In practice, McAfee delivers an API to forensic tool developers (starting with Guidance Software for EnCase). This implementation allows developers to integrate the DE API into their products and request disk encryption keys directly, without the need to work through ePO directly. McAfee is acquiring endpoint encryption vendor SafeBoot Corp. In a $350 million deal to bolster the antivirus vendor's mobile device security software. And a scripting tool. Nov 07, 2013  Home Forum Index Forensic Software Decrypting SAFEBOOT Encrypted image in Encase All Forums > Forensic Software Forum Forensic software discussion (commercial and open source/freeware).

1. Safe Boot Encryption Tools
2. Mcafee Safeboot
3. Mcafee Disk Encryption Vs Bitlocker
4. Safe Boot Encryption

Keeping your personal data safe doesn't have to be difficult—as long as you keep the sensitive stuff encrypted and under your control. That's why this week we're looking at the five best file encryption tools you can use to encrypt your data locally so only you have the key.

Safe Boot Encryption Tools

Earlier in the week we asked you for your favorite file encryption tools, and you gave us tons of great nominations, but as always, we only have room for the top five.

Advertisement

What's The Best File Encryption Tool?

Times have changed, and more than a few tools have come and gone that were designed to encrypt your …

For the purposes of our roundup, we're focusing on desktop file encryption tools - the ones you use on your own computer to encrypt your own private data, not cloud services that promise to encrypt your data, or business services that say they offer encryption. The goal here is to find the best tools you can use to lock down your sensitive files—whether they're photos, financial documents, personal backups, or anything else—and keep them locked down so only you have the key. For those unfamiliar with the topic, we have a great guide on how encryption works, and how you can use it to keep your own data safe.

Advertisement

A Beginner's Guide to Encryption: What It Is and How to Set it Up

You’ve probably heard the word “encryption” a million times before, but if you still aren’t exactly …

With that out of the way, here are your top five, in no particular order:

VeraCrypt (Windows/OS X/Linux)

Advertisement

VeraCrypt is a fork of and a successor to TrueCrypt, which ceased development last year (more on them later.) The development team claims they've addressed some of the issues that were raised during TrueCrypt's initial security audit, and like the original, it's free, with versions available for Windows, OS X, and Linux. If you're looking for a file encryption tool that works like and reminds you of TrueCrypt but isn't exactly TrueCrypt, this is it. VeraCrypt supports AES (the most commonly used), TwoFish, and Serpent encryption ciphers, supports the creation of hidden, encrypted volumes within other volumes. Its code is available to review, although it's not strictly open source (because so much of its codebase came from TrueCrypt.) The tool is also under constant development, with regular security updates and an independent audit in the planning stages (according to the developers.)

Those of you who nominated VeraCrypt praised it for being an on-the-fly encryption tool, as in your files are only decrypted when they're needed and they're encrypted at rest at all other times, and most notably for being the spiritual (if not almost literal) successor to TrueCrypt. Many of you praised them for being a strong tool that's simple to use and to the point, even if it's lacking a good-looking interface or tons of bells and whistles. You also noted that VeraCrypt may not support TrueCrypt files and containers, but can convert them to its own format, which makes moving to it easy. You can read more in its nomination thread here.

Advertisement

AxCrypt (Windows)

Advertisement

AxCrypt is a free, open source, GNU GPL-licensed encryption tool for Windows that prides itself on being simple, efficient, and easy to use. It integrates nicely with the Windows shell, so you can right-click a file to encrypt it, or even configure 'timed,' executable encryptions, so the file is locked down for a specific period of time and will self-decrypt later, or when its intended recipient gets it. Files with AxCrypt can be decrypted on demand or kept decrypted while they're in use, and then automatically re-encrypted when they're modified or closed. It's fast, too, and allows you to select an entire folder or just a large group of files and encrypt them all with a single click. It's entirely a file encryption tool however, meaning creating encrypted volumes or drives is out of its capabilities. It supports 128-bit AES encryption only, offers protection against brute force cracking attempts, and is exceptionally lightweight (less than 1MB.)

Those of you who nominated AxCrypt noted that it's really easy to use and easy to integrate into your workflow, thanks to its shell support. If you're eager for more options, it also has a ton of command line options, so you can fire up the command prompt in Windows and perform more complex actions—or multiple actions at once. It may not support the strongest or most varied encryption methods available, but if you're looking to keep your data safe from most threats, it's a simple tool that can lend a little security that your data—like files stored in the cloud on Dropbox or iCloud, for example—are secure and convenient to access at the same time. You can read more in this nomination thread here and here.

Advertisement

BitLocker (Windows)

Advertisement

BitLocker is a full-disk encryption tool built in to Windows Vista and Windows 7 (Ultimate and Enterprise), and into Windows 8 (Pro and Enterprise), as well as Windows Server (2008 and later). It supports AES (128 and 256-bit) encryption, and while it's primarily used for whole-disk encryption, it also supports encrypting other volumes or a virtual drive that can be opened and accessed like any other drive on your computer. It supports multiple authentication mechanisms, including traditional password and PINs, a USB 'key,' and the more controversial Trusted Platform Module (TPM) technology (that uses hardware to integrate keys into devices) that makes encryption and decryption transparent to the user but also comes with a host of its own issues. Either way, BitLocker's integration with Windows (specifically Windows 8 Pro) makes it accessible to many people, and a viable disk encryption tool for individuals looking to protect their data if their laptop or hard drives are lost or stolen, in case their computers are compromised, or a business looking to secure data in the field.

Of course, it goes without saying that BitLocker was a contentious nomination. More than a few of you touted BitLocker's accessibility and ease of use, and many of you even praised its encryption for being strong and difficult to crack. Many of you noted that you switched to BitLocker after the developers of TrueCrypt suggested it. Others, however, brought up the assertion made from privacy advocates that BitLocker is compromised and has backdoors in place for government security agencies (from multiple countries) to decrypt your data. While Microsoft has officially said this isn't true and maintains there's no backdoor in BitLocker (while simultaneously maintaining the code as closed source—but available to review by its partners, which include those agencies), the assertion is enough to make more than a few of you shy away. You can read more about the criticism and controversy at the Wikipedia link above, or in the nomination thread here.

Advertisement

GNU Privacy Guard (Windows/OS X/Linux)

Advertisement

GNU Privacy Guard (GnuPG) is actually an open-source implementation of Pretty Good Privacy (PGP). While you can install the command line version on some operating systems, most people choose from the dozens of frontends and graphical interfaces for it, including the official releases that can encrypt everything from email to ordinary files to entire volumes. All GnuPG tools support multiple encryption types and ciphers, and generally are capable of encrypting individual files one at a time, disk images and volumes, or external drives and connected media. A few of you nominated specific GnuPG front-ends in various threads, like the Windows Gpg4Win, which uses Kleopatra as a certificate manager.

Those of you who nominated GnuPG praised it for being open-source and accessible through dozens of different clients and tools, all of which can offer file encryption as well as other forms of encryption, like robust email encryption for example. The key, however, is finding a front-end or a client that does what you need it to do and works well with your workflow. The screenshot above was taken using GPGTools, an all-in-one GnuPG solution that offers keychain management as well as file, email, and disk encryption for OS X. You can read more in its nomination thread here.

Advertisement

How to Encrypt Your Email and Keep Your Conversations Private

Between constant password breaches and the NSA looking in on everything you do, you've…

7-Zip (Windows/OS X/Linux)

Advertisement

7-Zip is actually a lightweight file archiver—and our favorite archive utility for Windows. Even though it's amazing at compressing and organizing files for easy storage or sending over the internet, it's also a strong file encryption tool, and is capable of turning individual files or entire volumes into encrypted volumes that only your have the keys to. It's completely free, even for commercial use, supports 256-bit AES encryption, and while the official download is Windows only, there are unofficial builds for Linux and OS X systems as well. Most of 7-Zip's code is GNU LGPL licensed and open to review. Compressed and encrypted .7z (or .zip, if you prefer) archives are easily portable and secure, and can be encrypted with passwords and turned into executables that will self-decrypt when they get to their intended recipient. 7-Zip also integrates with the shell of the operating system you're using, making it usually a click away from use. It's also a powerful command line utility.

The Best File Archive Utility for Windows

Windows has a number of good file archiving and unarchiving utilities, and which one you use…

Advertisement

Those of you who nominated it noted that it may not have the most robust user interface, but it gets the job done, and many of you have it installed anyway specifically for its robust file compression and decompression capabilities. You noted it's fast, flexible, free, and easy to use, and while it may not be the fastest file encryption tool (and it's not capable of whole volume or disk encryption), it gets the job done—especially for encrypting files you need to send to someone else and actually have them be able to access without jumping through too many hoops. Some of you noted that 7-Zip's encrypted volumes are flexible—perhaps too flexible, since new files added to an encrypted archive aren't encrypted (you'd have to extract them all and make a new archive for that), but it's otherwise a minor ding. You can read more in its nomination thread here.

Now that you've seen the top five, it's time to put them to an all-out vote to determine the community favorite.

Advertisement

Honorable Mentions

We have two honorable mentions this week. First and foremost is Disk Utility (OS X), which is bundled with OS X as a disk repair and management tool. Disk Utility can also encrypt drives and volumes, and since OS X can create a compressed volume just by right-clicking a file, series of files, or a folder and selecting 'Compress,' Disk Utility makes encrypting anything you want extremely easy. Plus, it's built in to OS X, so you don't need to install anything else. You can read more about it in its nomination thread here.

Mcafee Safeboot

Advertisement

Second, we should tip our hats to the venerable old TrueCrypt, our old champion, which actually earned a number of nominations in the call for contenders thread. We covered the meltdown of TrueCrypt when it happened, with the developers abruptly abandoning the project claiming that it's no longer secure, in the middle of their independent security audit. The developers suggested switching to BitLocker, and pushed out a new version that's widely considered compromised. However, the older version, 7.1a, is still widely regarded as safe, even though development on it has been abandoned, and the tool has been left without security updates since then. Even so, security analysts split on whether you should trust TrueCrypt or move on to another encryption utility. Many people stand by it even though it's a dead project, others have built their own projects on top of it (see VeraCrypt, mentioned earlier), and others keep using the last safe version. We can't recommend TrueCrypt anymore ourselves, but you can read more in its nomination thread here, and over at Steve Gibson's page dedicated to TrueCrypt here.

TrueCrypt's Web Site Updates with Ominous Warning, Details Unknown

TrueCrypt, one of our favorite file encryption tools, has abruptly changed its homepage to a…

Advertisement

Have something to say about one of the contenders? Want to make the case for your personal favorite, even if it wasn't included in the list? Remember, the top five are based on your most popular nominations from the call for contenders thread from earlier in the week. Don't just complain about the top five, let us know what your preferred alternative is—and make your case for it—in the discussions below.

The Hive Five is based on reader nominations. As with most Hive Five posts, if your favorite was left out, it didn't get the nominations required in the call for contenders post to make the top five. We understand it's a bit of a popularity contest. Have a suggestion for the Hive Five? Send us an email at tips+hivefive@lifehacker.com!

Advertisement

Title photo by andrey_l (Shutterstock).

Mcafee Disk Encryption Vs Bitlocker

This is a technical feature comparison of different disk encryption software.

Background information[edit]

Operating systems[edit]

Features[edit]

• Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established)^[60] can be created for deniable encryption. Note that some modes of operation like CBC with a plain IV can be more prone to watermarking attacks than others.
• Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk.
• Single sign-on: Whether credentials provided during pre-boot authentication will automatically log the user into the host operating system, thus preventing password fatigue and reducing the need to remember multiple passwords.
• Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications.^{[clarification needed]}
• Multiple keys: Whether an encrypted volume can have more than one active key.
• Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2.
• Hardware acceleration: Whether dedicated cryptographic accelerator expansion cards can be taken advantage of.
• Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor.
• Filesystems: What filesystems are supported.
• Two-factor authentication: Whether optional security tokens (hardware security modules, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11)

1. ^Windows 7 introduces Bitlocker-To-Go which supports NTFS, FAT32 or exFAT, however for hard drive encryption, Windows Vista and later are limited to be installable only on NTFS volumes
2. ^BitLocker can be used with a TPM PIN + external USB key for two-factor authentication
3. ^An external tool can be used to read the key from the TPM and then have the key passed on to dm-crypt/LUKS via the standard input
4. ^The current situation around TrueCrypt project is controversial. On 28.05.2014 after many years of development and broad usage the open-source (although anonymous) project was suddenly stopped, and all previous official materials and complete (encrypt/decrypt) binaries were withdrawn from its website citing some 'unfixed security issues' and Windows XP end of support. The technical information herein is valid only for previous versions of TrueCrypt (v7.1a and some earlier). The latest available version (v7.2) is decrypt only, its authenticity and actual reasons behind the move are unclear, and its usage is not recommended. http://www.zdnet.com/truecrypt-quits-inexplicable-7000029994/

Layering[edit]

• Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to pre-boot authentication in the features comparison table.
• Partition: Whether individual disk partitions can be encrypted.
• File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices).
• Swap space: Whether the swap space (called a 'pagefile' on Windows) can be encrypted individually/explicitly.
• Hibernation file: Whether the hibernation file is encrypted (if hibernation is supported).

Safe Boot Encryption

Modes of operation[edit]

Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.

• CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks.
• CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
• CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details)
• LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.^[126]
• XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWG (IEEE P1619) standard for disk encryption.
• Authenticated encryption: Protection against ciphertext modification by an attacker

See also[edit]

Notes and references[edit]

1. ^'Jetico Mission'. Jetico. Retrieved 2014-05-30.
2. ^'Keyparc - Free Encryption for Everyone'. Bloombase. Retrieved 2014-11-28.
3. ^Roland Dowdeswell (2002-10-04). 'CryptoGraphic Disk'. mailing list announcement. Retrieved 2007-01-14.
4. ^'Protect guards laptop and desktop data'. Archived from the original on March 2, 2005. Retrieved 2008-09-03.
5. ^Company and product name change to Pointsec 'Protect Data Security Inc. changes name to Pointsec Mobile Technologies Inc'. Archived from the original on 2004-08-20. Retrieved 2008-09-03.
6. ^'Check Point Completes the Offer for Protect Data with Substantial Acceptance of 87.1 Percent'. Archived from the original on 2008-08-20. Retrieved 2008-09-03.
7. ^Niklas Lemcke (2014-12-15). 'Pre-Alpha testing started'. Retrieved 2014-12-24.
8. ^'TrueCrypt License Version 3.0'. TrueCrypt Foundation. 2012-02-07. Retrieved 2014-12-24.
9. ^Sarah Dean (2004-02-10). 'OTFEDB entry'. Archived from the original on 2008-12-11. Retrieved 2008-08-10.
10. ^Initial cryptoloop patches for the Linux 2.5 development kernel: 'Archived copy'. Archived from the original on 2005-01-10. Retrieved 2006-12-24.CS1 maint: Archived copy as title (link)
11. ^dm-crypt was first included in Linux kernel version 2.6.4: https://lwn.net/Articles/75404/
12. ^Clemens Fruhwirth. 'LUKS version history'. Archived from the original on 2006-12-25. Retrieved 2006-12-24.
13. ^SecurStar GmbH. 'DriveCrypt v5.8 Released'. Archived from the original on 2015-10-27. Retrieved 2015-10-26.
14. ^'archived E4M documentation'. Archived from the original on 2000-05-24.
15. ^'eCryptfs'. Retrieved 2008-04-29.
16. ^Valient Gough (2003). 'EncFS - an Encrypted Filesystem'. README.md file. Retrieved 2007-01-14.
17. ^'FreeOTFE version history'. Archived from the original on 2006-12-07. Retrieved 2006-12-24.
18. ^'gbde(4) man page in FreeBSD 4.11'. GBDE manual page as it appeared in FreeBSD 4.11. Retrieved 2006-12-24.
19. ^'geli(8) man page in FreeBSD 6.0'. GELI manual page as it first appeared in FreeBSD 6.0. Retrieved 2006-12-24.
20. ^Release Notes. GnuPG
21. ^'gocryptfs changelog on github'. Retrieved 2018-01-16.
22. ^https://github.com/t-d-k/LibreCrypt/commit/a395620545beff7736427dfc3b508b4f67609396. Retrieved 2015-09-14.Missing or empty |title= (help)
23. ^'McAfee Drive Encryption'. product description. McAfee. Retrieved 2019-07-31.
24. ^'PGP 6.0 Freeware released- any int'l links?'. Newsgroup: comp.security.pgp. Usenet:6sh4vm$jbf$1@news.cybercity.dk. Retrieved 2007-01-04.
25. ^'Dekart Encryption software timeline'. Dekart.
26. ^'SafeGuard Easy 4.5 Technical Whitepaper'(PDF). Utimaco. Retrieved 2009-08-10.
27. ^'SafeGuard Enterprise Technical Whitepaper'(PDF). Utimaco. Retrieved 2009-08-10.
28. ^Rebranded as ThinkVantage Client Security 'ThinkVantage Technologies Deployment Guide'(PDF). Lenovo. Retrieved 2008-03-05.^{[permanent dead link]}
29. ^'ScramDisk 4 Linux Releases'.
30. ^'Sentry 2020 news'. Retrieved 2007-01-02.
31. ^'OpenBSD 4.2 Changelog'.
32. ^'OpenBSD 2.8 Changelog'.
33. ^'bwalex/tc-play'. 2019-08-27.
34. ^Trend Micro
35. ^'Mobile Armor: Your Data.Secure. Everywhere'. 4 September 2004. Archived from the original on 4 September 2004.
36. ^'TrueCrypt'.
37. ^'TrueCrypt License Version 3.1'. TrueCrypt Foundation. 2014-05-28. Retrieved 2014-05-29.
38. ^'VeraCrypt'.
39. ^'Apache License 2.0'. IDRIX. 2015-06-28. Retrieved 2015-08-08.
40. ^'Whole Hard Disk Encryption Software - BestCrypt Volume Encryption - Jetico Inc. Oy'.
41. ^ ^ab[1] FUSE driver to read/write Windows BitLocker-ed volumes under Linux / Mac OSX
42. ^'Archived copy'(PDF). Archived from the original(PDF) on 2015-09-23. Retrieved 2014-12-14.CS1 maint: Archived copy as title (link)
43. ^[2] Although CipherShed can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when CipherShed is attempted to be used
44. ^ ^ab[3] Third party app allows to open containers encryptes with AES-256, SHA-512 hash and FAT file system
45. ^CrossCrypt - Only for the Microsoft Windows XP/2000 operating systems
46. ^[4] PocketPC freeware release- SmartPhone beta available
47. ^ ^abc[5] FreeOTFE supports cryptoloop, dm-crypt/cryptsetup/dmsetup, and dm-crypt/LUKS volumes
48. ^'Cryptomator - Free Cloud Encryption'.
49. ^[6] FreeOTFE4PDA supports dm-crypt/LUKS volumes
50. ^ ^ab'Safe - Protect Your Files'.
51. ^ ^ab'Boxcryptor - Encryption for cloud storage - Window, Mac, Android, iOS'.
52. ^[7] libfvde supports reading FileVault2 Drive Encryption (FVDE) encrypted volumes
53. ^[8] Supports Linux volumes
54. ^[9] Supports Linux volumes
55. ^[10] Third party app allows a user to open LibreCrypt compatible LUKS containers
56. ^'Endpoint Encryption Datasheet'. McAfee. Retrieved 2010-06-14.
57. ^'Endpoint Encryption Powered by PGP Technology - Symantec'.
58. ^[11] Although TrueCrypt can be built under FreeBSD, it is not recommended to run it because of bugs and instabilities when TrueCrypt is attempted to be used
59. ^[12] Third party app allows to encrypt and decrypt VeraCrypt containers (only available in the paid version)
60. ^[13] Hidden containers description from Jetico (BestCrypt)
61. ^ ^abcSecret-containers and Camouflage files ArchiCrypt Live Description
62. ^Supports 'Guest' keys
63. ^Using 'Archicrypt Card'
64. ^Supported by the BestCrypt container format; see BestCrypt SDK
65. ^Supported by the BestCrypt Volume Encryption software
66. ^With PIN or USB key
67. ^BitLocker Drive Encryption: Value Add Extensibility Options
68. ^ ^ab'BitLocker Drive Encryption Technical Overview'. Microsoft. Archived from the original on 2008-02-24. Retrieved 2008-03-13.
69. ^Recovery keys only.
70. ^ ^abcdRoland C. Dowdeswell, John Ioannidis. 'The CryptoGraphic Disk Driver'(PDF). CGD Design Paper. Retrieved 2006-12-24.
71. ^Federico Biancuzzi (2005-12-21). 'Inside NetBSD's CGD'. interview with Roland Dowdeswell. ONLamp.com. Retrieved 2006-12-24.
72. ^'Operating Systems Supported for System Encryption'(PDF). CipherShed Documentation. CipherShed Project. Retrieved 2014-12-27.
73. ^Although each volume encrypted with CipherShed can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (cf. TrueCrypt FAQ: Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?)
74. ^ ^ab'Keyfiles'. TrueCrypt Documentation. TrueCrypt Foundation. Retrieved 2014-05-28.
75. ^ ^ab'Some encryption programs use TPM to prevent attacks. Will TrueCrypt use it too?'. TrueCrypt FAQ. TrueCrypt Foundation. Archived from the original on 2013-04-16. Retrieved 2014-05-28.
76. ^ ^ab'Future'. TrueCrypt Foundation. Retrieved 2014-05-24.^{[permanent dead link]}
77. ^'CryFS: How it works'. Retrieved 2016-09-23.
78. ^ ^abcdm-crypt and cryptoloop volumes can be mounted from the initrd before the system is booted
79. ^ ^ab'DiskCryptor Features'. Archived from the original on 2010-05-29. Retrieved 2010-05-25.
80. ^ ^ab'DISK Protect Data Sheet'(PDF). Retrieved 2018-12-02.
81. ^'cryptsetup Frequently Asked Questions'. Retrieved 2016-01-07.
82. ^ ^abc'DriveCrypt features'. SecurStar GmbH. Retrieved 2007-01-03.
83. ^ ^ab'Multi level access with separate access credentials, each enabling a different set of functional or logical operations'. EISST Ltd. Retrieved 2007-07-25.
84. ^uses the lower filesystem (stacking)
85. ^ ^ab'Intel Advanced Encryption Standard (AES) Instructions Set - Rev 3'. Intel. Retrieved 2012-07-26.
86. ^ ^abcdeJacob Appelbaum, Ralf-Philipp Weinmann (2006-12-29). 'Unlocking FileVault: An Analysis of Apple's disk encryption'(PDF). Retrieved 2012-01-03.
87. ^ ^ab'Mac OS X 10.7 Lion: the Ars Technica review'. Ars Technica. 2011-07-20. Retrieved 2012-01-03.
88. ^FreeOTFE has a modular architecture and set of components to allow 3rd party integration
89. ^FreeOTFE allows multiple keys to mount the same container file via encrypted keyfiles
90. ^ ^abcd'FreeBSD Handbook: Encrypting Disk Partitions'. Retrieved 2006-12-24.
91. ^ ^abcPoul-Henning Kamp. 'GBDE - GEOM Based Disk Encryption'(PDF). GBDE Design Document. Retrieved 2006-12-24.
92. ^ ^ab'geli(8) man page in FreeBSD-current'. GELI manual page in current FreeBSD. Retrieved 2006-12-24.
93. ^ ^abcdefghijkJari Ruusu. 'loop-AES README file'. Retrieved 2007-04-23.
94. ^Using customization
95. ^'McAfee Endpoint Encryption'(PDF). McAfee. Archived from the original(PDF) on 2010-12-17. Retrieved 2012-07-26.
96. ^n-Crypt Pro does not use password authentication— biometric/USB dongle authentication only
97. ^'PGP Whole Disk Encryption FAQ'. PGP Corporation. Retrieved 2006-12-24.
98. ^PGP private keys are always protected by strengthened passphrases
99. ^ ^ab'Embedded Security: Trusted Platform Module Technology Comes of Age'. Utimaco. Archived from the original on 2006-08-23. Retrieved 2008-03-04.
100. ^'ThinkVantage Technologies Deployment Guide'(PDF). Lenovo. Retrieved 2008-03-05.
101. ^ ^abFor Truecrypt containers
102. ^ ^ab'SecureDoc Product Information'. WinMagic Inc. Archived from the original on 2008-03-13. Retrieved 2008-03-05.
103. ^optional by using -K OpenBSD Manual Pages: vnconfig(8)
104. ^'Endpoint Encryption'.
105. ^'Solutions for Solid-State Drives (SSD) - Endpoint Encryption'. Archived from the original on 2014-11-29. Retrieved 2014-11-17.
106. ^'Support for smart card readers - Endpoint Encryption'.
107. ^ ^abc'Operating Systems Supported for System Encryption'. TrueCrypt Documentation. TrueCrypt Foundation. Archived from the original on 2013-01-08. Retrieved 2014-05-28.
108. ^Although each volume encrypted with TrueCrypt can only have one active master key, it is possible to access its contents through more than one header. Each header can have a different password and/or keyfiles if any (cf. TrueCrypt FAQ: Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?)
109. ^'Operating Systems Supported for System Encryption'. VeraCrypt Documentation. IDRIX. Retrieved 2017-10-11.
110. ^'Whole Hard Disk Encryption Software - BestCrypt Volume Encryption - Jetico Inc. Oy'. Archived from the original on 2009-08-29. Retrieved 2009-09-17.
111. ^Within a VHD http://www.howtogeek.com/193013/how-to-create-an-encrypted-container-file-with-bitlocker-on-windows/
112. ^dm-crypt can encrypt a file-based volume when used with the losetup utility included with all major Linux distributions
113. ^yes, but the user needs custom scripts: http://www.linuxquestions.org/questions/slackware-14/luks-encryption-swap-and-hibernate-627958/
114. ^Uses proprietary e-Capsule file system not exposed to the OS.
115. ^ ^abnot technically part of FileVault, but provided by many versions of Mac OS X; can be enabled independently of FileVault
116. ^http://macmarshal.com/images/Documents/mm_wp_102.pdf^{[permanent dead link]}
117. ^'Use FileVault to encrypt the startup disk on your Mac'.
118. ^ ^abFile-based volume encryption is possible when used with mdconfig(8) utility.
119. ^'Control Break International Debuts SafeBoot Version 4.27'. September 2004. Retrieved 2015-03-05.
120. ^http://www.openbsd.org/plus38.html OpenBSD 3.8 change notes
121. ^however, not Windows UEFI-based computers with a GUID partition table (GPT)
122. ^LRW_issue
123. ^Containers created with ArchiCrypt Live version 5 use LRW
124. ^'New features in BestCrypt version 8'. Jetico. Archived from the original on 2007-02-04. Retrieved 2007-03-02.
125. ^'New features in version 2'. Jetico. Archived from the original on 2008-09-05. Retrieved 2009-03-01.
126. ^ ^abNiels Fergusson (August 2006). 'AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista'(PDF). Microsoft. Retrieved 2008-02-22.
127. ^'man 4 cgd in NetBSD-current'. NetBSD current manual page on CGD. 2006-03-11. Retrieved 2006-12-24.
128. ^ ^abContainers created with TrueCrypt versions 1.0 through 4.0 use CBC.
129. ^ ^abContainers created with TrueCrypt versions 4.1 through 4.3a use LRW, and support CBC for opening legacy containers only.
130. ^Containers created with CipherShed or TrueCrypt versions 5.0+ use XTS, and support LRW/CBC for opening legacy containers only.
131. ^Starting with Linux kernel version 2.6.20, CryptoAPI supports the LRW mode: https://lwn.net/Articles/213650/
132. ^'cryptsetup - manage plain dm-crypt and LUKS encrypted volumes'. 2018-01-01. Retrieved 2018-05-08.
133. ^'OS X Lion: About FileVault 2'. Retrieved 2011-01-03.
134. ^'Linux/BSD disk encryption comparison'. Archived from the original on 2007-06-29. Retrieved 2006-12-24.
135. ^For Scramdisk containers
136. ^For Truecrypt 4 containers
137. ^For Truecrypt 5 and 6 containers
138. ^''CVS: cvs.openbsd.org: src' - MARC'.
139. ^Containers created with TrueCrypt versions 5.0 or later use XTS, and support LRW/CBC for opening legacy containers only.

External links[edit]

• DiskCryptor vs Truecrypt - Comparison in between DiskCryptor and Truecrypt
• Buyer's Guide to Full Disk Encryption - Overview of full-disk encryption, how it works, and how it differs from file-level encryption—plus an overview of leading full-disk encryption software.