|
|
Introduction
FreeOTFE: A free "on-the-fly" transparent disk encryption program for MS
Windows 2000/XP/Vista PCs (both 32 and 64 bit), and Windows Mobile 2003/2005 and Windows Mobile 6 PDAs
Using this software, you can create one or more
"virtual disks" on your computer - anything written to these disks is
automatically, and securely, encrypted before being stored on your computers
hard drive.
Features
- Source code freely available
- Easy to use; full wizard included for creating new volumes
- Data encrypted on your PC can be read/written on your PDA, and vice versa
- Powerful: Supports numerous hash/encryption algorithms, and
provides a greater level of flexibility than a number of other
(including commercial!) OTFE systems
- Hash algorithms include: MD5, SHA-512, RIPEMD-160, Tiger and many more
- Cyphers include AES (256 bit), Twofish (256 bit), Blowfish (448 bit), Serpent (256 bit) and many more
- Cypher modes supported include XTS, LRW and CBC (including XTS-AES-128 and XTS-AES-256)
- "Portable mode" included; FreeOTFE doesn't need to be installed before it can be
used - making it ideal for carrying your data securely on USB drives!
- Security tokens/smartcards supported for extra (optional) security
- Operates under both PC (MS Windows 2000/XP) and PDA (Windows Mobile 2003/2005 and Windows Mobile 6) platforms
- Linux compatibility (Cryptoloop "losetup", dm-crypt and LUKS supported)
- "Hidden" volumes may be concealed within other FreeOTFE volumes, providing "plausible deniability"
- FreeOTFE volumes have no "signature" to allow them to be identified as such
- Encrypted volumes can be either file or partition based.
- Modular design allowing 3rd party drivers to be created, incorporating new hash/cypher algorithms
- Decryption software available to improve transparency, and allow even the most
junior software engineer to prove data is being encrypted correctly
- Supports password salting (up to 512 bits), reducing the risks presented by dictionary attacks.
- Allows users to backup and restore the critical areas of volume files.
- Keyfile support included; store volumes and their associated metadata separately.
- Uses per-sector IVs, including support for ESSIV
- Volume file timestamps and attributes are reset after dismounting, increasing "plausible deniability"
- Supports volumes files up to 2^63 bytes (8388608 TB)
- Comprehensive documentation
- Naturally, fully supported by SecureTrayUtil.
- Plus more...!
Screenshots of FreeOTFE are available
Cyphers included:
Cypher
|
Key length (in bits) |
Block Length (in bits)
|
Modes
|
Source Library
| Comments
|
AES
|
128
|
128 |
CBC
|
Dr. Brian R. Gladman |
|
| AES |
192 |
128 |
CBC
|
Dr. Brian R. Gladman |
|
| AES |
256 |
128 |
CBC
|
Dr. Brian R. Gladman |
|
AES
|
128
|
128 |
CBC/LRW/XTS
|
LibTomCrypt
| XTS version aka XTS-AES-128
|
| AES |
192 |
128 |
CBC/LRW/XTS
|
LibTomCrypt
|
|
| AES |
256 |
128 |
CBC/LRW/XTS
|
LibTomCrypt
| XTS version aka XTS-AES-256
|
Blowfish
|
128
|
64
|
CBC
|
LibTomCrypt
|
|
Blowfish
|
160
|
64
|
CBC
|
LibTomCrypt
|
|
Blowfish
|
192
|
64
|
CBC
|
LibTomCrypt
|
|
| Blowfish |
256
|
64 |
CBC
|
LibTomCrypt
|
|
| Blowfish |
448
|
64
|
CBC
|
LibTomCrypt
|
|
CAST5
|
128
|
64
|
CBC
|
LibTomCrypt
| aka CAST-128
|
| CAST6 |
128
|
128 |
CBC
|
Dr. Brian R. Gladman |
aka CAST-256 |
| CAST6 |
160
|
128 |
CBC
|
Dr. Brian R. Gladman |
aka CAST-256 |
| CAST6 |
192
|
128 |
CBC
|
Dr. Brian R. Gladman |
aka CAST-256 |
| CAST6 |
224
|
128 |
CBC
|
Dr. Brian R. Gladman |
aka CAST-256 |
| CAST6 |
256
|
128 |
CBC
|
Dr. Brian R. Gladman |
aka CAST-256 |
DES
|
64
|
64
|
CBC
|
LibTomCrypt
|
|
3DES
|
192
|
64
|
CBC
|
LibTomCrypt
| Standard encrypt, decrypt, encrypt
|
MARS
|
128
|
128
|
CBC
|
Dr. Brian R. Gladman |
|
MARS
|
192
|
128
|
CBC
|
Dr. Brian R. Gladman |
|
MARS
|
256
|
128
|
CBC
|
Dr. Brian R. Gladman |
|
Null
|
0
|
(variable)
|
n/a
|
n/a
|
|
RC-6
|
128
|
128
|
CBC
|
Dr. Brian R. Gladman |
|
RC-6
|
192
|
128
|
CBC
|
Dr. Brian R. Gladman |
|
RC-6
|
256
|
128
|
CBC
|
Dr. Brian R. Gladman |
|
RC-6
|
128
|
128
|
CBC/LRW/XTS
|
LibTomCrypt
|
|
RC-6
|
192
|
128
|
CBC/LRW/XTS
|
LibTomCrypt
|
|
RC-6
|
256
|
128
|
CBC/LRW/XTS
|
LibTomCrypt
|
|
RC-6
|
1024
|
128
|
CBC/LRW/XTS
|
LibTomCrypt
|
|
| Serpent |
128
|
128 |
CBC
|
Dr. Brian R. Gladman |
|
| Serpent |
192
|
128 |
CBC
|
Dr. Brian R. Gladman |
|
Serpent
|
256
|
128
|
CBC
|
Dr. Brian R. Gladman
|
|
| Twofish |
128 |
128 |
CBC
|
Dr. Brian R. Gladman |
|
| Twofish |
192
|
128 |
CBC
|
Dr. Brian R. Gladman |
|
| Twofish |
256
|
128 |
CBC
|
Dr. Brian R. Gladman |
|
Twofish
|
128
|
128
|
CBC
|
Hi/fn and Counterpane Systems
| x86 systems only
|
| Twofish |
192
|
128 |
CBC
|
Hi/fn and Counterpane Systems | x86 systems only
|
| Twofish |
256
|
128
|
CBC
|
Hi/fn and Counterpane Systems | x86 systems only
|
Twofish
|
128
|
128
|
CBC/LRW/XTS |
LibTomCrypt
|
|
| Twofish |
192
|
128 |
CBC/LRW/XTS |
LibTomCrypt
|
|
| Twofish |
256
|
128
|
CBC/LRW/XTS |
LibTomCrypt
|
|
XOR
|
(variable)
|
(variable) |
n/a
|
n/a
|
|
Hash algorithms included:
Hash
|
Hash Length (in bits)
|
Block Length (in bits)
|
Source Library
|
MD2
|
128
|
128
|
LibTomCrypt
|
MD4
|
128 |
512
|
LibTomCrypt |
MD5
|
128 |
512
|
LibTomCrypt
|
Null
|
(variable)
|
(variable) |
n/a
|
RIPEMD-128
|
128
|
512 |
LibTomCrypt
|
RIPEMD-160
|
160
|
512 |
LibTomCrypt |
RIPEMD-160 (Linux; Twice, with A)
|
320
|
512 |
LibTomCrypt
|
SHA-1
|
160
|
512 |
LibTomCrypt
|
SHA-224
|
224
|
512 |
LibTomCrypt
|
| SHA-256 |
256
|
512 |
LibTomCrypt
|
| SHA-384 |
384
|
1024
|
LibTomCrypt
|
| SHA-512 |
512
|
1024
|
LibTomCrypt
|
Tiger
|
192
|
512
|
LibTomCrypt
|
Whirlpool
|
512 |
512 |
LibTomCrypt
|
|
|
