-->

Selasa, 06 Maret 2018

This is a technical feature comparison of different disk encryption software.

Background information




Should You Get Self-Encrypting Drives? (Hardware Encryption) - You might not be aware that there are SSDs and HDDs that actually encrypt and decrypt all your data on the fly, meaning your data is always protected. The best part is this is all handled by...

Operating systems


Best File Recovery Software - Recover Files with FILERECOVERY ...
Best File Recovery Software - Recover Files with FILERECOVERY .... Source : www.lc-tech.com

Features


Top 18 Best USB Drive Encryption Software For Windows
Top 18 Best USB Drive Encryption Software For Windows. Source : techviral.net

  • Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established) can be created for deniable encryption. Note that some modes of operation like CBC with a plain IV can be more prone to watermarking attacks than others.
  • Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk.
  • Single sign-on: Whether credentials provided during pre-boot authentication will automatically log the user into the host operating system, thus preventing password fatigue and reducing the need to remember multiple passwords.
  • Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications.
  • Multiple keys: Whether an encrypted volume can have more than one active key.
  • Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2.
  • Hardware acceleration: Whether dedicated cryptographic accelerator expansion cards can be taken advantage of.
  • Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor.
  • Filesystems: what filesystems are supported.
  • Two-factor authentication: Whether optional security tokens (hardware security modules, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11)

Layering


Top 10 Enterprise Encryption Products
Top 10 Enterprise Encryption Products. Source : www.esecurityplanet.com

  • Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to pre-boot authentication in the features comparison table.
  • Partition: Whether individual disk partitions can be encrypted.
  • File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices).
  • Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly.
  • Hibernation file: Whether the hibernation file is encrypted (if hibernation is supported).

Modes of operation


10 Best Encryption Software 2018 | Updated List - Viral Hax
10 Best Encryption Software 2018 | Updated List - Viral Hax. Source : www.viralhax.com

Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.

  • CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks.
  • CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
  • CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details)
  • LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.
  • XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWG (IEEE P1619) standard for disk encryption.

See also


What I wish I had known before my laptop was stolen. | Encryption ...
What I wish I had known before my laptop was stolen. | Encryption .... Source : www.scribd.com

  • Cold boot attack
  • Comparison of encrypted external drives
  • Disk encryption software
  • Disk encryption theory
  • List of cryptographic file systems

Notes and references


How to Encrypt Your Hard Drive
How to Encrypt Your Hard Drive. Source : www.cloudwards.net


External links


Azure Disk Encryption for Windows and Linux IaaS VMs | Microsoft Docs
Azure Disk Encryption for Windows and Linux IaaS VMs | Microsoft Docs. Source : docs.microsoft.com

  • DiskCryptor vs Truecrypt - Comparison in between DiskCryptor and Truecrypt
  • Buyer's Guide to Full Disk Encryption - Overview of full-disk encryption, how it works, and how it differs from file-level encryptionâ€"plus an overview of leading full-disk encryption software.

Multi-boot with full hard drive encryption and pre-boot ...
Multi-boot with full hard drive encryption and pre-boot .... Source : security.stackexchange.com

 
Sponsored Links