Misplaced Pages

Disk encryption software: Difference between revisions

Article snapshot taken from[REDACTED] with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editNext edit →Content deleted Content addedVisualWikitext
Revision as of 10:50, 23 December 2006 editMaxt (talk | contribs)520 edits /* Fixed vandalism. Windows/PocketPC is a non-sense heading. It's like Windows/Car-computer. Windows is a software platform, PocketPC is a hardware platform.← Previous edit Revision as of 11:43, 23 December 2006 edit undoAdm30 (talk | contribs)14 edits Present tenseNext edit →
Line 45: Line 45:
===Windows=== ===Windows===
<!--Please don't add software which is included under the Windows/Linux category, it doesn't make sense to have software under both categories. If you disagree, then at least make sure you're consistent and add all software under the Windows/Linux category to the Windows category and the Linux category--> <!--Please don't add software which is included under the Windows/Linux category, it doesn't make sense to have software under both categories. If you disagree, then at least make sure you're consistent and add all software under the Windows/Linux category to the Windows category and the Linux category-->
* ] will be available in the Enterprise and Ultimate editions of ]. * ] is available in the Enterprise and Ultimate editions of ].
* ] (open-source, free) supports Linux loop-AES format and old SuSE Twofish format. * ] (open-source, free) supports Linux loop-AES format and old SuSE Twofish format.
* ] (open-source, free), also provides ] and has support for Linux disk formats (cryptoloop, dm-crypt and LUKS). * ] (open-source, free), also provides ] and has support for Linux disk formats (cryptoloop, dm-crypt and LUKS).

Revision as of 11:43, 23 December 2006

To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software which is used to implement the technique (for cryptographic aspects of the problem see disk encryption). Compared to access restrictions commonly enforced by an OS this technique allows to protect data even when the OS is not active, for example, if data is read directly from the hardware.

Such software encrypts data stored on a computer's mass storage and transparently decrypts the information when an authorized user requests it: no special action by the user (except supplying a password or passphrase at the beginning of a session) is required. Some also provide plausible deniability with deniable encryption techniques.

The volume-level encryption is particularly suited to portable devices such as laptop computers and thumb drives. If used properly, someone finding a lost device will have access only to meaningless encrypted files. A strong passphrase (e.g. five or more diceware words) is essential for full security.

Although disk encryption software can transparently operate on an entire disk volume, a directory, or even a single file, it is important to differentiate it with (non-transparent) file encryption software which encrypts or decrypts only individual files and always the whole file (the decrypted file is stored in a temporary file in an unencrypted form). Examples of software which can be used for file encryption are special-purpose software (e.g., GNU Privacy Guard), file archivers, and even some text editors (e.g., emacs or vi)

Notable disk encryption software

Cross-Platform

All programs included in this section run under more than one operating system.

Remark: Software that runs on two versions of one operating system is not considered cross-platform. For example, even though Windows 3.11 and Windows Vista are substantially mutually incompatible, they are merely two versions of one operating system.

Windows/Linux

Linux

  • aespipe, program to encrypt a file stream with the AES algorithm with key lengths 128, 192 and 256 bit.
  • dm-crypt, included in the mainline kernel starting with version 2.6.4. Kernel versions earlier than 2.6.19 contained a bug that could cause data corruption when used together with software RAID5.
    • cryptmount allows mounting dm-crypt volumes without superuser privileges.
    • LUKS (Linux Unified Key Setup) aims to improve dm-crypt key management.
  • Cryptoloop, a "loopback" encryption method, is included in the mainline kernel but has some security weaknesses and has been deprecated in favor of dm-crypt.
  • eCryptfs, a stacked filesystem in the kernel version 2.6.19.
  • EncFS uses FUSE, provides an encrypted filesystem in user space.
  • loop-AES supports kernel 2.0.x onward; no kernel patch required, but requires loading of a kernel module. Is one of the most mature methods.
  • PhoneBookFS is another encrypted filesystem in userspace using FUSE, providing a higher level of deniable encryption through chaff and layers. No longer maintained.
  • rubberhose, last version (alpha) released in 2000. Never released a beta version. Not maintained. Only works with the Linux 2.2 kernel which is also no longer supported by Linus Torvalds.
  • StegFS, the current successor to the ideas embodied by the rubberhose and PhoneBookFS filesystems and in need of developers.

BSD

Mac OS X

  • Disk image support includes optional AES-128 encryption.
    • Since 10.3, FileVault uses this capability to provide an encrypted home directory.
  • "Secure virtual memory" support since 10.4.

Windows

See also

External links

Categories:
Disk encryption software: Difference between revisions Add topic