Comparison of disk encryption software

This is a technical feature comparison of different disk encryption software.

• Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established) can be created for deniable encryption. Note that some modes of operation like CBC with a plain IV can be more prone to watermarking attacks than others.
• Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk.
• Single sign-on: Whether credentials provided during pre-boot authentication will automatically log the user into the host operating system, thus preventing password fatigue and reducing the need to remember multiple passwords.
• Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications.^{[clarification needed]}
• Multiple keys: Whether an encrypted volume can have more than one active key.
• Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2 or Argon2.
• Hardware acceleration: Whether dedicated cryptographic accelerator expansion cards can be taken advantage of.
• Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor.
• Filesystems: What filesystems are supported.
• Two-factor authentication: Whether optional security tokens (hardware security modules, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11)

• Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to pre-boot authentication in the features comparison table.
• Partition: Whether individual disk partitions can be encrypted.
• File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices).
• Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly.
• Hibernation file: Whether the hibernation file is encrypted (if hibernation is supported).

Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation.

• CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks.
• CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD).
• CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details)
• LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.
• XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWG (IEEE P1619) standard for disk encryption.
• Authenticated encryption: Protection against ciphertext modification by an attacker

• Cold boot attack
• Comparison of encrypted external drives
• Disk encryption software
• Disk encryption theory
• List of cryptographic file systems

• DiskCryptor vs Truecrypt – Comparison between DiskCryptor and TrueCrypt
• Buyer's Guide to Full Disk Encryption – Overview of full-disk encryption, how it works, and how it differs from file-level encryption