Friday, 2 October 2009

DiskCryptor: encrypt hard disk partitions, flash drives, and CD/DVD media with this versatile tool

DiskCryptor is a free, open source disk encryption software. It encrypts entire hard drive partitions, including the system partition as well as flash drives in real time without affecting performance. It can also create encrypted CDs/DVDs (through the use of disk image .ISO files). It offers excellent performance for mounted encrypted volumes and a good range of features and options.

This software is designed to encrypt entire hard drives, storage devices, or CD/DVD media. It is similar to TrueCrypt, another notable software previously mentioned on this site; however DiskCryptor lays claim to several advantages:
  1. It can encrypt partitions with existing data: without destroying the data. This is obviously very practical and useful and is a significant advantage.
  2. It can create encrypted CD’s/DVD’s: through the use of .ISO images. DiskCryptor will encrypt these and the user can subsequently burn them to actual physical media.
  3. “Truly” Open Source: purports to be “the only truly free solution provided under GNU General Public License” (in contrast to the “TrueCrypt Collective License” which apparently places restrictions on the modification of the source data).
Disadvantages vs. TrueCrypt:
  1. Unlike TrueCrypt, DiskCryptor is not designed to create file containers that can be mounted as encrypted virtual drives. It will, in other words, encrypt a partition or an entire hard drive or flash drive, but strangely will not create an encrypted file that you can mount as a virtual drive. I personally find this omission very strange and I am sure will cause many to stick with TrueCrypt.
  2. Lacks the “plausible deniability” feature (where if, say, you are “forced” to surrender a password you can give a decoy which displays innocuous files). Although I personally think this feature is unimportant.
More on how DiskCryptor works:
  • Mounting encrypted drives: DiskCryptor has to be running in memory. To use an encrypted flash drive or CD on, say, your work and home computers, you need to install the program in both places.
  • Booting encrypted drives: fully support bootings encrypted system partitions (including support for different multi-boot scenarios). DiskCryptor can also be integrated into a BartPE bootable Livedisk; instructions here.
  • Caching passwords: if you have this enabled, entering a password once will cache it in kernel memory so that it mounts automatically on next insert, which is really cool. You can disable caching if you want and of course you can clear all passwords from the cache at will.
  • Performance: superfast. Your encrypted disks, in other words, will be as fast as regular disks for all practical purposes. You can perform any operation on mounted encrypted drives that you would on normal drives (such as defrag, etc.).
  • Support: these are all quotes from the program site; “full support for dynamic disks”, support for “disk partition encryption of any configuration, including boot and system partitions”, “support for hardware cryptography found in VIA processors”, “support for disk devices with large sector sizes, which is important when working with hardware RAID”, “support for hardware cryptography found in VIA processors”, “full support for 3rd party boot loaders (LILO, GRUB, etc.)”
  • Encryption modes: a wide range to choose from; AES, Twofish, Serpent, AES-Twofish, Twofish-Serpent, Serpent-AES or AES-Twofish-Serpent in XTS mode.
    Extended configuration possibilities of booting an encrypted OS. Support for different multi-boot scenarios.
  • Command line version: available
  • Hotkeys: although this did not seem to be active in the version I tested, you will in the future be able to use hotkeys to perform actions such as dismounting partitions, initiating an emergency system stop, etc.
The verdict: I think this is a very exciting software that has huge potential. DriveCrypt was conceived, according to the website, as a replacement for DriveCrypt Plus Pack and PGP Whole Disk Encryption (WDE). The aim has subsequently changed to “create the best product in its category”, and I think they are well underway to achieve this goal.
Having said that I really wish future versions of DriveCrypt encrypted file containers. I know that for many people (including myself) this is an indispensable feature and could be a significant barrier to using this program over a program such as TrueCrypt for example.

No comments:

Post a Comment