The following post outlines 6 different options for full-disk encryption software. This document is the result of research completed for project which required disk encryption on portable servers used during survey events at public schools across the lower mainland.
The high-level requirements were:
- Windows 10 Home Operating system
- 5-10 low-end hardware
- No internet connection to machines while in operation
- Must be user-friendly enough for non-technical people to operate.
Ultimately, Veracrypt was the selected technology. It provides extremely strong full-disk encryption, is user friendly and has no licensing fees.
VeraCrypt is a free encryption software which works on the Windows, macOS and Linux platforms. It cost nothing to install VeraCrypt. It is an enterprise-grade encryption software which is quite easy to use, and all it does is to add encrypted passwords to your data and partitions. It is immune to brute-force attacks so you don’t need to worry about hackers decrypting your passwords or other sensitive data. VeraCrypt volumes can be encrypted using AES, AES-Twofish, Serpent, and Twofish with a Key Size of 256 bits. VeraCrypt uses the XTS mode of operation with the header key and the secondary header key (XTS mode) are generated using PBKDF2 with a 512-bit salt and 327,661 to 655,331 iterations. The first release of VeraCrypt was on the 22 June 2013 and has since produced its latest release (version 1.23) on Wednesday 12 September 2018. VeraCrypt is a highly rated disk encryption software and it’s rated on top rating sites such as PC Mag and TechRadar.
DiskCryptor is an open license encryption solution which offers encryption of all disk partitions on the Windows platform. DiskCryptor initially releases from 0.1 to 0.4 were fully compatible with TrueCrypt as it used an encrypted data with the AES-256 algorithm in LRW mode. The current stable version is 1.1.846.118 which was released on 9 July 2014. DiskCryptor supports AES, Twofish, and Serpent as encryption algorithms including the combination of the three. In terms of hardware configuration on the bios level, DiskCryptor does not support UEFI/GPT, you have to change to Legacy/MBR. DiskCryptor isn’t a highly rated disk encryption software as its last release was in 2014 it can’t be verified if the algorithm is immune to brute force attack
Symantec Endpoint Encryption
Symantec Endpoint Encryption is powered by PGP Hybrid Cryptographic Optimizer Technology and is a proprietary software from Symantec. It is available on both the Windows and MacOS platforms. It has a yearly subscription license starting at $189.00 per license per 1-year subscription through more savings can be gotten via volume licensing. It supports multi-user deployment in both Active Directory and non-Active Directory environments. It has a strong algorithm which uses a FIPS 140-2 validated cryptographic module which complies with a range of government and industry requirements. Symantec is quite popular in the IT community has it has a wide range of security products which it has deployed to high-end customers around the world which makes it one of the top-ranked endpoint encryption software.
Sophos Central Device Encryption
Sophos Central Device full disk encryption provides a centrally-managed encryption using Windows BitLocker and Mac FileVault, taking advantage of the technology built into the operating systems. To further simplify the workflow, it can be managed in Sophos Central. With Sophos Central’s web-based management, there is no server to be deployed and no need to configure backend key servers. With Sophos central self-service, users can retrieve their own full disk encryption recovery keys so they can get back to work without having to contact the helpdesk. Sophos full disk encryption uses an agent which is deployed as part of the endpoint enrollment workflow in Sophos Central. It uses an encryption standard of XTS-AES 256 for Windows and XTS-AES 128 for macOS. It is also certified for FIPS and VS-NfD. It has a strong presence with regulated industries such as government, healthcare, education and finance and a long-standing history of certifications for European military-grade encryption technology. For the second year in a row, Gartner rates Sophos has been able to provide capabilities for all protection methods. Sophos Central Device Encryption is available as 30 days free trial and a standard fee of $20.00/user/year
Dell Data Protection | Encryption Personal Edition
With dell data protection, you can secure data using a comprehensive solution for your business as well as personal use. This software works only on the Windows Operating System and it supports these encryption algorithms: FIPS 140-2 validated” AES 128, AES 256, 3DES Rijndael 128, Rijndael 256, Blowfish, Lite. With Dell data protection, you can ensure that your data is secured, wherever it resides as you can easily enforce encryption policies, whether the data resides on system drive or external media. Dell data protection is highly rated but not popular among users as it is targeted at enterprise users. The price is not readily available as it requires a call for pricing. No information on if it is available as a free trial.
AxCrypt is an open-source encryption software which is offered both as a free version and a premium version and it’s offered on Windows, macOS, Android, and iOS platforms. it also support the cloud platform using cloud awareness storage so you can secure your files in Dropbox, Google Drive etc. it is a multilingual software available in English, Dutch, French, German, Italian, Korean, Portuguese, Spanish, Swedish, etc. it allows for opening of files by other AxCrypt users with their own password and also allows for management and accessibility of passwords seamlessly wherever you are. It uses file security with 128-bit or 256-bit AES encryption. AxCrypt premium version costs 30 Euros while the business version cost 75 Euros. AxCrypt is highly rated encryption software and has most peer to peer review website ratings.
Breakdown by Software Product
|Software Product||Cost||Reputation of Vendor||Platforms||Encryption Level||Software Type|
|VeraCrypt||Free||Highly rated among peer to peer review websites||Windows Linux MacOS||AES, AES-Twofish, Serpent, and Twofish with a Key Size of 256 bits||Open Source|
|DiskCryptor||Free||No ratings available||Windows||AES, Twofish, and Serpent||Open Source|
|Symantec Endpoint Encryption||$189 per year||Highly rated among government agencies||Windows MacOS||FIPS 140-2 validated cryptographic module||Enterprise|
|Sophos Central Device Encryption||30 –days free trial $20/user/year||Highly rated by Gartner||Windows MacOS Android||XTS-AES 256 for Windows and XTS-AES 128 for macOS||Enterprise|
|Dell Data Protection||Call for price||No ratings available||Windows||AES 128, AES 256, 3DES Rijndael 128, Rijndael 256, Blowfish||Enterprise|
|AxCrypt||Free Premium – 30 Euros Business – 75 Euros||Highly rated among peer to peer review websites||Windows, macOS, Android, and iOS||128-bit or 256-bit AES||Open Source|