From DiskCryptor wiki
Jump to: navigation, search

DiskCryptor logo.png

DiskCryptor
Open source partition encryption solution

Description

DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition. The fact of openess goes in sharp contrast with the current situation, where most of the software with comparable functionality is completely proprietary, which makes it unacceptable to use for protection of confidential data.

Originally DiskCryptor was developed as a replacement for DriveCrypt Plus Pack and PGP WDE. However the current aim of the project is to create the best product in its category. Moreover, in the future, considerable effort will be devoted to the creation of detailed documentation, explaining the internal mechanics of the program, which would be the best confirmation and demonstration of its security.

DiskCryptor releases from 0.1 to 0.4 were fully compatible with TrueCrypt, as they used a corresponding partition format and encrypted data with AES-256 algorithm in LRW mode. Starting from DiskCryptor 0.5, the program relies upon its own partition format, developed specifically for encrypting partitions with data on them, as TrueCrypt format has been originally meant for creation of empty volumes. That move allowed for an increase in DiskCryptor's stability, eliminated many problems associated with file systems, and created an optimal format for further development of the program.

Program Features

  • Support of AES, Twofish, Serpent encryption algorithms, including their combinations.
    • Transparent encryption of disk partitions.
    • Full support for dynamic disks.
    • Support for disk devices with large sector size (important for hardware RAID operation).
  • High performance, comparable to efficiency of a non-encrypted system.
    • Support for hardware AES acceleration:
    • Support for the SSD TRIM extension.
  • Broad choice in configuration of booting an encrypted OS. Support for various multi-boot options.
    • Full compatibility with third party boot loaders (LILO, GRUB, etc.).
    • Encryption of system and bootable partitions with pre-boot authentication.
    • Option to place boot loader on external media and to authenticate using the key media.
    • Support for key files.
  • Full support for external storage devices.
    • Option to create encrypted CD and DVD disks.
    • Full support for encryption of external USB storage devices.
    • Automatic mounting of disk partitions and external storage devices.
  • Support for hotkeys and optional command-line interface (CLI).
  • Open license GNU GPLv3.

Supported OS

Operating System Service Pack Bitness
Windows 2000* SP0–SP4 x86
XP SP0–SP3 x86, x64
Server 2003 SP0–SP2 x86, x64
Vista SP0–SP2 x86, x64
Server 2008 SP0–SP2 x86, x64
7 x86, x64
Server 2008 R2 x64
8, 8.1 x86, x64
Server 2012 x64


* Supported by DiskCryptor =<0.9.

Current Version

Version Status Date
1.1.846.118 Stable 09.07.2014
Forum thread

Features are NOT supported when encrypting system/boot partitions:

  • UEFI/GPT. Change UEFI to Legacy BIOS and convert GPT to MBR.
  • National symbols in password. If your keyboard has QWERTZ or AZERTY layout, then you can use symbols only from the following sets: [a–z][A–Z][0–9].
  • Conversion into a dynamic disk. System will not boot after the conversion.

Performance

Cryptographic Algorithms for the x86 version are implemented in Assembly Language, and the implementation has maximum number of optimizations for the Intel Core i5–i7 processors, while still performing sufficiently fast on any other processors as well. Almost all possible enhancements to improve the performance have been applied, and in particular, — the AES algorithm code is being dynamically generated, with the optimization made for the usage of a particular key. On multiprocessor systems encryption operations can run in parallel, where DiskCryptor automatically chooses optimal parallel mode based on system configuration. DiskCryptor also is able to make use of hardware cryptography extensions, if your CPU supports them. DiskCryptor vs TrueCrypt Encryption Benchmark.

On the Intel Core 2 Quad Q6600 CPU, data encryption speed amounts to 104 MB/s per core. The maximum speed of reading the data from a single hard disk equals to 80 MB/s so it can work with up to 5 different disks without loss of performance, when using the aforementioned type of processor. In case if your disks are not operating under a constant high load, then it is possible to work with even higher number of disks, and on a weaker system, without losing the performance.

Notable Usage Characteristics

For user's convenience, DiskCryptor's driver caches entered passwords in the kernel memory, and automatically chooses the appropriate password during the volume mount. If the right password is not detected, the program then brings up the dialogue window to ask for it. The passwords are cached in the non-swap memory and do not get into the page-file. Cached passwords can be erased via menu or you can switch off this feature in the program settings.

External USB flash drives or any other removable volumes will be mounted automatically. DiskCryptor's files are required only to install the program and manage encrypted volumes and are not necessary for a day-to-day use. If all your partitions are encrypted with the same password it is required to enter it only once during the boot time.

Security

DiskCryptor supports AES-256, Twofish and Serpent encryption algorithms. Extra cautions users can also choose to use a combination of cascaded algorithms, which would keep data safe even in case if one of the algorithms would be broken. The encryption key is randomly generated and is stored in an encrypted form, in the first sector of a volume. The guarantee of a safe cryptographic algorithm implementations, is that they are verified by a built-in test according to official test vectors, and open source code assures that no backdoors are present in the program.

The source code of each release is signed with author's PGP key, which excludes the possibility of a modified code being distributed as a part of this project. The author of the program can guarantee the absence of backdoors only in the official, signed with the PGP key, program releases. The quality and the security of any outside modification or a derivative work cannot be guaranteed, and no complaints are accepted.

See also:

Contact details

Please use this email address for contact: ntldr@diskcryptor.net
If possible, please use secure communication by downloading PGP key <0x1B6A24550F33E44A> from key server.
Key fingerprint: <8B69 7E90 7B3D E193 E8E9 B9FE 1B6A 2455 0F33 E44A>

Language: English  • Deutsch • polski • русский