SafeGuard PrivateDisk SafeHouse Professional Scramdisk Scramdisk 4 Linux SecuBox FinallySecure Enterprise (SECUDE) SecureDoc Sentry 2020 softraid / RAID C svnd / vnconfig Symantec Endpoint Encryption
No ? ? ? ? ? No
No ? ? ? Yes [19]
? No
13
Legacy support No
Yes
Yes XTS
External links
On-The-Fly Encryption: A Comparison (http://otfedb.sdean12.org/) - A much larger comparison of disk encryption software, sorted by OS
14
License
Creative Commons Attribution-Share Alike 3.0 Unported //creativecommons.org/licenses/by-sa/3.0/