Contents |
DiskCryptor - is the only truly free solution, provided under GNU General Public License (GPLv3), which offers encryption of all disk partitions, including the system one. The main criterion for an open software, is the availability of its source code under one of the open source licenses. The only analogous to DiskCryptor software, with the open source code, is the TrueCrypt. However, because of the restrictive license under which the TrueCrypt is provided, - the TrueCrypt Collective License, TrueCrypt cannot be classified as a truly free software, as it places limits for developers, on the use and modification of its source code. The other similar in function to DiskCryptor programs, are fully proprietary ones, which makes them unacceptable to use for protection of a confidential data.
Originally, DiskCryptor was conceived as a replacement for DriveCrypt Plus Pack and PGP Whole Disk Encryption, now however, the aim of the development of the project, is the creation of the best in its category, software. Moreover, in the future, considerable effort will be devoted to creation of a detailed documentation, explaining the internal mechanics of the program, which would be the best confirmation and demonstration of its security.
DiskCryptor is fully compatible with the TrueCrypt, as it uses analogous partition format, and encrypts data with AES-256 algorithm in LRW mode. This makes it possible to open an encrypted partition with the TrueCrypt, on Linux and Mac OS X systems.
19.11.2007 - 0.1 beta (first public release)
19.12.2007 - 0.2 beta
11.01.2008 - 0.2.5 beta
18.03.2008 - 0.2.6 beta (stable version)
The following operating systems are fully supported by the current version of DiskCryptor:
Windows 2000 SP0-SP4
Windows XP (x86, x64) SP0-SP2
Windows Server 2003 (x86, x64) SP0-SP2
Windows Vista SP0, SP1
Windows Vista x64 SP0, SP1 (with disabled driver signing verification)
Windows Server 2008
Windows Server 2008 x64 (with disabled driver signing verification)
Driver signing on 64-bit editions of Windows Vista and Windows Server 2008, has been introduced by the Microsoft with the aim to hinder the development and spreading of free software, on these systems. To run the DiskCryptor on these OS, you will have to hold F8 during the boot, and to select "Disable Driver Signature Enforcement". However, this problem will be solved in the near future.
The latest DiskCryptor version can be found on the Downloads page. When the program has been downloaded, please extract the dcrypt.exe file from the appropriate folder in an archive, which is either 32-bit or 64-bit version, and execute it. The dialogue window will prompt you to install the driver and reboot. Once the systems has been restarted, you can start using the program. The update of the program to a newer version, is performed in the same way.
To completely uninstall the program, please go to "File->Uninstall driver". Then you can delete the dcrypt.exe file, and restart your system. Please note, however, that if your system partition is encrypted, then it will not be possible to uninstall the driver, and you will need to decrypt the system partition, first.
For the convenience, DiskCryptor's driver caches entered passwords in the kernel memory, and automatically chooses the appropriate password during the volume mount. If the right password is not detected, the program then brings up the dialogue window to ask for it. The passwords are cached in the non-swap memory and do not get into the page-file. There is also a feature to erase the password cache, by accessing the menu - "Tools->Clear Cached Passwords", or you can switch off this feature altogether, by modifying the program settings. USB sticks and all other removable volumes, are mounted automatically, and the dcrypt.exe file is needed only to install and manage the program. In case, when all your partitions are encrypted with the same password, it would be necessary to enter the password only once, - during boot time, and so the use of the dcrypt.exe file will not be required on a regular basis.
On the Intel Core 2 Quad Q6600 CPU, data encryption speed amounts to 104Mb/s per core. The maximum speed of reading the data from a single hard disk, equals to 80Mb/s, thus consequently, one can work with up to 5 different disks without the loss of performance, when using the aforementioned type of processor. In case if your disks are not operating under a constant high load, then it is possible to work with even higher number of disks, and on a weaker system, without losing the performance. Cryptoalgorithms for the x86 version are implemented in assembly language, and the implementation has maximum number of optimizations for the Intel Core line of processors, though still, it performs sufficiently fast on any other processors, as well. Almost all possible enhancements to improve the performance, have been applied, and in particular, - the AES algorithm code is being dynamically generated, with the optimization made for the usage of a particular key.
The program uses AES-256 with 128-bit block in LRW 128 mode. The LRW 128 mode is specifically designed for the disk encryption purpose and provides protection against some typical, for this type of target, attacks. The encryption key is generated randomly and it is stored, in an encrypted form, in the first sector of a volume. The security of the cryptoalgorithms implementation is guaranteed by the full compatibility with the TrueCrypt, and the open source code assures about the absence of backdoors in the program. The source code of each release is signed with my PGP key, which excludes the possibility of a modified source code being distributed as a part of this project. The author of the program can guarantee the absence of backdoors, only in the official, signed with the PGP key, version. The quality and the security of any outside modification or a derivative work, cannot be guaranteed, and no complaints will be accepted.
| Risks of using cryptographic software and possible ways of data leaks |
| DiskCryptor 0.2.6 known issues and incompatibilities |