Difference between pages "User:Lenageraghty" and "Full Disk Encryption"
From Forensics Wiki
(Difference between pages)
m (→Lena's Page) |
OldSkool2600 (Talk | contribs) m (→Supplemental Hardware / External Chassis: rm dead links) |
||
| Line 1: | Line 1: | ||
| − | + | '''Full Disk Encryption''' or '''Whole Disk Encryption''' is a phrase that was coined by [[Seagate]] to describe their encrypting [[hard drive]]. Under such a system, the entire contents of a hard drive are encrypted. This is different from [[Full Volume Encryption]] where only certain partitions are encrypted. | |
| − | + | Some examples of full disk encryption: | |
| − | === | + | == Hardware Solutions == |
| + | === Embedded into internal HDD === | ||
| + | ; Hitachi ''Bulk Data Encryption'' ("BDE") | ||
| + | : http://www.hitachigst.com/tech/techlib.nsf/techdocs/74D8260832F2F75E862572D7004AE077/$file/bulk_encryption_white_paper.pdf | ||
| − | + | ; Seagate ''Full Disk Encryption'' ("FDE") | |
| + | : http://www.seagate.com/docs/pdf/marketing/PO-Momentus-FDE.pdf | ||
| − | + | ; Toshiba ''Self-Encrypting Drives'' ("SED") | |
| + | : http://sdd.toshiba.com/main.aspx?Path=TrendsTechnology/Self-EncryptingDrives | ||
| − | === | + | === Supplemental Hardware / External Chassis === |
| + | ; Addonics product lines | ||
| + | : http://www.addonics.com/products/cipher/CPD256U.asp | ||
| − | + | ; Apricorn product lines | |
| + | : http://www.apricorn.com/products.php?cat_id=72 | ||
| − | + | ; Eracom Technology DiskProtect | |
| + | : http://www.eracom-tech.com/drive_encryption.0.html | ||
| − | + | ; iStorage DiskCrypt Mobile | |
| − | + | : http://www.istorage-uk.com/diskcryptmobile.php | |
| − | === | + | ; Network Appliance (Decru) |
| − | [[ | + | : http://www.netapp.com/ftp/decru-fileshredding.pdf |
| + | : http://www.netapp.com/us/products/storage-security-systems/ | ||
| + | : http://www.forensicswiki.org/images/6/6f/Securing_Storage_White_Paper.pdf (Decru white paper) | ||
| + | |||
| + | == Software Solutions == | ||
| + | |||
| + | ; beCrypt | ||
| + | : http://www.becrypt.com/our_products/disk_protect.php | ||
| + | |||
| + | ; [[BitArmor]] [[DataControl]] | ||
| + | : FDE tool that protects fixed and removable media. | ||
| + | |||
| + | ; [[BitLocker]] | ||
| + | : Part of Windows Vista that uses [[AES]] 128 or 256 bit encryption | ||
| + | |||
| + | ; [[CGD]] | ||
| + | : Cryptographic Device Driver. Provides transparent full disk encryption for [[NetBSD]]. | ||
| + | : Supports various [[ciphers]]: [[AES]] (128 bit blocksize and accepts 128, 192 or 256 bit keys), [[Blowfish]] (64 bit blocksize and accepts 128 bit keys) and [[3DES]] (uses a 64 bit blocksize and accepts 192 bit keys (only 168 bits are actually used for encryption). | ||
| + | : http://www.netbsd.org/docs/guide/en/chap-cgd.html | ||
| + | |||
| + | ; [[Checkpoint Full Disk Encryption]] | ||
| + | : http://www.checkpoint.com/products/datasecurity/pc/ | ||
| + | |||
| + | ; [[dm-crypt]] | ||
| + | : Transparent [[file system]] and [[swap]] encryption for [[Linux]] using the Linux 2.6 device mapper. Supports various [[ciphers]] and [[LUKS]] (Linux Unified Key Setup). | ||
| + | : http://www.saout.de/misc/dm-crypt/ | ||
| + | |||
| + | ; [[FreeOTFE]] | ||
| + | : Transparent on the fly encryption for [[Windows|MS Windows]] and [[Microsoft Windows Mobile|Windows Mobile]] PDAs. Also supports mounting [[Linux]] [[dm-crypt]] and [[LUKS]] volumes | ||
| + | : http://www.FreeOTFE.org/ | ||
| + | |||
| + | ; [[GBDE]] | ||
| + | : [[GEOM]] Based Disk Encryption. Provides transparent full disk and swap encryption for [[FreeBSD]]. Supported [[ciphers]]: [[AES]] (128 bit). | ||
| + | : Supports hidden volumes and Pre-Boot Authentification. | ||
| + | : Since data loss can occur on unexpected shutdowns, GELI is recommended instead of GBDE. | ||
| + | : http://www.freebsd.org/cgi/man.cgi?query=gbde&apropos=0&sektion=8&manpath=FreeBSD+6.2-RELEASE&format=html | ||
| + | : http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf | ||
| + | |||
| + | ; [[GELI]] | ||
| + | : Cryptographic [[GEOM]] class. Provides transparent full disk encryption for [[FreeBSD]]. Supports various [[ciphers]]: [[AES]], [[Blowfish]] and [[3DES]]. | ||
| + | : Supports hidden volumes and Pre-Boot Authentification. | ||
| + | : http://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8 | ||
| + | |||
| + | ; Jetico BestCrypt | ||
| + | : http://www.jetico.com/ | ||
| + | |||
| + | ; [[loop-AES]] | ||
| + | : Transparent [[file system]] and [[swap]] encryption for [[Linux]] using the loopback device and [[AES]]. | ||
| + | : http://sourceforge.net/projects/loop-aes/ | ||
| + | |||
| + | ; [[PGPDisk]] | ||
| + | : Pretty Good Privacy Whole Disk Encryption provides transparent whole disk encryption with Pre-Boot authentification for [[Windows]]. Also supports [[MacOS]] X 10.4 (non-boot disks only). | ||
| + | : Can use OpenPGP RFC 2440 keys and X.509 keys for authentification. | ||
| + | : Supports USB Tokens for authentification. | ||
| + | : Supported [[ciphers]]: [[AES]] (256 bit keys). | ||
| + | : http://www.pgp.com/products/wholediskencryption/ | ||
| + | |||
| + | ; [[SafeGuard Easy]] | ||
| + | : Certified according to [[Common Criteria]] EAL3 and FIPS 140-2 | ||
| + | : Encryption algorithms supported: [[AES]] (128 and 256 bit) and [[IDEA]] (128 bit) | ||
| + | : Provides complete [[hard drive]] encryption including the boot disk. | ||
| + | : http://www.utimaco.us/products | ||
| + | |||
| + | ; [[SECUDE]] | ||
| + | : [[SECUDE]] provides a software and hardware solution for full disk encryption. | ||
| + | : http://www.secude.com | ||
| + | |||
| + | ; Securstar DriveCrypt | ||
| + | : http://www.securstar.com/products_drivecryptpp.php | ||
| + | |||
| + | ; [[TrueCrypt]] | ||
| + | : Transparent full disk encryption for [[Linux]] and [[Windows]]. Supports [[AES]] (256 bit), [[Serpent]] and [[Twofish]]. | ||
| + | : Supports hidden volumes within TrueCrypt volumes (plausible deniability). | ||
| + | : http://www.truecrypt.org/ | ||
| + | |||
| + | ; [[DiskCryptor]] | ||
| + | : Free solution provided under GNU General Public License. | ||
| + | : http://diskcryptor.net/index.php/DiskCryptor_en | ||
| + | |||
| + | ; [[vnconfig]] | ||
| + | : The -K option of [[OpenBSD]] vnconfig(8) associates and encryption key with the svnd device. Supports saltfiles. Supported [[ciphers]]: [[Blowfish]]. | ||
| + | : http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8 | ||
| + | |||
| + | [[Category:Encryption]] | ||
| + | [[Category:Anti-Forensics]] | ||
| + | [[Category:Disk encryption]] | ||
Revision as of 03:34, 19 June 2011
Full Disk Encryption or Whole Disk Encryption is a phrase that was coined by Seagate to describe their encrypting hard drive. Under such a system, the entire contents of a hard drive are encrypted. This is different from Full Volume Encryption where only certain partitions are encrypted.
Some examples of full disk encryption:
Contents |
Hardware Solutions
Embedded into internal HDD
- Hitachi Bulk Data Encryption ("BDE")
- http://www.hitachigst.com/tech/techlib.nsf/techdocs/74D8260832F2F75E862572D7004AE077/$file/bulk_encryption_white_paper.pdf
- Seagate Full Disk Encryption ("FDE")
- http://www.seagate.com/docs/pdf/marketing/PO-Momentus-FDE.pdf
- Toshiba Self-Encrypting Drives ("SED")
- http://sdd.toshiba.com/main.aspx?Path=TrendsTechnology/Self-EncryptingDrives
Supplemental Hardware / External Chassis
- Addonics product lines
- http://www.addonics.com/products/cipher/CPD256U.asp
- Apricorn product lines
- http://www.apricorn.com/products.php?cat_id=72
- Eracom Technology DiskProtect
- http://www.eracom-tech.com/drive_encryption.0.html
- iStorage DiskCrypt Mobile
- http://www.istorage-uk.com/diskcryptmobile.php
- Network Appliance (Decru)
- http://www.netapp.com/ftp/decru-fileshredding.pdf
- http://www.netapp.com/us/products/storage-security-systems/
- http://www.forensicswiki.org/images/6/6f/Securing_Storage_White_Paper.pdf (Decru white paper)
Software Solutions
- BitArmor DataControl
- FDE tool that protects fixed and removable media.
- CGD
- Cryptographic Device Driver. Provides transparent full disk encryption for NetBSD.
- Supports various ciphers: AES (128 bit blocksize and accepts 128, 192 or 256 bit keys), Blowfish (64 bit blocksize and accepts 128 bit keys) and 3DES (uses a 64 bit blocksize and accepts 192 bit keys (only 168 bits are actually used for encryption).
- http://www.netbsd.org/docs/guide/en/chap-cgd.html
- dm-crypt
- Transparent file system and swap encryption for Linux using the Linux 2.6 device mapper. Supports various ciphers and LUKS (Linux Unified Key Setup).
- http://www.saout.de/misc/dm-crypt/
- FreeOTFE
- Transparent on the fly encryption for MS Windows and Windows Mobile PDAs. Also supports mounting Linux dm-crypt and LUKS volumes
- http://www.FreeOTFE.org/
- GBDE
- GEOM Based Disk Encryption. Provides transparent full disk and swap encryption for FreeBSD. Supported ciphers: AES (128 bit).
- Supports hidden volumes and Pre-Boot Authentification.
- Since data loss can occur on unexpected shutdowns, GELI is recommended instead of GBDE.
- http://www.freebsd.org/cgi/man.cgi?query=gbde&apropos=0&sektion=8&manpath=FreeBSD+6.2-RELEASE&format=html
- http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
- GELI
- Cryptographic GEOM class. Provides transparent full disk encryption for FreeBSD. Supports various ciphers: AES, Blowfish and 3DES.
- Supports hidden volumes and Pre-Boot Authentification.
- http://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8
- Jetico BestCrypt
- http://www.jetico.com/
- loop-AES
- Transparent file system and swap encryption for Linux using the loopback device and AES.
- http://sourceforge.net/projects/loop-aes/
- PGPDisk
- Pretty Good Privacy Whole Disk Encryption provides transparent whole disk encryption with Pre-Boot authentification for Windows. Also supports MacOS X 10.4 (non-boot disks only).
- Can use OpenPGP RFC 2440 keys and X.509 keys for authentification.
- Supports USB Tokens for authentification.
- Supported ciphers: AES (256 bit keys).
- http://www.pgp.com/products/wholediskencryption/
- SafeGuard Easy
- Certified according to Common Criteria EAL3 and FIPS 140-2
- Encryption algorithms supported: AES (128 and 256 bit) and IDEA (128 bit)
- Provides complete hard drive encryption including the boot disk.
- http://www.utimaco.us/products
- SECUDE
- SECUDE provides a software and hardware solution for full disk encryption.
- http://www.secude.com
- Securstar DriveCrypt
- http://www.securstar.com/products_drivecryptpp.php
- TrueCrypt
- Transparent full disk encryption for Linux and Windows. Supports AES (256 bit), Serpent and Twofish.
- Supports hidden volumes within TrueCrypt volumes (plausible deniability).
- http://www.truecrypt.org/
- DiskCryptor
- Free solution provided under GNU General Public License.
- http://diskcryptor.net/index.php/DiskCryptor_en
- vnconfig
- The -K option of OpenBSD vnconfig(8) associates and encryption key with the svnd device. Supports saltfiles. Supported ciphers: Blowfish.
- http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8
