Disk encryption software

From CryptoDox, The Online Encyclopedia on Cryptography and Information Security

Jump to: navigation, search

To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software which is used to implement the technique (for cryptographic aspects of the problem see disk encryption). Compared to access restrictions commonly enforced by an OS this technique allows to protect data even when the OS is not active, for example, if data is read directly from the hardware.

Such software encrypts data stored on a computer's mass storage and transparently decrypts the information when an authorized user requests it: no special action by the user (except supplying a password or passphrase at the beginning of a session) is required. Some also provide plausible deniability with deniable encryption techniques.

The volume-level encryption is particularly suited to portable devices such as laptop computers and thumb drives. If used properly, someone finding a lost device will have access only to meaningless encrypted files. A strong passphrase (e.g. five or more diceware words) is essential for full security.

Although disk encryption software can transparently operate on an entire disk volume, a directory, or even a single file, it is important to differentiate it with (non-transparent) file encryption software which encrypts or decrypts only individual files and always the whole file (the decrypted file is stored in a temporary file in an unencrypted form). Examples of software which can be used for file encryption are special-purpose software (e.g., GNU Privacy Guard), file archivers, and even some text editors (e.g., emacs or vi)

See also


External links