Comparison of disk encryption software

This is a technical feature comparison of different disk encryption software.

Background information

Summarize

Perspective

More information Name, Developer ...

Name	Developer	First released	Licensing	Maintained?
Aloaha Crypt Disk	Aloaha	2008	Source Auditable for Commercial Customers	Yes
ArchiCrypt Live	Softwaredevelopment Remus ArchiCrypt	1998	Proprietary	Yes
BestCrypt	Jetico	1993^[1]	Proprietary	Yes
BitArmor DataControl	BitArmor Systems Inc.	2008-05	Proprietary	Yes
BitLocker	Microsoft	2006	Proprietary	Yes
Bloombase StoreSafe	Bloombase	2012	Proprietary	No^[2]
Boxcryptor	Secomba GmbH	2011	Proprietary	No
CGD	Roland C. Dowdeswell	2002-10-04^[3]	BSD	Yes
CenterTools DriveLock	CenterTools	2008	Proprietary	Yes
Check Point Full Disk Encryption	Check Point Software Technologies Ltd	1999^[4]^[5]^[6]	Proprietary	Yes
CipherShed	CipherShed Project	2014^[7]	TrueCrypt License Version 3.0^[8]	No
CrossCrypt	Steven Scherrer	2004-02-10^[9]	GPL	No
CryFS	Sebastian Messmer	2015	LGPLv3	Yes
Cryhod	Prim'X Technologies	2010	Proprietary	Yes
Cryptainer	Cypherix Software	1998	Proprietary	Yes
Cryptic Disk	Exlade	2003	Proprietary	Yes
CryptArchiver	WinEncrypt	?	Proprietary	Yes
Cryptoloop	?	2003-07-02^[10]	GPL	No
Cryptomator	Skymatic UG (haftungsbeschränkt)	2016-03-09^[11]	GPLv3	Yes
CryptoPro Secure Disk Enterprise	cpsd it-services GmbH	2010	Proprietary	Yes
CryptoPro Secure Disk for BitLocker	cpsd it-services GmbH	2012	Proprietary	Yes
CryptSync	Stefan Küng	2012	GPL v2	Yes
Discryptor	Cosect Ltd.	2008	Proprietary	No
DiskCryptor	ntldr, David Xanatos	2007	GPL	No^[12]
DISK Protect	Becrypt Ltd	2001	Proprietary	Yes
Cryptsetup / Dmsetup	Christophe Saout	2004-03-11^[13]	GPL	Yes
Dm-crypt / LUKS	Clemens Fruhwirth (LUKS)	2005-02-05^[14]	GPL	Yes
DriveSentry GoAnywhere 2	DriveSentry	2008	Proprietary	No
E4M	Paul Le Roux	1998-12-18^[15]	Open source	No
e-Capsule Private Safe	EISST Ltd.	2005	Proprietary	Yes
eCryptfs	Dustin Kirkland, Tyler Hicks, (formerly Mike Halcrow)	2005^[16]	GPL	Yes
EgoSecure HDD Encryption	EgoSecure GmbH	2006	Proprietary	Yes
EncFS	Valient Gough	2003^[17]	LGPLv3	No
EncryptStick	ENC Security Systems	2009	Proprietary	Yes
FileVault	Apple Inc.	2003-10-24	Proprietary	Yes
FileVault 2	Apple Inc.	2011-07-20	Proprietary	Yes
FREE CompuSec	CE-Infosys	2002	Proprietary	Yes
FreeOTFE	Sarah Dean	2004-10-10^[18]	Open source	No
GBDE	Poul-Henning Kamp	2002-10-19^[19]	BSD	No
GELI	Pawel Jakub Dawidek	2005-04-11^[20]	BSD	Yes
GnuPG	Werner Koch	1999-09-07^[21]	GPL	Yes
gocryptfs	Jakob Unterwurzacher	2015-10-07^[22]	MIT / X Consortium License	Yes
Knox	AgileBits	2010	Proprietary	Yes
KryptOS	The MorphOS Development Team	2010	Proprietary	Yes
LibreCrypt	tdk	2014-06-19^[23]	Open source	No
Loop-AES	Jari Ruusu	2001-04-11	GPL	Yes
McAfee Drive Encryption (SafeBoot)	McAfee, LLC	2007^[24]	Proprietary	Yes
n-Crypt Pro	n-Trance Security Ltd	2005	Proprietary	Yes
PGPDisk	PGP Corporation (acquired by Symantec in 2010)	1998-09-01^[25]	Proprietary	Yes
Private Disk	Dekart	1993^[26]	Proprietary	Yes
ProxyCrypt	v77	2013	Open source	Yes
R-Crypto	R-Tools Technology Inc	2008	Proprietary	Yes
SafeGuard Easy	Sophos (Utimaco)	1993^[27]	Proprietary	Yes
SafeGuard Enterprise	Sophos (Utimaco)	2007^[28]	Proprietary	Yes
SafeGuard PrivateDisk	Sophos (Utimaco)^[29]	2000	Proprietary	Yes
SafeHouse Professional	PC Dynamics, Inc.	1992	Proprietary	Yes
Scramdisk	Shaun Hollingworth	1997-07-01	Open source	No
Scramdisk 4 Linux	Hans-Ulrich Juettner	2005-08-06^[30]	GPL	No
SecuBox	Aiko Solutions	2007-02-19	Proprietary	Yes
SECUDE Secure Notebook	SECUDE	2003	Proprietary	Yes
Seqrite Encryption Manager	Quick Heal Technologies Ltd.	2017	Proprietary	Yes
Sentry 2020	SoftWinter	1998^[31]	Proprietary	No
Softraid / RAID C	OpenBSD	2007-11-01^[32]	BSD	Yes
SpyProof!	Information Security Corp.	2002	Proprietary	Yes
Svnd / Vnconfig	OpenBSD	2000-12-01^[33]	BSD	Yes
Symantec Endpoint Encryption	Symantec Corporation	2008	Proprietary	Yes
Tcplay	Alex Hornung	2012-01-28^[34]	BSD	No^[35]
Trend Micro Endpoint Encryption (Mobile Armor)	Trend Micro^[36]	2004 or earlier^[37]	Proprietary	Yes
TrueCrypt	TrueCrypt Foundation	2004-02-02^[38]	TrueCrypt License 3.1^[39]	No
USBCrypt	WinAbility Software Corp.	2010	Proprietary	Yes
VeraCrypt	IDRIX	2013-06-22^[40]	Apache License 2.0^[41] TrueCrypt License Version 3.0 (legacy code only)	Yes
CyberSafe Top Secret	CyberSoft	2013	Proprietary	Yes
Name	Developer	First released	Licensing	Maintained?
ZzEnc	IMDTech	2013	Commercial

Operating systems

More information Name, Android ...

Name	Android	Windows NT	iOS	Mac OS X	Linux	FreeBSD	OpenBSD	NetBSD
Aloaha Crypt Disk	?	Yes	?	No	No	No	No	No
BestCrypt Volume Encryption	?	Yes	?	Yes	No^[42]	No	No	No
BitArmor DataControl	?	Yes	?	No	No	No	No	No
BitLocker	No	Yes	?	Partial^[43]	Partial^[43]	No	No	No
Bloombase StoreSafe	?	Yes	?	Yes	Yes	Yes	Yes	Yes
Boxcryptor	Yes	Yes	Yes	Yes	Yes	No	No	No
CenterTools DriveLock	?	Yes	?	No	No	No	No	No
CGD	?	No	?	No	No	No	No	Yes
Check Point Full Disk Encryption	?	Yes	?	Yes	Yes^[44]	No	No	No
CipherShed	Yes^[45]	Yes	?	Yes	Yes	No^[46]	No	No
CrossCrypt	No	Yes^[47]	?	No	No	No	No	No
CryFS	No	Yes	?	Yes	Yes	Yes	No	Yes
Cryhod	?	Yes	?	No	Yes	No	No	No
Cryptainer	?	Yes	?	No	No	No	No	No
CryptArchiver	?	Yes	?	No	No	No	No	No
Cryptic Disk	No	Yes	No	No	No	No	No	No
Cryptoloop	?	Yes^[48]	?	No	Yes	No	No	No
Cryptomator	Yes	Yes^[49]	Yes	Yes	Yes	No	No	No
CryptoPro Secure Disk Enterprise	No	Yes	?	No	No	No	No	No
CryptoPro Secure Disk for BitLocker	No	Yes	?	No	No	No	No	No
Cryptsetup / Dmsetup	?	Yes^[48]	?	No	Yes	No	No	No
CryptSync	No	Yes	?	Yes	Yes	No	No	No
Discryptor	?	No	?	No	No	No	No	No
DiskCryptor	?	Yes	?	No	No	No	No	No
DISK Protect	?	Yes	?	No	No	No	No	No
Dm-crypt / LUKS	?	Yes^[48]	?	No	Yes	No	No	No
DriveSentry GoAnywhere 2	?	Yes	?	No	No	No	No	No
E4M	?	Yes	?	No	No	No	No	No
e-Capsule Private Safe	?	Yes	?	No	No	No	No	No
eCryptfs	?	No	?	No	Yes	No	No	No
EgoSecure HDD Encryption	?	Yes	?	No	No	No	No	No
EncFS	Yes^[50]	Yes^[51]	?	Yes^[51]	Yes (FUSE)	Yes (FUSE)	Yes (FUSE)	Yes (FUSE)
EncryptStick	?	Yes	?	Yes	Yes	No	No	No
EncryptUSB	?	Yes	?	Yes	No	No	No	No
FileVault	?	No	?	Yes	No	No	No	No
FileVault 2	?	No	?	Yes	Partial^[52]	No	No	No
FREE CompuSec	?	Yes	?	No	No	No	No	No
FreeOTFE	No	Yes	?	No	Partial^[53]	No	No	No
GBDE	?	No	?	No	No	Yes	No	No
GELI	?	No	?	No	No	Yes	No	No
Knox	?	No	?	Yes	No	No	No	No
LibreCrypt	Yes^[54]	Yes	?	No	Partial^[55]	No	No	No
Loop-AES	?	No	?	No	Yes	No	No	No
McAfee Drive Encryption (SafeBoot)	?	Yes	?	Yes	No	No	No	No
n-Crypt Pro	?	Yes	?	No	No	No	No	No
PGPDisk	?	Yes	?	Yes	No	No	No	No
PGP Whole Disk Encryption	?	Yes	?	Yes	Yes	No	No	No
Private Disk	?	Yes	?	No	No	No	No	No
ProxyCrypt	No	Yes	?	No	No	No	No	No
R-Crypto	?	Yes	?	No	No	No	No	No
SafeGuard Easy	?	Yes	?	No	No	No	No	No
SafeGuard Enterprise	?	Yes	?	Yes	No	No	No	No
SafeGuard PrivateDisk	?	Yes	?	No	No	No	No	No
SafeHouse Professional	?	Yes	?	No	No	No	No	No
Scramdisk	?	Yes	?	No	Yes	No	No	No
Scramdisk 4 Linux	?	No	?	No	Yes	No	No	No
SecuBox	?	No	?	No	No	No	No	No
SecureDoc	?	Yes	?	Yes	Yes	No	No	No
Sentry 2020	?	Yes	?	No	No	No	No	No
Seqrite Volume Encryption	No	Yes	No	No	No	No	No	No
Softraid / RAID C	?	No	?	No	No	No	Yes	No
SpyProof!	?	Yes	?	No	No	No	No	No
Svnd / Vnconfig	?	No	?	No	No	No	Yes	No
Symantec Endpoint Encryption	?	Yes	?	Yes	No^[56]	No	No	No
Tcplay	No	No	?	No	Yes	No	No	No
Trend Micro Endpoint Encryption	No	Yes	?	Yes	No	No	No	No
TrueCrypt	Yes^[45]	Yes	Yes	Yes	Yes	No^[57]	No	No
USBCrypt	No	Yes	?	No	No	No	No	No
VeraCrypt	Yes^[58]	Yes	Yes^[59]	Yes	Yes	Yes	No	No
CyberSafe Top Secret	Yes	Yes	?	No	No	No	No	No
Name	Android	Windows NT	iOS	Mac OS X	Linux	FreeBSD	OpenBSD	NetBSD

Features

Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established)^[60] can be created for deniable encryption. Note that some modes of operation like CBC with a plain IV can be more prone to watermarking attacks than others.
Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk.
Single sign-on: Whether credentials provided during pre-boot authentication will automatically log the user into the host operating system, thus preventing password fatigue and reducing the need to remember multiple passwords.
Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications.^{[clarification needed]}
Multiple keys: Whether an encrypted volume can have more than one active key.
Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2 or Argon2.
Hardware acceleration: Whether dedicated cryptographic accelerator expansion cards can be taken advantage of.
Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor.
Filesystems: What filesystems are supported.
Two-factor authentication: Whether optional security tokens (hardware security modules, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11)

More information Name, Hidden containers ...

Name	Hidden containers	Pre-boot authentication	Single sign-on	Custom authentication	Multiple keys	Passphrase strengthening	Hardware acceleration	TPM	Filesystems	Two-factor authentication
Aloaha Secure Stick	Yes	No	—	Yes	Yes	No	No	No	NTFS, FAT32	Yes
ArchiCrypt Live	Yes^[61]	No	—	No	Yes^[61]^[62]	No	No	No	?	Yes^[61]^[63]
BestCrypt	Yes	Yes	Yes	Yes	Yes^[64]	Yes	Yes	Yes	Any supported by OS	Yes^[65]
BitArmor DataControl	No	Yes	?	No	Yes	Yes	No	No	NTFS, FAT32 on non-system volumes	No
BitLocker	No	Yes^[66]	No	Yes^[67]	Yes^[68]	Yes^[69]	Yes	Yes^[68]	Chiefly NTFS ^{[Note 1]}	Yes ^{[Note 2]}
Bloombase StoreSafe	No	No	—	Yes	Yes	Yes	Yes	No	Any supported by OS	Yes
CGD	No	No	—	Yes^[70]	Yes^[71]	Yes^[70]	No	No	Any supported by OS	Yes^[70]
CenterTools DriveLock	No	Yes	Yes	No	No	Yes	No	No	Any supported by OS	Yes
Check Point Full Disk Encryption	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	NTFS, FAT32	Yes
CipherShed	Yes (limited to one per "outer" container)	only on Windows^[72]	?	No	yes with multiple keyfiles^[73]^[74]	Yes	Yes	No^[75]	Only Windows MBR volumes; no UEFI GPT drives, and dynamic drives discouraged^[76]	Yes
CryFS	No	No	—	No	No	Yes^[77]	No	No	Any supported by OS	No
CrossCrypt	No	No	—	No	No	No	No	No	?	No
CryptArchiver	No	No	—	No	No	?	No	No	?	?
Cryptic Disk	Yes	No	No	No	Yes	Yes	Yes	No	Any supported by OS	Yes
Cryhod	No	Yes	Yes	No	Yes	Yes	Yes	No	Any supported by OS	Yes
Cryptoloop	No	Yes^[78]	?	Yes	No	No	Yes^{[citation needed]}	No	Any supported by OS	?
Cryptomator	No	No	—	No	No	Yes	Yes	No	Any supported by OS	No
CryptoPro Secure Disk Enterprise	Yes with add-on Secure Device	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Any supported by OS	Yes
CryptoPro Secure Disk for BitLocker	Yes with add-on Secure Device	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Any supported by OS	Yes
Cryptsetup / Dmsetup	No	Yes^[78]	?	Yes	No	No	Yes	No	Any supported by OS	Yes
DiskCryptor	No	Yes	?	No	No	No	Yes^[79]	No	Windows volumes on MBR and UEFI GPT drives, ReFs any FS supported by OS^[80]	Yes^[79]
DISK Protect	No	Yes^[81]	Yes	No	Yes^[81]	No	Yes	Yes	NTFS, FAT32	Yes
Dm-crypt / LUKS	No	Yes^[78]	?	Yes	Yes	Yes	Yes	Partial^[82] ^{[Note 3]}	Any supported by OS	Yes
DriveSentry GoAnywhere 2	No	No	—	Yes	No	Yes	No	?	Any supported by OS	Yes
E4M	No	No	—	No	No	?	No	No	?	No
e-Capsule Private Safe	Yes^[83]	No	—	No	Yes^[83]	No	Yes	No	?	?
eCryptfs	No	No	—	Yes	Yes	Yes	Yes	Yes	Yes^[84]	Yes
EgoSecure HDD Encryption	No	Yes	Yes	Yes	Yes	Yes	Yes^[85]	Yes	NTFS, FAT32	Yes
EncryptUSB	No	No	No	No	No	Yes	No	No	NTFS, FAT32, exFAT	No
FileVault	No	No	—	No	Two passwords^[86]	Yes^[86]	?	No	HFS+, possibly others	No
FileVault 2	No	Yes	Yes	No	Yes	Yes	Yes^[87]	No	HFS+, possibly others	No
FREE CompuSec	No	Yes	?	No	No	No	No	No	Any supported by OS	No
FreeOTFE	Yes	No	—	Yes^[88]	Yes^[89]	Yes	Yes	No	Any supported by OS	Yes
GBDE	No	No^[90]	—	Yes	Yes^[91]	No^[91]	No^[90]	No	Any supported by OS	Yes
GELI	No	Yes^[90]	?	Yes	Yes^[92]	Yes^[92]	Yes^[90]	No	Any supported by OS	Yes
Loop-AES	No	Yes^[93]	?	Yes^[93]	Yes^[93]	Yes^[93]	Yes^[93]	No	Any supported by OS	Yes^[94]
McAfee Drive Encryption (SafeBoot)	Yes	Yes	Yes	Yes	Yes	Yes	Yes^[85]^[95]	Yes	Any supported by OS	Yes
n-Crypt Pro	No	No	—	No	No	—^[96]	No	No	?	?
PGPDisk	No	Yes^[97]	Yes	?	Yes	Yes^[98]	?	Yes	?	Yes
Private Disk	No	No	—	No	Yes	Yes	No	No	Any supported by OS	Yes
ProxyCrypt	Yes	No	No	No	No	Yes	Yes	No	Any supported by OS	Yes
R-Crypto	?	No	—	?	?	?	?	?	Any supported by OS	?
SafeGuard Easy	No	Yes	?	No	Yes	Yes	No	Yes^[99]	Any supported by OS	Yes
SafeGuard Enterprise	No	Yes	Yes	No	Yes	Yes	No	Yes^[99]	Any supported by OS	Yes
SafeGuard PrivateDisk	No	No	—	No	Yes	Yes	No	Yes^[100]	Any supported by OS	Yes
SafeHouse Professional	No	No	—	Yes	Yes	Yes	No	No	Any supported by OS	Yes
Scramdisk	Yes	No	—	No	No	No	No	No	?	Last update to web site 2009-07-02
Scramdisk 4 Linux	Yes^[101]	No	—	No	No	Yes^[101]	No	No	ext2, ext3, reiserfs, minix, ntfs, vfat/msdos	No
SecuBox	No	No	—	No	No	Yes	No	No	?	No
SecureDoc	No	Yes^[102]	?	Yes	Yes	Yes	Yes	Yes	?	Yes
Seqrite Encryption Manager	No	Yes	Yes	No	Yes	Yes	Yes	No	Any supported by OS	No
Sentry 2020	No	No	?	No	No	No	No	No	?	No
Softraid / RAID C	No	No	?	?	?	?	Yes	?	Any supported by OS	?
Svnd / Vnconfig	No	No	—	No	No	Yes^[103]	Yes	?	Any supported by OS	?
Symantec Endpoint Encryption	No	Yes	Yes	Yes	Yes	Yes	No	No	NTFS, FAT32	Yes
Trend Micro Endpoint Encryption	No	Yes	Yes	Yes	Yes	Yes^[104]	Yes^[105]	No	Any supported by OS	Yes^[106]
TrueCrypt ^{[Note 4]}	Yes (limited to one per "outer" container)	only on Windows^[107]	?	No	yes with multiple keyfiles^[74]^[108]	Yes	Yes	No^[75]	Only Windows MBR volumes; no UEFI GPT drives, and dynamic drives discouraged^[76]	Yes
VeraCrypt	Yes (limited to one per "outer" container)	only on Windows^[109]	No	No	yes with multiple keyfiles	Yes	Yes	No	Windows on both MBR and UEFI GPT drives; dynamic drives discouraged	Yes
CyberSafe Top Secret	Yes	No	No	No	Yes	Yes	Yes	No	Only Windows MBR volumes; no UEFI GPT drives, and dynamic drives discouraged	Yes
Name	Hidden containers	Pre-boot authentication	Single sign-on	Custom authentication	Multiple keys	Passphrase strengthening	Hardware acceleration	TPM	Filesystems	Two-factor authentication
ZzEnc	No	Yes	Yes	Yes	Yes	Yes	No	No	Windows, Legacy BIOS & UEFI	In UEFI with removable keys store on USB-flash

[N 1]
Windows 7 introduces Bitlocker-To-Go which supports NTFS, FAT32 or exFAT, however for hard drive encryption, Windows Vista and later are limited to be installable only on NTFS volumes
[N 2]
BitLocker can be used with a TPM PIN + external USB key for two-factor authentication
[N 3]
An external tool can be used to read the key from the TPM and then have the key passed on to dm-crypt/LUKS via the standard input
[N 4]
The current situation around TrueCrypt project is controversial. On 28.05.2014 after many years of development and broad usage the open-source (although anonymous) project was suddenly stopped, and all previous official materials and complete (encrypt/decrypt) binaries were withdrawn from its website citing some "unfixed security issues" and Windows XP end of support. The technical information herein is valid only for previous versions of TrueCrypt (v7.1a and some earlier). The latest available version (v7.2) is decrypt only, its authenticity and actual reasons behind the move are unclear, and its usage is not recommended. https://www.zdnet.com/article/truecrypt-quits-inexplicable/

Layering

Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to pre-boot authentication in the features comparison table.
Partition: Whether individual disk partitions can be encrypted.
File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices).
Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly.
Hibernation file: Whether the hibernation file is encrypted (if hibernation is supported).

More information Name, Whole disk ...

Name	Whole disk	Partition	File	Swap space	Hibernation file	RAID
Aloaha Secure Stick	No	No	Yes	No	No	?
ArchiCrypt Live	Yes (except for the boot volume)	Yes	Yes	No	No	?
BestCrypt	Yes	Yes	Yes	Yes	Yes^[110]	?
BitArmor DataControl	No	Yes	No	Yes	Yes	?
BitLocker	Yes (except for the boot volume)	Yes	Yes^[111]	Yes (parent volume is encrypted)	Yes (parent volume is encrypted)	?
Bloombase StoreSafe	Yes	Yes	Yes	Yes	No	Yes
CenterTools DriveLock	Yes	Yes	Yes	Yes	Yes	?
CGD	Yes	Yes	Yes^[70]	Yes	No	?
Check Point Full Disk Encryption	Yes	Yes	Yes	Yes	Yes	?
CipherShed	Yes	Yes	Yes	Yes	only on Windows	?
CrossCrypt	No	No	Yes	No	No	?
CryFS	No	No	No	No	No	?
CryptArchiver	No	No	Yes	No	No	?
Cryptic Disk	No	Yes	Yes	No	No	?
Cryhod	No	Yes	No	Yes	Yes (parent volume is encrypted)	?
Cryptoloop	Yes	Yes	Yes	Yes	No	?
Cryptomill	Yes	—	Yes	—	—	?
CryptoPro Secure Disk Enterprise	Yes	Yes	Yes (add-on Secure Device)	Yes	Yes	?
CryptoPro Secure Disk for BitLocker	Yes	Yes	Yes	Yes	Yes	?
DiskCryptor	No	Yes	No	Yes	Yes	?
Disk Protect	Yes	No	No	Yes	Yes	?
Dm-crypt / LUKS	Yes	Yes	Yes^[112]	Yes	Yes^[113]	?
DriveSentry GoAnywhere 2	No	Yes	Yes	No	No	?
E4M	No	Yes	Yes	No	No	?
e-Capsule Private Safe	No	No	Yes^[114]	No	No	?
eCryptfs	No	No	Yes	No	No	?
EgoSecure HDD Encryption	Yes	Yes	Yes	Yes	Yes	?
EncryptUSB	No	No	Yes	No	No	?
FileVault	No	No	Yes^[86]	Yes^[115]^[86]	Yes^[115]^[116]
FileVault 2	Yes^[117]	Yes^[87]	No	Yes	Yes	?
FREE CompuSec	Yes	No	Yes	Yes	Yes	?
FreeOTFE	Yes (except for the boot volume)	Yes	Yes	No	No	?
GBDE	Yes	Yes	Yes^[118]	Yes	No	?
GELI	Yes	Yes	Yes^[118]	Yes	No	?
Loop-AES	Yes	Yes^[93]	Yes^[93]	Yes^[93]	Yes^[93]	?
McAfee Drive Encryption (SafeBoot)	Yes	Yes	Yes	Yes	Yes^[119]	?
n-Crypt Pro	Yes	Yes	Yes	No	No	?
PGPDisk	Yes	Yes	Yes	Yes	only on Windows	?
Private Disk	No	No	Yes	No	No	?
ProxyCrypt	Yes	Yes	Yes	No	No	?
R-Crypto	No	No	Yes	No	No	?
SafeGuard Easy	Yes	Yes	extra module	Yes	Each sector on disk is encrypted	?
SafeGuard Enterprise	Yes	Yes	Yes	Yes	Each sector on disk is encrypted	?
SafeGuard PrivateDisk	No	No	Yes	No	No	?
SafeHouse Professional	No	No	Yes	No	No	?
Scramdisk	No	Yes	Yes	No	No	?
Scramdisk 4 Linux	Yes	Yes	Yes	Yes	No	?
SecuBox	No	No	Yes	—	No	?
Sentry 2020	No	No	Yes	No	No	?
Seqrite Encryption Manager	Yes	Yes	Yes	Yes	Yes	RAID-5
Softraid / RAID C	Yes	Yes	No	Yes (encrypted by default in OpenBSD)^[120]	No	?
Svnd / Vnconfig	?	Yes	Yes	Yes (encrypted by default in OpenBSD)	?	?
SpyProof!	No	Yes	Yes	No	No	?
Symantec Endpoint Encryption	Yes	Yes	Yes	Yes	Yes	?
Trend Micro Endpoint Encryption	Yes	Yes	Yes	Yes	Yes	?
TrueCrypt	Yes^[121]	Yes	Yes	Yes	only on Windows^[107]	?
VeraCrypt	Yes	Yes	Yes	Yes	only on Windows^[107]	?
CyberSafe Top Secret	No	Yes	Yes	No	No	?
Name	Whole disk	Partition	File	Swap space	Hibernation file	RAID

Modes of operation

Summarize

Perspective

Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.

CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks.
CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details)
LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.^[122]
XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWG (IEEE P1619) standard for disk encryption.
Authenticated encryption: Protection against ciphertext modification by an attacker

More information Name, CBC w/ predictable IVs ...

Name	CBC w/ predictable IVs	CBC w/ secret IVs	CBC w/ random per-sector keys	LRW	XTS	Authenticated encryption
Aloaha Crypt Disk	No	No	No	Yes	Yes	?
ArchiCrypt Live	No	No	No	Legacy support^[123]	Yes	?
BestCrypt	No	Yes	No	Yes^[124]	Yes^[125]	?
BitArmor DataControl	No	Yes	Plumb-IV	No	No	?
BitLocker	No^[126]	Yes^[126]	No	No	Yes, Windows 10 10547+	?
Bloombase StoreSafe	Yes	Yes	Yes	Yes	Yes	?
CGD	No	Yes^[127]	No	No	No	?
CenterTools DriveLock	?	?	?	?	?	?
Check Point Full Disk Encryption	No	No	Yes	Yes	Yes	?
CipherShed	Legacy support^[128]	No	No	Legacy support^[129]	Yes^[130]	?
CrossCrypt	Yes	No	No	No	No	?
CryFS	No	No	Yes	No	No	?
CryptArchiver	?	?	?	?	?	?
Cryptic Disk	No	No	No	No	Yes	No
Cryhod	No	Yes	No	No	Yes^[131]	?
Cryptoloop	Yes	No	No	No	No	No
DiskCryptor	No	No	No	No	Yes	?
Dm-crypt / LUKS	Yes	Yes	No	Yes, using *-lrw-benbi^[132]	Yes, using *-xts-plain	Yes, using `--integrity` mode^[133]
DriveSentry GoAnywhere 2	?	?	?	?	?	?
E4M	?	?	?	No	No	?
e-Capsule Private Safe	?	?	?	?	?	?
eCryptfs	No	Yes	?	No	No	?
EgoSecure HDD Encryption	No	Yes	No	No	No	?
FileVault	Yes^[86]	No	No	No	No	?
FileVault 2	No	No	No	No	Yes^[134]	?
FREE CompuSec	Yes	No	No	No	No	?
FreeOTFE	Yes	Yes	No	Yes	Yes	No
GBDE	No	No	Yes^[91]	No	No	?
GELI	No	Yes^[135]	No	No	Yes	Yes, using `-a` option^[136]
Loop-AES	single-key, multi-key-v2 modes^[93]	multi-key-v3 mode^[93]	No	No	No	No
McAfee Drive Encryption (SafeBoot)	No	Yes	No	No	No	?
n-Crypt Pro	?	?	No	No	No	?
PGPDisk	?	?	?	?	?	?
Private Disk	No	Yes	No	No	No	?
ProxyCrypt	No	No	No	No	Yes	?
R-Crypto	?	?	?	?	?	?
SafeGuard Easy	?	?	?	?	?	?
SafeGuard Enterprise	?	?	?	?	?	?
SafeGuard PrivateDisk	?	?	?	?	?	?
SafeHouse Professional	Yes	No	No	No	No	?
Scramdisk	No	Yes	No	No	No	?
Scramdisk 4 Linux	No	Yes^[137]	No	Yes^[138]	Yes^[139]	?
SecuBox	Yes	No	No	No	No	?
SecureDoc	?	?	?	?	?	?
Sentry 2020	?	?	?	?	?	?
Seqrite Encryption Manager	No	Yes	No	Yes	Yes	?
Softraid / RAID C	?	?	?	?	Yes^[140]	?
Svnd / Vnconfig	?	?	?	?	?	?
Symantec Endpoint Encryption	No	No	Yes	No	No	?
TrueCrypt	Legacy support^[128]	No	No	Legacy support^[129]	Yes^[141]	No
USBCrypt	No	Yes	No	No	Yes	?
VeraCrypt	No	No	No	No	Yes	?
CyberSafe Top Secret	No	No	No	No	Yes	?
Name	CBC w/ predictable IVs	CBC w/ secret IVs	CBC w/ random per-sector keys	LRW	XTS	Authenticated encryption

Notes and references

Loading content...

External links

Loading content...

Loading related searches...

Wikiwand - on

Seamless Wikipedia browsing. On steroids.