This is the
talk page for discussing improvements to the
Comparison of disk encryption software article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||
|
Despite its considerable length, this article appears to be missing the most widely used contemporary disk encryption tools, including iOS device encryption, iCloud Keychain, and the Android built-in device encryption before and after changes in Android 5.0. Will try to downgrade quality from B to C until these are covered. -- pde ( talk) 18:55, 10 April 2015 (UTC)
I don't think using the term plain CBC without explanation is a good idea. Normally CBC implies the IV is random. To the best of my knowledge no storage encryption does exactly that. I think storage encryption is the only area where this reduced security variant of CBC is being used. People who knows CBC, but does not know storage encrytion, should be able to read the article and understand that the mode differs from real CBC. Kasperd 07:52, 27 December 2006 (UTC)
I have had a look at this table and I think that a slight restructuring of the terms would help us communicate the important information in a more clear manner. There are 3 CBC modes listed and in reality there are many distinct variants of CBC based on how it was decided to generate the initialization vector. I propose that we cut the table up with columns: CBC, insecure IV, secure IV, random keys, LRW. I'll take a stab at it, now. Elric imrryr.org 21:06, 15 January 2007 (UTC)
Currently I only know of GBDE using per sector keys. Calling these pseudorandom might not be accurate enough. Two different keys are used for each sector. One key is used for encrypting the actual data, this key is generated every time the sector is written. There is nothing inherent in the GBDE design requiring these keys to be pseudorandom. On hardware supporting it, they could be truly random bits, which would also be the most secure. The one time key used fot the data is then encrypted under a per sector pseudorandom key, which remains fixed for the life time of the container. Kasperd 08:08, 27 December 2006 (UTC)
There's also the fact that the pseudo-random keys are used in conjuction with a zero IV CBC mode that should be properly communicated by the table. Given that the per-sector keys are pseudo-random, one doesn't actually need to bother with an IV (which is why I put N/A in the column about secure IV's for GBDE.) Elric imrryr.org 21:41, 15 January 2007 (UTC)
Does anyone have ideas about how to sort the table entries? When I initially wrote the article, I figured that ordering by date might be a good idea since it gives at least some visual information, and has a precedent on comparison of file systems; however, I'm not too sure about that now, as exact release dates are not very easy to find for some software and tend to be ambiguous. Ideas? -- intgr 07:17, 2 January 2007 (UTC)
It would be nice to add some information if the encryption setup is tied to passwords only, or if other forms can be used as well, for example smart cards. But I don't have much clue about that - except that dm-crypt/LUKS doesn't allow smart cards, while using dm-crypt plain (shell script to set up the table via dmsetup) can be easily tied to smart cards e.g. with opensc. (Comment by Andreas Jellinghaus, opensc co-developer and smart card fan :). — Preceding unsigned comment added by 212.202.71.136 ( talk)
luksOpen <device> <name>
opens the LUKS partition <device> and sets up a mapping
<name> after successful verification of the supplied key
material (either via key file by --key-file, or via
prompting). <options> can be [--key-file, --readonly].
loop-AES < http://loop-aes.sf.net> is missing, please whoever has the knowlegde about it please include. — Preceding unsigned comment added by 84.176.118.76 ( talk)
other important crypt software that is missed in this comparision is CompuSEC (freeware) http://en.wikipedia.org/?title=Talk:Comparison_of_disk_encryption_software&action=edit§ion=5
Check Point products are missing: http://www.checkpoint.com/products/datasecurity/pc/index.html http://www.checkpoint.com/products/datasecurity/protector/index.html ( 80.221.7.180 ( talk) 00:51, 15 July 2008 (UTC))
I worked on one of the first mainstream commercail ones (or so I thought): Norton Disklock. Not apply? — Preceding
unsigned comment added by
99.14.204.242 (
talk) 02:12, 21 July 2011 (UTC)
I would like to add several new entries to the comparison table: Private Disk [2], and Private Disk Multifactor [3]
Both programs provide options that are not available elsewhere, for instance:
If I add these new columns to the table, then most of the other entries will have a 'no' or '?' in the respective cell of the grid. There are multiple unique features, such as "Autorun", "Autofinish", "Password quality meter" etc - so the table will not look properly.
What is the standard procedure to deal with this? Perhaps a generic "additional features" column should be added, which would contain a list of comma-separated entries?
Here is a quick list of yes/no features that are specific to programs discussed here, yet are not reflected by the current tables:
Gr8dude 09:19, 27 March 2007 (UTC)
The "modes of operation" table has been converted from a yes/no grid to a flat list in this edit; however, I think it dramatically reduces the readability and overview of the table. The edit comment states "Made the Modes of Operation chart more scalable (if a product supports 100 modes, there needs to be 100 columns, which is impractical)."; however, I don't think that's going to happen soon. If we ever do find such a product, I would rather decide then, and not hinder readability now.
In another edit, the previous column headers are removed, pointing to the modes of operation article. While indeed we cannot explain the values in depth on this article, I'd think that a brief explanation of what the values mean is very important for reference, just like all other tables have a column key.
I would like to revert both of these edits. I note that these edits were made to accommodate the addition of the CFB mode of operation whose properties are equivalent to CBC for the purposes of disk encryption; given this, I think we can put them both under a common column, the question relevant to disk encryption is whether PGPDisk uses public or private IVs -- e.g., whether it's susceptible to watermarking attacks. Can we come up with a good column title that would describe both CBC and CFB (and preferably also other "classic" modes)? -- intgr #%@! 22:43, 19 August 2007 (UTC)
I just switched to EncFS from loobback, has the great advantage of not having to preallocate space for encrypted partition. http://arg0.net/wiki/encfs —Preceding unsigned comment added by Savuporo ( talk • contribs) 07:44, 10 September 2007 (UTC)
FYI--TrueCrypt now apparently supports encryption of the hibernation file. http://www.truecrypt.org/docs/?s=version-history 134.253.26.11 ( talk) 13:15, 6 May 2008 (UTC)
The table says TrueCrypt supports "CBC w/ secret IVs". But the IVs used by TrueCrypt are not really secret. They are computed by XORing a single secret value with the sector number. That means the difference between two IVs is known to an adversary. That will give you all the weaknesses of public IVs. So TrueCrypt is better described as having "CBC w/ public IVs". (I don't know if the same applies to any of the other encryptions listed as having secret IVs). Kasperd 20:35, 2 October 2007 (UTC)
DragonFlyBSD now has a fully bsd-licensed Truecrypt implementation:
http://leaf.dragonflybsd.org/mailarchive/kernel/2011-07/msg00028.html Can you update thst in the tables? — Preceding
unsigned comment added by
130.243.230.189 (
talk) 14:37, 15 August 2011 (UTC)
I can't find any information about that TrueCrypt's license version 3.0 is considered open source or free software, as it's not listed on http://opensource.org/licenses/alphabetical nor http://www.gnu.org/licenses/license-list.html#SoftwareLicenses. It is listed under BAD licenses on Fedoras site, https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Bad_Licenses, and listed as proprietary on it's Wikipedia page, http://en.wikipedia.org/wiki/TrueCrypt. Shouldn't TrueCrypt be marked proprietary? -- Exry 00:28, 26 November 2012
Is it possible to add information about supported OS and Hardware-RAID? 12:12, 12 October 2007 (UTC)
I've just changed the "layering" section entries for "AlertBoot Full Disk Encryption" to reflect that it's not clear what it does.
From their WWW site, it's not actually possible to determine conclusively what this program offers technically. From it's name and description, it seems like a pretty fair bet it's a full disk encryption system - but as for file and partition encryption? Not certain. It suggests it may offer a file based system via operation as SAN, but it's not clear how.
Please note: This product hasn't been launched yet! I'd suggest leaving the change I've put in place in place until it's released (apparently planned for sometime in Feb 2008). Better still, remove AlertBoot from the comparison completely; there's no reason to suggest it's in any way notable. Hell - they haven't even finished it yet! IMHO, its entry here just looks like spam Nuwewsco ( talk) 22:17, 3 January 2008 (UTC)
Alertboot is an ASP offering of the SafeBoot Device Encryption platform. SafeBoot ( talk) 16:34, 7 August 2008 (UTC)
Whats the diff beteween "activly developed" and "maintained"? XFireRaidX ( talk) 02:31, 12 January 2008 (UTC)
None of these columns compare the portability of this software. This is one of the most important functions for a traveler. I know TrueCrypt is portable so long as you have admin rights on the windows host computer, its also portable under linux if the kernel is correctly installed. I have no idea on others. —Preceding unsigned comment added by Porco-esphino ( talk • contribs) 05:44, 4 March 2008 (UTC)
How does one boot a system that allegedly does whole disk encryption - off an external USB device? Or is this a false claim by various products? Socrates2008 ( Talk) 11:48, 14 March 2008 (UTC)
Whole Disk, or Full Disk products usually interleave a micro OS somewhere on the user disk which becomes the boot environment – after successfully authenticating this then boots the real OS, decrypting the drive on the fly as needed. Some products (such as Bitlocker) require repartitioning of the drive to support the boot OS, others (like SafeBoot) interleave the pre-boot environment on the user disk without requiring any modifications. SafeBoot ( talk) 15:34, 12 August 2008 (UTC)
Some vendors are listed as supporting this feature. I seriously doubt however that Microsoft ever shared the internals of the boot process with any third parties to allow a machine running their encryption softwareto be resumed from hibernation when the hibneration file is encryted. In the best case scenario, the hibernation file is encrypted when going into standby, but the machine cannot resume from it. Please provide a reference if you think I'm wrong, or if this feature is supported under a non-Microsoft OS. Thanks Socrates2008 ( Talk) 12:00, 6 April 2008 (UTC)
Actually there is official support for encryption of the Hibernation file under Vista, and there are some official docs available under NDA (but actually technically incorrect). Though complex, it's possible to hook the hibernation stack under XP quite successfully, and in an absolutly guarenteed way which is resistant to any predicted Microsoft changes. SafeBoot ( talk) 16:38, 7 August 2008 (UTC)
SafeBoot ( talk) 15:11, 12 August 2008 (UTC) I appreciate that I am not impartial here, which is why I have kept my edits to fact only rather than promotion. I will as you suggest though add a reference to Hibernation support in the SafeBoot product (forgive me if I do it wrong). Re the official docs, Microsoft hold the keys to those and I cannot provide any evidence unfortunately. You should be comforted though to know that the leading commercial product vendors (McAfee, Checkpoint, Symantec) all provide protection during hibernation.
This article seems to confuse the two products. Also the OS support is out of date, but difficult to update as PGPDisk is bundled as part of other packages and is not a separate product. Socrates2008 ( Talk) 01:44, 24 April 2008 (UTC)
The comparison in the layering section is very misleading, as it's comparing software that protects physical disks, logical volumes (partitions) as well as software that creates new file-backed encrypted virtual volumes. Socrates2008 ( Talk) 01:44, 24 April 2008 (UTC)
Vendors of the software mentioned this article are encourage to note conflict of interest as well as suggestions for COI compliance. Socrates2008 ( Talk) 21:54, 18 September 2008 (UTC)
"Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly." What does this mean in English? Does it mean "Is the swap space encrypted?". If so, then it should be yes for freeCompusec. 75.91.99.108 ( talk) 03:03, 15 February 2009 (UTC)
Mobile Armor has a product called Data Armor that should be included perhaps?
-- Risacher ( talk) 20:52, 6 April 2009 (UTC)
I've done some work with evaluating encryption software, and it's very very frustrating how difficult it is to find out if tokens are actually supported. As for level of security, PKCS#11 would seem to be the only relevant standard, and then proper keys, not objects like those Truecrypt supports.
Truecrypt has for a long time now obfuscated that they do not in fact (correct me if I'm wrong) support non-stealable keys over PKCS#11, but still use those "keyfiles". At least partially defeating the main purpose of a token. I'd appreciate if someone with insight, possibly together with me, could help fix the matter at least in this table, to the very least with a footnote regarding Truecrypt token support.
Oh and PS, if someone could direct me to a simple and good software to do my file/archive encryption (not full disk) using PKCS#11 tokens, I'd be most grateful! :-D CarlJohanSveningsson ( talk) 12:51, 15 August 2011 (UTC)
There's no evidence I can find that this product exists, though the table lists it. Symantec's client compatibility page makes no mention of any OS X compatibility: http://www.symantec.com/products/sysreq.jsp?pcid=pcat_info_risk_comp&pvid=endpt_encryption_1 As such, I'm changing this to a "No". Edrarsoric ( talk) 03:07, 15 March 2012 (UTC)
It looks as Symantec have bought-out PGP.com, as PGP.com now redirects to Symantec. I'm going to go out on a limb and say that Symantec retired Endpoint Encryption for Mac and replaced it with PGP Whole Disk Encryption, as that _is_ Mac-compatible (though only to 10.6 ATM, according to the site). As such I've gone ahead and changed "PGP Whole Disk Encryption" to "PGP Whole Disk Encryption (Symantec)". Edrarsoric ( talk) 03:10, 15 March 2012 (UTC)
In the article clicking footnote 71 correctly goes to footnote 71. Clicking 74 incorrectly goes to 72.
And uses of footnotes 72 and 73 cannot be found in the article but do exist as footnotes. Ftgoodoa ( talk) 19:58, 3 May 2012 (UTC)
Many other footnotes seem to be incorrectly linked. There are 131 footnotes, but references to footnotes through 135. Specifically, it looks like references to 133, 134, and 135 should be to 129, 130, 131. Also, references to 123, 124, and 125 should be to 119, 120, and 121 respectively. 207.170.210.34 ( talk) 20:56, 6 January 2015 (UTC) xrc 6 Jan 2015
RedHat has RealCrypt. Search the web for it. — Preceding unsigned comment added by 89.235.246.98 ( talk) 15:18, 4 November 2012 (UTC)
'Yes' to what does not encrypt partition table. -- 211.127.228.179 ( talk) 13:52, 1 June 2014 (UTC)
Designed to look identical to Truecrypt. — Preceding unsigned comment added by Gary84 ( talk • contribs) 16:51, 26 July 2014 (UTC)
Can someone please update this article to add a reference to DoxBox ( https://t-d-k.github.io/doxbox/ ) which is a relaunch of FreeOTFE. I am the maintainer of DoxBox. — Preceding unsigned comment added by Squte ( talk • contribs) 00:01, 31 August 2014 (UTC)
I am changing the entry for freeotfe to say it supports hardere acceleration, the freeotfe manual says it uses libtomcrypt 1.17 and libtomcrypt says it uses hardware acceleration http://www.libtom.org/?page=changes — Preceding unsigned comment added by L33tgirl ( talk • contribs) 15:14, 20 September 2014 (UTC)
Hello fellow Wikipedians,
I have just added archive links to one external link on
Comparison of disk encryption software. Please take a moment to review
my edit. If necessary, add {{
cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{
nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true to let others know.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— cyberbot II Talk to my owner:Online 20:37, 18 January 2016 (UTC)
Since the fall of TrueCrypt, a project called TCnext was quick to claim themselves as a TrueCrypt alternative. Their website is truecrypt.ch. I visited this page to learn more but I see they are not mentioned. 67.0.34.219 ( talk) 23:06, 10 August 2016 (UTC)
From their site: We offer the product as is, and do not claim any rights to the name TrueCrypt or TrueCrypt.org – this is not a fork but the distribution of the product under Section II of the TrueCrypt license.
So why should they be added? 2A03:8600:1001:4013:0:0:0:100A ( talk) 17:15, 8 January 2017 (UTC)
DiskCryptor was last updated about 3 and a half years ago and their forum has gone dead silent. No response from anyone behind the project at all. Maybe it's time to change "Maintained: Yes" to "Maintained: No"? 2A03:8600:1001:4013:0:0:0:100A ( talk) 17:14, 8 January 2017 (UTC)
Hello fellow Wikipedians,
I have just modified 2 external links on Comparison of disk encryption software. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
{{
dead link}}
tag to
ftp://ftp.software.ibm.com/pc/pccbbs/thinkcentre_pdf/rr30mst.pdf{{
dead link}}
tag to
http://macmarshal.com/images/Documents/mm_wp_102.pdfWhen you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 16:57, 11 August 2017 (UTC)
Hello fellow Wikipedians,
I have just modified 7 external links on Comparison of disk encryption software. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
{{
dead link}}
tag to
http://www.becrypt.com/us/downloads/DISK%20Protect%204.2_US.pdfWhen you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 16:27, 20 September 2017 (UTC)
In the "features" section, maybe include a new feature in the table: in-RAM encryption of passwords/keys. This feature is supported in VeraCrypt. I believe other disk encryption software can avoid unencrypted passwords or keys in RAM, such as TRESOR. This feature could be called something like "cold boot mitigation" (link to cold boot attack page) or "encrypted passwords and keys in RAM". MetalFusion81 ( talk) 14:53, 11 January 2020 (UTC)
This should be set straight. -- Alexey Topol ( talk) 00:35, 28 July 2022 (UTC)
This is the
talk page for discussing improvements to the
Comparison of disk encryption software article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||
|
Despite its considerable length, this article appears to be missing the most widely used contemporary disk encryption tools, including iOS device encryption, iCloud Keychain, and the Android built-in device encryption before and after changes in Android 5.0. Will try to downgrade quality from B to C until these are covered. -- pde ( talk) 18:55, 10 April 2015 (UTC)
I don't think using the term plain CBC without explanation is a good idea. Normally CBC implies the IV is random. To the best of my knowledge no storage encryption does exactly that. I think storage encryption is the only area where this reduced security variant of CBC is being used. People who knows CBC, but does not know storage encrytion, should be able to read the article and understand that the mode differs from real CBC. Kasperd 07:52, 27 December 2006 (UTC)
I have had a look at this table and I think that a slight restructuring of the terms would help us communicate the important information in a more clear manner. There are 3 CBC modes listed and in reality there are many distinct variants of CBC based on how it was decided to generate the initialization vector. I propose that we cut the table up with columns: CBC, insecure IV, secure IV, random keys, LRW. I'll take a stab at it, now. Elric imrryr.org 21:06, 15 January 2007 (UTC)
Currently I only know of GBDE using per sector keys. Calling these pseudorandom might not be accurate enough. Two different keys are used for each sector. One key is used for encrypting the actual data, this key is generated every time the sector is written. There is nothing inherent in the GBDE design requiring these keys to be pseudorandom. On hardware supporting it, they could be truly random bits, which would also be the most secure. The one time key used fot the data is then encrypted under a per sector pseudorandom key, which remains fixed for the life time of the container. Kasperd 08:08, 27 December 2006 (UTC)
There's also the fact that the pseudo-random keys are used in conjuction with a zero IV CBC mode that should be properly communicated by the table. Given that the per-sector keys are pseudo-random, one doesn't actually need to bother with an IV (which is why I put N/A in the column about secure IV's for GBDE.) Elric imrryr.org 21:41, 15 January 2007 (UTC)
Does anyone have ideas about how to sort the table entries? When I initially wrote the article, I figured that ordering by date might be a good idea since it gives at least some visual information, and has a precedent on comparison of file systems; however, I'm not too sure about that now, as exact release dates are not very easy to find for some software and tend to be ambiguous. Ideas? -- intgr 07:17, 2 January 2007 (UTC)
It would be nice to add some information if the encryption setup is tied to passwords only, or if other forms can be used as well, for example smart cards. But I don't have much clue about that - except that dm-crypt/LUKS doesn't allow smart cards, while using dm-crypt plain (shell script to set up the table via dmsetup) can be easily tied to smart cards e.g. with opensc. (Comment by Andreas Jellinghaus, opensc co-developer and smart card fan :). — Preceding unsigned comment added by 212.202.71.136 ( talk)
luksOpen <device> <name>
opens the LUKS partition <device> and sets up a mapping
<name> after successful verification of the supplied key
material (either via key file by --key-file, or via
prompting). <options> can be [--key-file, --readonly].
loop-AES < http://loop-aes.sf.net> is missing, please whoever has the knowlegde about it please include. — Preceding unsigned comment added by 84.176.118.76 ( talk)
other important crypt software that is missed in this comparision is CompuSEC (freeware) http://en.wikipedia.org/?title=Talk:Comparison_of_disk_encryption_software&action=edit§ion=5
Check Point products are missing: http://www.checkpoint.com/products/datasecurity/pc/index.html http://www.checkpoint.com/products/datasecurity/protector/index.html ( 80.221.7.180 ( talk) 00:51, 15 July 2008 (UTC))
I worked on one of the first mainstream commercail ones (or so I thought): Norton Disklock. Not apply? — Preceding
unsigned comment added by
99.14.204.242 (
talk) 02:12, 21 July 2011 (UTC)
I would like to add several new entries to the comparison table: Private Disk [2], and Private Disk Multifactor [3]
Both programs provide options that are not available elsewhere, for instance:
If I add these new columns to the table, then most of the other entries will have a 'no' or '?' in the respective cell of the grid. There are multiple unique features, such as "Autorun", "Autofinish", "Password quality meter" etc - so the table will not look properly.
What is the standard procedure to deal with this? Perhaps a generic "additional features" column should be added, which would contain a list of comma-separated entries?
Here is a quick list of yes/no features that are specific to programs discussed here, yet are not reflected by the current tables:
Gr8dude 09:19, 27 March 2007 (UTC)
The "modes of operation" table has been converted from a yes/no grid to a flat list in this edit; however, I think it dramatically reduces the readability and overview of the table. The edit comment states "Made the Modes of Operation chart more scalable (if a product supports 100 modes, there needs to be 100 columns, which is impractical)."; however, I don't think that's going to happen soon. If we ever do find such a product, I would rather decide then, and not hinder readability now.
In another edit, the previous column headers are removed, pointing to the modes of operation article. While indeed we cannot explain the values in depth on this article, I'd think that a brief explanation of what the values mean is very important for reference, just like all other tables have a column key.
I would like to revert both of these edits. I note that these edits were made to accommodate the addition of the CFB mode of operation whose properties are equivalent to CBC for the purposes of disk encryption; given this, I think we can put them both under a common column, the question relevant to disk encryption is whether PGPDisk uses public or private IVs -- e.g., whether it's susceptible to watermarking attacks. Can we come up with a good column title that would describe both CBC and CFB (and preferably also other "classic" modes)? -- intgr #%@! 22:43, 19 August 2007 (UTC)
I just switched to EncFS from loobback, has the great advantage of not having to preallocate space for encrypted partition. http://arg0.net/wiki/encfs —Preceding unsigned comment added by Savuporo ( talk • contribs) 07:44, 10 September 2007 (UTC)
FYI--TrueCrypt now apparently supports encryption of the hibernation file. http://www.truecrypt.org/docs/?s=version-history 134.253.26.11 ( talk) 13:15, 6 May 2008 (UTC)
The table says TrueCrypt supports "CBC w/ secret IVs". But the IVs used by TrueCrypt are not really secret. They are computed by XORing a single secret value with the sector number. That means the difference between two IVs is known to an adversary. That will give you all the weaknesses of public IVs. So TrueCrypt is better described as having "CBC w/ public IVs". (I don't know if the same applies to any of the other encryptions listed as having secret IVs). Kasperd 20:35, 2 October 2007 (UTC)
DragonFlyBSD now has a fully bsd-licensed Truecrypt implementation:
http://leaf.dragonflybsd.org/mailarchive/kernel/2011-07/msg00028.html Can you update thst in the tables? — Preceding
unsigned comment added by
130.243.230.189 (
talk) 14:37, 15 August 2011 (UTC)
I can't find any information about that TrueCrypt's license version 3.0 is considered open source or free software, as it's not listed on http://opensource.org/licenses/alphabetical nor http://www.gnu.org/licenses/license-list.html#SoftwareLicenses. It is listed under BAD licenses on Fedoras site, https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Bad_Licenses, and listed as proprietary on it's Wikipedia page, http://en.wikipedia.org/wiki/TrueCrypt. Shouldn't TrueCrypt be marked proprietary? -- Exry 00:28, 26 November 2012
Is it possible to add information about supported OS and Hardware-RAID? 12:12, 12 October 2007 (UTC)
I've just changed the "layering" section entries for "AlertBoot Full Disk Encryption" to reflect that it's not clear what it does.
From their WWW site, it's not actually possible to determine conclusively what this program offers technically. From it's name and description, it seems like a pretty fair bet it's a full disk encryption system - but as for file and partition encryption? Not certain. It suggests it may offer a file based system via operation as SAN, but it's not clear how.
Please note: This product hasn't been launched yet! I'd suggest leaving the change I've put in place in place until it's released (apparently planned for sometime in Feb 2008). Better still, remove AlertBoot from the comparison completely; there's no reason to suggest it's in any way notable. Hell - they haven't even finished it yet! IMHO, its entry here just looks like spam Nuwewsco ( talk) 22:17, 3 January 2008 (UTC)
Alertboot is an ASP offering of the SafeBoot Device Encryption platform. SafeBoot ( talk) 16:34, 7 August 2008 (UTC)
Whats the diff beteween "activly developed" and "maintained"? XFireRaidX ( talk) 02:31, 12 January 2008 (UTC)
None of these columns compare the portability of this software. This is one of the most important functions for a traveler. I know TrueCrypt is portable so long as you have admin rights on the windows host computer, its also portable under linux if the kernel is correctly installed. I have no idea on others. —Preceding unsigned comment added by Porco-esphino ( talk • contribs) 05:44, 4 March 2008 (UTC)
How does one boot a system that allegedly does whole disk encryption - off an external USB device? Or is this a false claim by various products? Socrates2008 ( Talk) 11:48, 14 March 2008 (UTC)
Whole Disk, or Full Disk products usually interleave a micro OS somewhere on the user disk which becomes the boot environment – after successfully authenticating this then boots the real OS, decrypting the drive on the fly as needed. Some products (such as Bitlocker) require repartitioning of the drive to support the boot OS, others (like SafeBoot) interleave the pre-boot environment on the user disk without requiring any modifications. SafeBoot ( talk) 15:34, 12 August 2008 (UTC)
Some vendors are listed as supporting this feature. I seriously doubt however that Microsoft ever shared the internals of the boot process with any third parties to allow a machine running their encryption softwareto be resumed from hibernation when the hibneration file is encryted. In the best case scenario, the hibernation file is encrypted when going into standby, but the machine cannot resume from it. Please provide a reference if you think I'm wrong, or if this feature is supported under a non-Microsoft OS. Thanks Socrates2008 ( Talk) 12:00, 6 April 2008 (UTC)
Actually there is official support for encryption of the Hibernation file under Vista, and there are some official docs available under NDA (but actually technically incorrect). Though complex, it's possible to hook the hibernation stack under XP quite successfully, and in an absolutly guarenteed way which is resistant to any predicted Microsoft changes. SafeBoot ( talk) 16:38, 7 August 2008 (UTC)
SafeBoot ( talk) 15:11, 12 August 2008 (UTC) I appreciate that I am not impartial here, which is why I have kept my edits to fact only rather than promotion. I will as you suggest though add a reference to Hibernation support in the SafeBoot product (forgive me if I do it wrong). Re the official docs, Microsoft hold the keys to those and I cannot provide any evidence unfortunately. You should be comforted though to know that the leading commercial product vendors (McAfee, Checkpoint, Symantec) all provide protection during hibernation.
This article seems to confuse the two products. Also the OS support is out of date, but difficult to update as PGPDisk is bundled as part of other packages and is not a separate product. Socrates2008 ( Talk) 01:44, 24 April 2008 (UTC)
The comparison in the layering section is very misleading, as it's comparing software that protects physical disks, logical volumes (partitions) as well as software that creates new file-backed encrypted virtual volumes. Socrates2008 ( Talk) 01:44, 24 April 2008 (UTC)
Vendors of the software mentioned this article are encourage to note conflict of interest as well as suggestions for COI compliance. Socrates2008 ( Talk) 21:54, 18 September 2008 (UTC)
"Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly." What does this mean in English? Does it mean "Is the swap space encrypted?". If so, then it should be yes for freeCompusec. 75.91.99.108 ( talk) 03:03, 15 February 2009 (UTC)
Mobile Armor has a product called Data Armor that should be included perhaps?
-- Risacher ( talk) 20:52, 6 April 2009 (UTC)
I've done some work with evaluating encryption software, and it's very very frustrating how difficult it is to find out if tokens are actually supported. As for level of security, PKCS#11 would seem to be the only relevant standard, and then proper keys, not objects like those Truecrypt supports.
Truecrypt has for a long time now obfuscated that they do not in fact (correct me if I'm wrong) support non-stealable keys over PKCS#11, but still use those "keyfiles". At least partially defeating the main purpose of a token. I'd appreciate if someone with insight, possibly together with me, could help fix the matter at least in this table, to the very least with a footnote regarding Truecrypt token support.
Oh and PS, if someone could direct me to a simple and good software to do my file/archive encryption (not full disk) using PKCS#11 tokens, I'd be most grateful! :-D CarlJohanSveningsson ( talk) 12:51, 15 August 2011 (UTC)
There's no evidence I can find that this product exists, though the table lists it. Symantec's client compatibility page makes no mention of any OS X compatibility: http://www.symantec.com/products/sysreq.jsp?pcid=pcat_info_risk_comp&pvid=endpt_encryption_1 As such, I'm changing this to a "No". Edrarsoric ( talk) 03:07, 15 March 2012 (UTC)
It looks as Symantec have bought-out PGP.com, as PGP.com now redirects to Symantec. I'm going to go out on a limb and say that Symantec retired Endpoint Encryption for Mac and replaced it with PGP Whole Disk Encryption, as that _is_ Mac-compatible (though only to 10.6 ATM, according to the site). As such I've gone ahead and changed "PGP Whole Disk Encryption" to "PGP Whole Disk Encryption (Symantec)". Edrarsoric ( talk) 03:10, 15 March 2012 (UTC)
In the article clicking footnote 71 correctly goes to footnote 71. Clicking 74 incorrectly goes to 72.
And uses of footnotes 72 and 73 cannot be found in the article but do exist as footnotes. Ftgoodoa ( talk) 19:58, 3 May 2012 (UTC)
Many other footnotes seem to be incorrectly linked. There are 131 footnotes, but references to footnotes through 135. Specifically, it looks like references to 133, 134, and 135 should be to 129, 130, 131. Also, references to 123, 124, and 125 should be to 119, 120, and 121 respectively. 207.170.210.34 ( talk) 20:56, 6 January 2015 (UTC) xrc 6 Jan 2015
RedHat has RealCrypt. Search the web for it. — Preceding unsigned comment added by 89.235.246.98 ( talk) 15:18, 4 November 2012 (UTC)
'Yes' to what does not encrypt partition table. -- 211.127.228.179 ( talk) 13:52, 1 June 2014 (UTC)
Designed to look identical to Truecrypt. — Preceding unsigned comment added by Gary84 ( talk • contribs) 16:51, 26 July 2014 (UTC)
Can someone please update this article to add a reference to DoxBox ( https://t-d-k.github.io/doxbox/ ) which is a relaunch of FreeOTFE. I am the maintainer of DoxBox. — Preceding unsigned comment added by Squte ( talk • contribs) 00:01, 31 August 2014 (UTC)
I am changing the entry for freeotfe to say it supports hardere acceleration, the freeotfe manual says it uses libtomcrypt 1.17 and libtomcrypt says it uses hardware acceleration http://www.libtom.org/?page=changes — Preceding unsigned comment added by L33tgirl ( talk • contribs) 15:14, 20 September 2014 (UTC)
Hello fellow Wikipedians,
I have just added archive links to one external link on
Comparison of disk encryption software. Please take a moment to review
my edit. If necessary, add {{
cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{
nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true to let others know.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— cyberbot II Talk to my owner:Online 20:37, 18 January 2016 (UTC)
Since the fall of TrueCrypt, a project called TCnext was quick to claim themselves as a TrueCrypt alternative. Their website is truecrypt.ch. I visited this page to learn more but I see they are not mentioned. 67.0.34.219 ( talk) 23:06, 10 August 2016 (UTC)
From their site: We offer the product as is, and do not claim any rights to the name TrueCrypt or TrueCrypt.org – this is not a fork but the distribution of the product under Section II of the TrueCrypt license.
So why should they be added? 2A03:8600:1001:4013:0:0:0:100A ( talk) 17:15, 8 January 2017 (UTC)
DiskCryptor was last updated about 3 and a half years ago and their forum has gone dead silent. No response from anyone behind the project at all. Maybe it's time to change "Maintained: Yes" to "Maintained: No"? 2A03:8600:1001:4013:0:0:0:100A ( talk) 17:14, 8 January 2017 (UTC)
Hello fellow Wikipedians,
I have just modified 2 external links on Comparison of disk encryption software. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
{{
dead link}}
tag to
ftp://ftp.software.ibm.com/pc/pccbbs/thinkcentre_pdf/rr30mst.pdf{{
dead link}}
tag to
http://macmarshal.com/images/Documents/mm_wp_102.pdfWhen you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 16:57, 11 August 2017 (UTC)
Hello fellow Wikipedians,
I have just modified 7 external links on Comparison of disk encryption software. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
{{
dead link}}
tag to
http://www.becrypt.com/us/downloads/DISK%20Protect%204.2_US.pdfWhen you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 16:27, 20 September 2017 (UTC)
In the "features" section, maybe include a new feature in the table: in-RAM encryption of passwords/keys. This feature is supported in VeraCrypt. I believe other disk encryption software can avoid unencrypted passwords or keys in RAM, such as TRESOR. This feature could be called something like "cold boot mitigation" (link to cold boot attack page) or "encrypted passwords and keys in RAM". MetalFusion81 ( talk) 14:53, 11 January 2020 (UTC)
This should be set straight. -- Alexey Topol ( talk) 00:35, 28 July 2022 (UTC)