USEFULS.NET

Do you prefer the commercial 1344bit encryption power of SecurStar’s DriveCrypt over the open-source community driven TrueCrypt? Well, then this article might be of interest to you.

If you’re seeking a comparison between the most popular container encryption programs, then this will be most likely the final station of your search.

Pricing

First off, I want to point out that TrueCrypt is completely free, however you are encouraged to donate at the homepage under the Donations tab. Speaking of free, DriveCrypt’s price is EUR 59.95 (which should be around 90 USD - who knows how much the USD dropped by the time you are reading this). Is this the price for your privacy? Nobody knows how long this price will last, especially when you watch at Microsoft abusing its monopoly position and adding software for all jobs to their operating system, rendering more and more 3rd party programs unnecessary. An example for that is Windows Vista’s partition manager.

If your data plays an important role then the price shouldn’t be an obstacle to you at all.

Encryption overkill

SecurStar promotes their program with military strength 1344bit encryption. But no one said that this level of encryption was really required to keep your data locked from theft, no matter by who, including the FBI. In theory, using a good algorithm with 128bit encryption is absolutely enough. Both programs, TrueCrypt and DriveCrypt exceed this requirement by making 256bit algorithms available. In fact, this is even standard in TrueCrypt while DriveCrypt contains some other algorithms with weaker encryption.

If you are paranoid when it comes to encryption strength you can pick DriveCrypt’s 1344bit encryption to calm your conscience, but remember that 256bit encryption is overkill already. What should be also mentioned is TrueCrypt’s LRW operation mode. You can imagine this as a mode where your key gets automatically changed for the encryption of every piece of data, also called block, thus making it much harder to crack the encryption by guessing repetitive or predictable content. This makes the 256bit encryption of TrueCrypt shine a bit brighter than its competitor’s one.

The danger of backdoors

What use does a safe have when it can be easily opened by the company that produced it? The TrueCrypt author lets you view the text out of which the program was made so you can produce your own build, also called source code, this is usual in the open-source community. DriveCrypt only offers you a very old source code of their program, but on their page they guarantee:

23. No Backdoors present
DriveCrypt does NOT include any backdoor. Encrypted data are only accessible by the legitimate users. Neither the vendor nor any other entities are able to break DriveCrypt disk encryption.

Trust is good. Control is better. An everyday computer user cannot know what a program is actually doing, so all we can do is to trust SecurStar’s guarantee. The TrueCrypt code however is being reviewed by thousands of programmers, so it is near impossible to have backdoor code without at least someone from the community noticing it.

Compromise: Politics - Security

Sometimes politicians are so bored of talking that they get funny ideas, so they make up new laws to make your life harder. This has happened in Germany lately, where German anti-virus solution providers were forced by law to add a backdoor to their software so the trojans made by the state have no problem entering your system. As far as I know, this has not happened to encryption software yet, but in some countries the usage of strong encryption is forbidden, a classical example is France. Therefore you should be careful and watch your country’s law before you get in trouble with the local authorities.

Here is a table that shows you some countries and whether the use of strong cryptography for personal, non-commercial use ONLY is allowed without any restrictions (State: December 2007). For example, if you live in Australia, you are free to download strong cryptography software from any country and use it as you like. But exporting strong cryptography, for example writing your own program and offering it on your homepage to anyone on the world is not allowed before you have obtained a license from the state. A more detailed list can be found here: Cryptography policies.

If there are any restrictions in your country it does not mean that you are not allowed to use cryptography at all, instead you should check the details for your country on the page I mentioned earlier: Cryptography policies.

Encryption speed test

I did an encryption speed test on my machine which is an Intel Core 2 Duo E6600 processor with 2048MB DDR800 RAM. The benchmark took place on a Western Digital Caviar SE WD800JD harddrive which only contained the container and the test file during every benchmark. Before running every test, the drive was defragmented. This took quite some time but it should give us clean results.

Lets come to the encryption results. The testing was done by copying a 1GB file filled with random data from the same drive to the container. Every test was done multiple times to make sure that the result is constant and always the best result was taken. Here are the encryption benchmark results.

The decryption speed was throughout 18 seconds +/- 1 second for every algorithm except for Triple DES 168bit and the combinations of the TrueCrypt algorithms which were around twice slower, this makes them good when you are working with small amounts of data or when you are archiving your files.

As we see the first 6 ones are pretty fast except Serpent which is a bit slower, but in practice you won’t notice the difference. The last 4 ones are somewhat slower so if you are copying giant files to the container consider using a faster algorithm.

As for me, I prefer AES 256bit as it offers good encryption speed and high security in both programs, TrueCrypt and DriveCrypt. If you like to find out more about AES you can look at the wikipedia page.

Alternatives

Here is a list of some container encryption programs, you can test them all and pick the one you like most.

• Compusec. Looks nice but for my needs a bit too overbloated.
• BestCrypt. I have never tried it.
• FreeOTFE. The PC version looks promising. I tried the PDA version and it only hangs up.
• ScramDisk. One of the predecessors of DriveCrypt, it is not being updated anymore.
• E4M. The official page is gone but you can get it here altogether with a description. Its basis was used for TrueCrypt, it is also not being updated anymore. Its official successor is DriveCrypt.
• PGP Disk. Quite known but I personally don’t like it because of its user interface.
• CrossCrypt. Looks like nice open-source software but I have never tried it.

If you know some more, tell me and I might add them to the list.

That’s all for the first post on my blog, if you have comments, criticism or improvement ideas just post a reply. Now follows a little FAQ, if your question is not answered here you’re welcome to post a question.

FAQ

Q: Can you bypass/crack TrueCrypt/DriveCrypt encryption?
A: No.

Q: Why does the police/FBI still manage to break it?
A: They don’t. They find the password written on a paper, text file, mail. It also happens that they test your IM and other passwords on it which you have already used elsewhere.

Q: Can TrueCrypt open a DriveCrypt container and vice versa?
A: No, since another type of encryption and file format is being used.

Q: Can you mount TrueCrypt containers on linux which were made on windows?
A: Yes, as long as your linux distribution supports the filesystem that you have chosen for the container.

Tags: drivecrypt, encryption, truecrypt

Liked this post? Help me to spread it by adding it to social bookmarking sites! Thank you.

Posted on Friday, December 14th, 2007 at 9:02 pm in Security.
Follow responses through RSS 2.0.
Trackback from your own site.