Views
Contents |
[edit] DiskCryptor - open source partition encryption solution
DiskCryptor is the only truly free solution, provided under GNU General Public License (GPLv3), which offers encryption of all disk partitions, including the system partition. The main criteria for open-source software is the availability of its source code under one of the open source licenses. The only open-source alternative to DiskCryptor that has comparable features is TrueCrypt. However, because of the restrictive license under which TrueCrypt is provided - the TrueCrypt Collective License - TrueCrypt cannot be classified as a truly free software, as it places limits on the use and modification of its source code by developers. There are other alternatives with similar functionality, but they are fully proprietary ones, which makes them unacceptable to use for protection of confidential data.
Originally, DiskCryptor was conceived as a replacement for DriveCrypt Plus Pack and PGP Whole Disk Encryption (WDE). Now, however, the aim of the development of the project is to create the best product in its category. Moreover, in the future, considerable effort will be devoted to the creation of detailed documentation, explaining the internal mechanics of the program, which would be the best confirmation and demonstration of its security.
DiskCryptor releases from 0.1 to 0.4 were fully compatible with TrueCrypt, as they used a corresponding partition format and encrypted data with AES-256 algorithm in LRW mode. Starting from DiskCryptor 0.5, the program relies its own partition format, developed specifically for encrypting partitions with data on them, as TrueCrypt format has been originally meant for creation of empty volumes. That move allowed for an increase in DiskCryptor's stability, eliminated many problems associated with file systems, and created an optimal format for further development of the program.
[edit] Version history
19.11.2007 - 0.1 beta (first public release)
19.12.2007 - 0.2 beta
11.01.2008 - 0.2.5 beta
18.03.2008 - 0.2.6 beta (first stable version)
17.07.2008 - 0.3
27.09.2008 - 0.4
26.12.2008 - 0.5
14.01.2009 - 0.6
19.01.2009 - 0.6a
31.05.2009 - 0.7
28.07.2009 - 0.8
To view list of changes made between program versions, click here - DiskCryptor changelog.
[edit] Supported operating systems
The following operating systems are fully supported by the current version of DiskCryptor:
Windows 2000 SP0-SP4
Windows XP (x86, x64) SP0-SP3
Windows Server 2003 (x86, x64) SP0-SP2
Windows Vista (x86, x64) SP0-SP2
Windows Server 2008 (x86, x64) RTM (SP1), SP2
Windows 7 (x86, x64)
[edit] Program features
- Disk partition encryption of any configuration, including boot and system partitions.
- Choice to select an encryption algorithm: AES, Twofish or Serpent. Cascaded modes are available as well.
- Full support for dynamic disks.
- Full support for encryption of external USB storage devices.
- Ability to create encrypted CD's and DVD's.
- High encryption performance, comparable to efficiency of a non-encrypted system.
- Support for hardware cryptography found in VIA processors.
- Support for disk devices with large sector sizes, which is important when working with hardware RAID.
- Automatic mount of disk partitions and external storage devices.
- Extended configuration possibilities of booting an encrypted OS. Support for different multi-boot scenarios.
- Full support for 3rd party boot loaders (LILO, GRUB, etc.).
- Ability to place boot loader on external medium and to authenticate using the key medium.
- Support for key files.
- Support for hotkeys to dismount partitions, initiate emergency system stop, etc.
- Additional (to GUI) command-line interface (CLI).
[edit] Installation and removal
The latest DiskCryptor version can be found on the Downloads page. When the program has been downloaded, please extract the dcrypt.exe file from the appropriate folder in an archive, which is either 32-bit or 64-bit version, and execute it. The dialogue window will prompt you to install the driver and reboot. Once the system has been restarted, you can start using the program. The update of the program to a newer version, is performed in the same way.
To completely uninstall the program, please go to "File->Uninstall driver". Then you can delete the dcrypt.exe file, and restart your system. Please note, however, that if your system partition is encrypted, then it will not be possible to uninstall the driver, and you will need to decrypt the system partition, first.
[edit] Limitations in the current version
- The main encrypted system partition cannot be converted into a dynamic one. After the conversion, the system will not boot.
- When encrypting system or boot partitions, you must not use any national symbols in the password. If your keyboard has QWERTZ or AZERTY layout, then you can use symbols only from these sets - [A-Z][a-z][0-9].
[edit] Notable particulars of the program
For the convenience, DiskCryptor's driver caches entered passwords in the kernel memory, and automatically chooses the appropriate password during the volume mount. If the right password is not detected, the program then brings up the dialogue window to ask for it. The passwords are cached in the non-swap memory and do not get into the page-file. There is also a feature to erase the password cache, by accessing the menu - "Tools->Clear Cached Passwords", or you can switch off this feature altogether, by modifying the program settings. USB sticks and all other removable volumes, are mounted automatically, and the dcrypt.exe file is needed only to install and manage the program. In case, when all your partitions are encrypted with the same password, it would be necessary to enter the password only once, - during boot time, and so the use of the dcrypt.exe file will not be required on a regular basis.
[edit] Performance
On the Intel Core 2 Quad Q6600 CPU, data encryption speed amounts to 104Mb/s per core. The maximum speed of reading the data from a single hard disk, equals to 80Mb/s, thus consequently, one can work with up to 5 different disks without the loss of performance, when using the aforementioned type of processor. In case if your disks are not operating under a constant high load, then it is possible to work with even higher number of disks, and on a weaker system, without losing the performance. Cryptoalgorithms for the x86 version are implemented in assembly language, and the implementation has maximum number of optimizations for the Intel Core line of processors, though still, it performs sufficiently fast on any other processors, as well. Almost all possible enhancements to improve the performance, have been applied, and in particular, - the AES algorithm code is being dynamically generated, with the optimization made for the usage of a particular key.
[edit] Security
The program uses AES, Twofish, Serpent, AES-Twofish, Twofish-Serpent, Serpent-AES or AES-Twofish-Serpent in XTS mode. The XTS mode is specifically designed for the disk encryption purpose and provides protection against some typical, for this type of target, attacks. The encryption key is generated randomly and it is stored, in an encrypted form, in the first sector of a volume. The open source code assures about the absence of backdoors in the program. The source code of each release is signed with my PGP key, which excludes the possibility of a modified source code being distributed as a part of this project. The author of the program can guarantee the absence of backdoors, only in the official, signed with the PGP key, version. The quality and the security of any outside modification or a derivative work, cannot be guaranteed, and no complaints will be accepted.
[edit] Documentation
[edit] Contact
Please use this email address for contact ntldr@diskcryptor.net
If possible, please use secure communication by downloading PGP key <0xC48251EB4F8E4E6E> from key server.
Key fingerprint: <34D0 1AAD F30E D8C6 B99F 4E4E C482 51EB 4F8E 4E6E>
Links
