Disk encryption software: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 11:47, 23 December 2006 edit Adm30 (talk \| contribs) 14 edits →Windows ← Previous edit		Latest revision as of 02:38, 28 July 2025 edit undo Hurricane Clyde (talk \| contribs) Extended confirmed users 4,236 edits →See also: Adding this Tags: Mobile edit Mobile app edit Android app edit App section source
(200 intermediate revisions by more than 100 users not shown)
Line 1: {{Short description\|Computer security software}} To protect confidentiality of the data stored on a computer disk a [[computer security]] technique called [[disk encryption]] is used. This article discusses '''software''' which is used to implement the technique (for cryptographic aspects of the problem see [[disk encryption]]). Compared to access restrictions commonly enforced by an [[operating system\|OS]] this technique allows to protect data even when the OS is not active, for example, if data is read directly from the hardware. {{more citations needed\|date=September 2013}} '''Disk encryption software''' is a [[computer security]] software that protects the confidentiality of data stored on computer media (e.g., a [[Hard disk drive\|hard disk]], [[floppy disk]], or [[USB flash drive\|USB device]]) by using [[disk encryption]]. Compared to access controls commonly enforced by an [[operating system]] (OS), encryption passively protects data confidentiality even when the OS is not active, for example, if data is read directly from the hardware or by a different OS. In addition, [[crypto-shredding]] suppresses the need to erase the data at the end of the disk's lifecycle. Such software [[encryption\|encrypts]] data stored on a computer's [[mass storage]] and transparently decrypts the information when an authorized user requests it: no special action by the user (except supplying a [[password]] or [[passphrase]] at the beginning of a session) is required. Some also provide [[plausible deniability]] with [[deniable encryption]] techniques. Disk encryption generally refers to wholesale encryption that operates on an entire [[Volume (computing)\|volume]] mostly transparently to the user, the system, and applications. This is generally distinguished from file-level encryption that operates by user invocation on a single file or group of files, and which requires the user to decide which specific files should be encrypted. Disk encryption usually includes all aspects of the disk, including directories, so that an adversary cannot determine content, name or size of any file. It is well suited to portable devices such as [[laptop computer]]s and [[thumb drive]]s which are particularly susceptible to being lost or stolen. If used properly, someone finding a lost device cannot penetrate actual data, or even know what files might be present. The volume-level encryption is particularly suited to portable devices such as [[laptop computer]]s and [[thumb drive]]s. If used properly, someone finding a lost device will have access only to meaningless encrypted files. A strong passphrase (e.g. five or more [[diceware]] words) is essential for full security. ==Methods== Although disk encryption software can transparently operate on an entire disk volume, a directory, or even a single file, it is important to differentiate it with (non-transparent) file encryption software which encrypts or decrypts only individual files and always the whole file (the decrypted file is stored in a temporary file in an unencrypted form). Examples of software which can be used for file encryption are special-purpose software (e.g., [[GNU Privacy Guard]]), [[file archiver]]s, and even some [[text editor]]s (e.g., [[emacs]] or [[vi]]) The disk's data is protected using [[Symmetric-key algorithm\|symmetric cryptography]] with the key randomly generated when a disk's encryption is first established. This key is itself encrypted in some way using a password or pass-phrase known (ideally) only to the user. Thereafter, in order to access the disk's data, the user must supply the password to make the key available to the software. This must be done sometime after each operating system start-up before the encrypted data can be used. Done in software, [[encryption]] typically operates at a level between all applications and most system programs and the low-level [[device driver]]s by "transparently" (from a user's point of view) encrypting data after it is produced by a program but before it is physically written to the disk. Conversely, it decrypts data immediately after being read but before it is presented to a program. Properly done, programs are unaware of these cryptographic operations. ==Notable disk encryption software==▼ ~~===Cross-Platform===~~ Some disk encryption software (e.g., [[TrueCrypt]] or [[BestCrypt]]) provide features that generally cannot be accomplished with [[Disk encryption hardware\|disk hardware encryption]]: the ability to mount "container" files as encrypted logical disks with their own [[file system]]; and encrypted logical "inner" volumes which are secretly hidden within the free space of the more obvious "outer" volumes. Such strategies provide [[plausible deniability]]. ~~All programs included in this section run under more than one [[operating system]].~~ Well-known examples of disk encryption software include, [[BitLocker Drive Encryption\|BitLocker]] for Windows; [[FileVault]] for Apple OS/X; [[LUKS]] a standard free software mainly for [[Linux]] and [[TrueCrypt]], a non-commercial freeware application, for Windows, OS/X and Linux. ''Remark: Software that runs on two versions of one operating system is not considered cross-platform. For example, even though Windows 3.11 and Windows Vista are substantially mutually incompatible, they are merely two versions of one operating system.'' * A 2008 study found [[data remanence]] in [[dynamic random access memory]] (DRAM), with data retention of seconds to minutes at room temperature and much longer times when memory chips were cooled to low temperature. The study authors were able to demonstrate a [[cold boot attack]] to recover cryptographic keys for several popular disk encryption systems despite some memory degradation, by taking advantage of redundancy in the way keys are stored after they have been expanded for efficient use. The authors recommend that computers be powered down, rather than be left in a "sleep" state, when not under physical control by the computer's legitimate owner. This method of key recovery, however, is suited for controlled laboratory settings and is extremely impractical for "field" use due to the equipment and cooling systems required.<ref>{{cite journal\|title=Lest We Remember: Cold Boot Attacks on Encryption Keys\|author=[[J. Alex Halderman]]\|date=February 2008\|url=http://citp.princeton.edu.nyud.net/pub/coldboot.pdf\|display-authors=etal\|url-status=dead\|archive-url=https://web.archive.org/web/20080514160137/http://citp.princeton.edu.nyud.net/pub/coldboot.pdf\|archive-date=2008-05-14}}</ref> ~~====Windows/Linux====~~ * [[TrueCrypt]] (open-source, free), in addition to encryption provides [[plausible deniability]]. * [[BestCrypt]] (commercial), with plausible deniability. * [http://www.ce-infosys.com.sg/CeiNews_FreeCompuSec.asp CompuSec] (proprietary, free and commercial versions) supports encrypting the boot volume. ==~~=Linux=~~Other features== <!--Please don't add software which is included under the Windows/Linux category, it doesn't make sense to have software under both categories. If you disagree, then at least make sure you're consistent and add all software under the Windows/Linux category to the Windows category and the Linux category--> * [http://loop-aes.sourceforge.net/aespipe/ aespipe], program to encrypt a file stream with the [[Advanced Encryption Standard\|AES]] algorithm with key lengths 128, 192 and 256 bit. * [http://www.saout.de/misc/dm-crypt/ dm-crypt], included in the mainline kernel starting with version 2.6.4. Kernel versions earlier than 2.6.19 contained a bug that could cause data corruption when used together with software [[RAID5]].{{fact}} [http://cryptmount.sourceforge.net cryptmount] allows mounting dm-crypt volumes without superuser privileges. [[LUKS]] (Linux Unified Key Setup) aims to improve dm-crypt key management. * [[Cryptoloop]], a "[[Loop device\|loopback]]" encryption method, is included in the mainline kernel but has some security weaknesses and has been deprecated in favor of dm-crypt. * [http://ecryptfs.sourceforge.net/ eCryptfs], a stacked filesystem in the kernel version 2.6.19. * [[EncFS]] uses [[FUSE (Linux)\|FUSE]], provides an encrypted filesystem in [[user space]]. * [http://loop-aes.sourceforge.net/ loop-AES] supports kernel 2.0.x onward; no kernel patch required, but requires loading of a [[Loadable Kernel Module\|kernel module]]. Is one of the most mature methods. * [http://www.freenet.org.nz/python/phonebook/ PhoneBookFS] is another encrypted filesystem in userspace using [[FUSE (Linux)\|FUSE]], providing a higher level of [[deniable encryption]] through chaff and layers. No longer maintained. [http://iq.org/~proff/rubberhose.org/ rubberhose], last version (alpha) released in 2000. Never released a beta version. Not maintained. Only works with the Linux 2.2 kernel which is also no longer supported by Linus Torvalds. [http://stegfs.sourceforge.net/ StegFS], the current successor to the ideas embodied by the rubberhose and PhoneBookFS filesystems and in need of developers. ===~~BSD~~Plausible deniability=== * [http://netbsd.org/guide/en/chap-cgd.html CGD] for [[NetBSD]] * [http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html GBDE and GELI] for [[FreeBSD]] * [http://geektechnique.org/projectlab/84/ vnconfig -k] for [[OpenBSD]] Some disk encryption systems, such as [[VeraCrypt]], [[CipherShed]] (active open source forks of the discontinued [[TrueCrypt]] project), [[BestCrypt]] (proprietary trialware), offer levels of [[plausible deniability#Use in cryptography\|plausible deniability]], which might be useful if a user is compelled to reveal the password of an encrypted volume. ===Mac OS X===▼ * Disk image support includes optional AES-128 encryption. ** Since 10.3, [[FileVault]] uses this capability to provide an encrypted home directory. * "Secure virtual memory" support since 10.4. ===~~Windows~~Hidden volumes=== {{See also\|Deniable encryption}} <!--Please don't add software which is included under the Windows/Linux category, it doesn't make sense to have software under both categories. If you disagree, then at least make sure you're consistent and add all software under the Windows/Linux category to the Windows category and the Linux category--> Hidden volumes are a [[steganographic]] feature that allows a second, "hidden", volume to reside within the apparent free space of a visible "container" volume (sometimes known as "outer" volume). The hidden volume has its own separate file system, password, and encryption key distinct from the container volume. * [[BitLocker Drive Encryption\|BitLocker]], available in the Enterprise and Ultimate editions of [[Windows Vista]]. * [[CrossCrypt]] (open-source, free) supports Linux [[loop-AES]] format and old [[SuSE]] [[Twofish]] format. The content of the hidden volume is encrypted and resides in the free space of the file system of the outer volume—space which would otherwise be filled with random values if the hidden volume did not exist. When the outer container is brought online through the disk encryption software, whether the inner or outer volume is [[Mount (computing)\|mounted]] depends on the password provided. If the "normal" password/key of the outer volume proves valid, the outer volume is mounted; if the password/key of the hidden volume proves valid, then (and only then) can the existence of the hidden volume even be detected, and it is mounted; otherwise if the password/key does not successfully decrypt either the inner or outer volume descriptors, then neither is mounted. * [[FreeOTFE]] (open-source, free), also provides [[plausible deniability]] and has support for Linux disk formats (cryptoloop, dm-crypt and LUKS). * [[FreeOTFE4PDA]] (freeware) runs on [[Windows Mobile]]. Once a hidden volume has been created inside the visible container volume, the user will store important-looking information (but which the user does not actually mind revealing) on the outer volume, whereas more sensitive information is stored within the hidden volume. * [[Scramdisk]] (freeware) runs on Windows 9x. If the user is forced to reveal a password, the user can reveal the password to the outer volume, without disclosing the existence of the hidden volume. The hidden volume will not be compromised, if the user takes certain precautions in overwriting the free areas of the "host" disk.<ref>[http://www.freeotfe.org/docs/Main/plausible_deniability.htm Plausible Deniability] - [[FreeOTFE]] instructions for initializing an encrypted disk such that the presence of a hidden disk cannot be detected</ref> ===No identifying features=== Volumes, be they stored in a file or a device/partition, may intentionally not contain any discernible "signatures" or unencrypted headers. As cipher algorithms are designed to be indistinguishable from a [[pseudorandom permutation]] without knowing the [[key (cryptography)\|key]], the presence of data on the encrypted volume is also undetectable unless there are known weaknesses in the cipher.<ref>This is a design criterion of modern ciphers; in other words, ciphers are considered broken if their output is discernible from random.<br />{{cite book \|author=[[Mihir Bellare]], [[Phillip Rogaway]] \|date=2005-09-20 \|title=Introduction to Modern Cryptography \|url=http://www-cse.ucsd.edu/~mihir/cse207/classnotes.html \|chapter=Chapter 3: Pseudorandom functions \|page=7 \|access-date=2007-09-30 \|archive-url=https://web.archive.org/web/20071011235219/http://www-cse.ucsd.edu/~mihir/cse207/classnotes.html \|archive-date=2007-10-11 \|url-status=dead }}</ref> This means that it is impossible to prove that any file or partition is an encrypted volume (rather than random data) without having the password to mount it. This characteristic also makes it impossible to determine if a volume contains another hidden volume. A file hosted volume (as opposed to partitions) may look out of place in some cases since it will be entirely random data placed in a file intentionally. However, a partition or device hosted volume will look no different from a partition or device that has been wiped with a common disk wiping tool such as [[Darik's Boot and Nuke]]. One can plausibly claim that such a device or partition has been wiped to clear personal data. Portable or "traveller mode" means the encryption software can be run without installation to the system hard drive. In this mode, the software typically installs a temporary [[device driver\|driver]] from the portable media. Since it is installing a driver (albeit temporarily), administrative privileges are still required. ===Resizable volumes=== Some disk encryption software allows encrypted volumes to be resized. Not many systems implement this fully and resort to using "[[sparse file]]s" to achieve this.{{Citation needed\|date=April 2008}} ▲===~~Mac OS X~~Backups=== Encrypted volumes contain "header" (or "CDB") data, which may be backed up. Overwriting these data will destroy the volume, so the ability to back them up is useful. Restoring the backup copy of these data may reset the volume's password to what it was when the backup was taken. ==See also== ~~{{Portal\|Cryptography\|Key-crypto-sideways.png}}~~ * [[Disk encryption theory]] * [[Disk encryption hardware]] ▲~~==Notable~~* [[Comparison of disk encryption software==]] * [[Data remanence]] * [[Disk encryption]] * [[~~Full disk~~On-the-fly encryption]] * [[~~OTFE~~Cold boot attack]] * [[Ransomware]] * [[Single sign-on]] ''[[United States v. Boucher]]'' ==References== {{Reflist}} {{DEFAULTSORT:Disk encryption software}} ~~==External links==~~ {{dmoz\|Computers/Security/Products_and_Tools/Cryptography/Hard_Disk_Encryption/\|Hard Disk Encryption}} [http://www.infoanarchy.org/en/Hard_Disk_Encryption Detailed wiki-style article on disk encryption at infoanarchy.org] [http://www.onlamp.com/lpt/a/6384 Inside NetBSDs CGD] [http://www.shimari.com/dm-crypt-on-raid/ Encrypting filesystems under Linux - HOWTO] [http://www.tldp.org/HOWTO/Cryptoloop-HOWTO/ Cryptoloop - HOWTO] [[Category:Cryptographic software]] [[Category:Disk encryption]]