Performance of FullDisk Encryption DriveCryptor vs Truecrypt?

Performance of FullDisk Encryption DriveCryptor vs Truecrypt?

What Is your experienced on a device without hardware encryption acceleration Like an atom CPU, which program gives you the best performance?

David X.

 

I can play video games on my average laptop with True-Crypt full disk encryption "Without" Hardware acceleration, this is on AES. So personally i would go with AES-True-Crypt RIPEMD-160.

 

After a lot of testing it seams TC is marginal faster, but its other downsides makes it unsuitable for my use.

Using DiskCryptor I can still utilise Acronis trueimage to do backups and recoveris of the unencrypted partition content.

TC does not allows this.

 

Okay, I did not know you planned to do backups. I'm glad DiskCryptor is working for you instead.

 

Please elaborate on your findings? Do you know if DiskCryptor is compatible with Rollback Rx or similar software? (TC is not).

I'm using TC at the moment (had not heard about DiskCryptor until your post). I used it to encrypt the system partition of a Windows XP machine along with several logical partitions on that computer. I left one large logical partition unencrypted, which I use for backups, and one primary mini-partition (3 GB) on which I've installed BartPE along with various iso and img images that I can boot to using Grub bootloader.

To backup non-system partitions I just use FastCopy to directly copy them in sync mode to backup folders on a 1 TB external hard drive (lots of space so no compression necessary). Backups of the system partition are a bit trickier, but I've found that Drive Snapshot works great both from Windows and from BartPE. i.e. it is able to copy only the disk content that's in use from a mounted TC volume the way most imaging program's backup non-encrypted partitions. I used to use Acronis Backup & Recovery 10 (Workstation edition) a lot before TC, but not so much anymore because it doesn't see the TC mounted partitions properly i.e. it only see them as raw partitions (no file system, no free space) even after I mount them in BartPE, so essentially I have to make raw (sector-by-sector) backups of the system partition if I use Acronis. Macrium Reflect and Image for Windows have the same problem. StorageCraft's ShadowProtect works fine (same as Drive Snapshot) at least from BartPE/WinPE.

The main reason I have yet to employ TC on my primary computer is its incompatibility with Rollback Rx. Therefore I'm very interested to know if DiskCryptor could be the solution to that problem, or just more backup friendly in general.

Also, if you would prefer TrueCrypt because of the marginal speed advantage, then give Drive Snapshot or ShadowProtect a try in place of Acronis.

 

DiskCryptor has a different implementation than TC.

TC does not transparently encrypt a partition (other than the OS drive)
Instead it creates a new logical volume in the system, the same way it does for file based containers.
Those you can never backup the original partition in plaintext, and backing up the mounted logical volume may be not spouted by the backup software.

When mounting a OS drive form BartPE/WinPE TC also mounts the OS partition just like a logical volume and not transparently.

Diskcryptor however does real transparent encryption, in installs an "LowerFilter" for HDD access, so once the partition have been mounted it will appear to any subsequent software as plaintext.

Acronis True Image uses a driver for backups that is installed as an "UpperFilter" thos after the partition is mounted it will see it as plaintext.

So the partition can be Backuped and recivered as plaintext.


Any software that is installed as an "UpperFilter" or does not uses drivers at all should those be compatible with Diskcryptor, if the software installs a "LowerFilter" driver it may also be compatible after the order of the "LowerFilters" entries under HLM\SYS\ControlSet001\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F} have been adapted so that Diskcryptor comes before the backup driver.

To my experience you can even resize the encrypted partitions under windows 7, using the disk management console of win 7.

I'm currently not going to use Truecrypt, as I see the Diskcryptor implementation as superior and I also require the use of Acronis.

Talking about the implementation of Diskcryptor, its bootloader works in protected mode giving you more functionality, when modding (I added a nice on screen keaboard for my UMPC). The bootloader also supports network boot, you can boot any Diskcryptor encrypted PC using PXE and providing the keys by network the only limitation is that you have to use keyfiles, but I can easly work around this by modding in a fix password into the bootloader immage. etc....


David X.

 

after a closer look, i have to say DiskCryptor looks very promising and better suited for backups than TrueCrypt, however, it lacks a proper user manual and/or help file, so I'm not even sure the different boot configurations work.

 

user manual -> Source code
I'm not even sure the different boot configurations work -> Trail and error, but foremost backup

For me the booting from HDD works great and its easy to modify the bootloader and to reinstall it to the MBR.
PXE boot also works great.
Booting form USB as well.

DC is for G33ks
TC is for N00bs
muahahaha...

 

Re: DriveCryptor vs Truecrypt? (somewhat off-topic)

Oh, great. Just what we need - another freeware encryption program being provided by an anonymous developer of whom we know nothing. I already don't know who the "TrueCrypt team" is or why I should trust them. Who is "ntldr"? Is he equally secretive about his identity and his background?

Sorry to be straying off topic...

 

i dont know about you guys but trust an unknown "vendor" like TC and DC to protect your most sensitive data sound very noob to me

also you better pick a look at an interesting article that FBI ( ) PAY TO PUT BACKDOORS ON OPEN SOURCE PROJECT

link to article

http://www.osnews.com/story/24136/_FBI_Added_Secret_Backdoors_tpenBSD_IPSEC_

 

I was doing a google search to find out fastest (not most secure) encryption for netbooks. This guy reports truecrypt and built in bitlocker are both terrible.
http://www.techive.org/windows/bitlocker-vs-truecrypt-on-netbooks/

Would there be something else for full disc encryption that doesn't slow down netbooks?
A 50% decrease in performance is a huge descrease & probably seen in the battery life as well?
If diskcryptor is slightly faster than truecrypt rather than noticably faster, then that's still awful. I would like a level of encryption that doesnt protect me from secret services of the world but if I were to lose my netbook or it was stolen the information would likely not be recoverable to the average joe.
Main consideration is that it doesnt' dramatically effect CPU/drive performance or battery life of a netbook.

 

so ??

are you serious ? will u go for buying a milk or a meat "from unknown source " ??

can u verify there are no backdoors or leaks over there? can someone guarantee that??

IMO using any software (especially security ones!!) from unknown vendor is a Laugh in the face for all the subject called "security"

 

FBI hackers fail to crack TrueCrypt

 

Maybe it is pretty much true as far as you or me, or any crime we could commit that the USA might have an interest in. Truecrypt will be unbreakable.

Terrorism and the united states may be a completely different kettle of spooks. They'd likely be able to hide such details of breaking the encryption. In an ordinary criminal court where things are more transparent truecrypt is likely to stay unbreakable. Probably in the NSA's interest,.

 

Well ... in Nebraska, maybe. But Georgia?

 

Can you guarantee that Windows is not backdoored by NSA or that Norton's security products aren't trojaned so that FBI can tap into your machine? No, you can't. Therefore, why do you have a harder time trusting unknown developers who develop something for free on their own time? Moreover, the source code for TC is open for review. No such luck with proprietary stuff.

 

That's true, but I think word would still leak out about something like this.

Unfortunately I don't know enough about the PA and how it affects federal cases. I thought it was more geared towards allowing the investigators access to stuff that used to require a warrant?

 

That's not what I would call a logical argument. If somebody eats junk food, does that make it ok for them to drink poison? Or step in front of traffic?

I would much rather see a public face being presented by the developers of encryption software. The nature of the product practically cries out for trust, but how can you trust someone who refuses to identify himself? If the various developers were out in the open, attending conferences, making position statements, commenting on code, interacting with cryptologists, other developers and users then we might at least have a sense of who they were. And if their actual identities were known then we would probably also have some basic facts about their education, their backgrounds, etc. You know, just like a normal person. You want to know something about somebody before you hire him/trust him/whatever, right? You don't just say, "Well, there are many other people that I deal with on the street who are relatively unknown or anonymous, and my interactions with them have been mostly ok, so yeah, I guess I really don't need to know anything else about this guy in the shadows whose software I am relying on to protect my most important data."

As a result of following that line of reasoning we seem to have this "black hole" that software comes out of that we all use. For all we know, that hole could actually be located in the deliberately obscure corner office of a major intelligence agency, possibly located in any of several countries. Or any other private group operating under its own agenda, of which we know nothing.

My own use of encryption is merely intended to protect my personal and financial data from casual theft, so from a personal standpoint I'm not particularly concerned about the possibility of known (but secret) weaknesses in the code that can be exploited only by certain groups. However, there are plenty of other users out there who seem to be expecting a much higher level of protection from their "anonymously developed and then unexpectedly handed-out for free" encryption software, and I feel that their confidence in this type of software is probably unjustified.

 

When I ran benchmarks on both my desktop computer and netbook, Diskcryptor says twofish and serpent are much faster than AES. Could that realistically be possible, as I had thought AES was mostly so popular because of it's speed.

 

That article is specific for Atom netbooks. The article notes that "on common CPUs, you will barely notice a difference in how fast the computer deals with your daily work whether your hard disk is encrypted or not." Is your netbook AtomTM based? If not, maybe the performance hit won't be as bad.

 

What do you use?

I use TC because I've seen it recommended the most among (full disk) encryption programs by many different sources and I haven't heard of anyone breaking their encryption. The day I hear that somebody was tried based on evidence the prosecution obtained by breaking a true encrypted hard or flash drive is the day I switch to another program. I assume word of cases like that would spread if they existed.

And yes, I realize that with the NSA, CIA, ... involved it would be a different ballgame, but my sensitive data is nothing they would care about.

 

It's an atom, single cpu. It takes the performance hit as bad as the article. Encoding at 8-12mb/s. As said I really only need the most basic protection. protection from a random theft, or random loss. Not protection from a person or agency that NEEDS the data on my computer.

I"ve been reading RC4 is about twice as fast as AES and something called Panama is 8 times faster than AES. I really only need the most basic of encryption, and although maybe I could find something on the net, I don't want to use anything that's untested by peers. A fast cypher used by terrible software is going to land me in a world of hurt if I full disk encrypt a drive and i'm locked out of it forever due to flaws in programming of software.

Can anyone help, seems mostly people only use or know of cyphers and software that protects them from the FBI etc, so when it comes to simple fast not so secure encryption software, there's a black hole of info, as nobody here would dare use such software.

 

I agree with you here. There are a number of open-source crypto projects (GnuPG being a big one) and those developers are not anonymous, they use their real names on the mailing lists, and generally interact with other cryptologists.

Again, I agree it would be better to know who they are. For instance, I would rather have my crypto software designed by someone like Bruce Schneier who is A) well known and well respected and B) supports open-source.

However, just because we don't know who the TC team is, doesn't mean their work is bad or untrustworthy. No one has ever reported being able to crack TC containers (even the FBI has tried on one occasion and failed). People like Schneier and others have studied TC to some degree and I have never heard them point out any glaring holes. Besides, the mere fact that these guys can even write TC, make it work, and keep any major holes from being found after all these years, tells me that they know what they're doing and are competent in the field.

This is true. It is possible to put backdoors in software that are very deviously hidden (there is a competition every year called the "C code obfuscation contest" where people do things like this on purpose, as a contest, and are judged afterwards. The winner in 2008 was so clever that not even the judges understood how his code did what it did). That said, there is nothing stopping insiders at MS or Norton or Kaspersky from doing the same thing. It's just in their case it would be even harder to discover than it would be for TC.

No more unjustified than using crypto products from big software vendors. Indeed, I would say it is actually *more* likely that crypto products from big vendors are backdoored. See the Crypto AG case for one example. Also, here is a quote from the late 90's from an M$ employee:

Full article here.

Open-source developers who have no financial interest do not have to bow to the NSA and don't have to fear blackmail or hits to their bottom line for disobeying.

 

I just tried Diskcryptor with Serpent on my 'restore drive' It runs 25% faster than AES and TWOFISH. Which is very odd, I had always thought Serpent was more secure but slower than AES.

I encrypted and decrypted my 'restore operating system' drive. It does contain some large restore files which maybe doesn't represent a usual hard drive, and maybe Serpent encryption is faster than AES & Twofish with large files but would be equal or less with many smaller files? (i don't know)

But anyway based on that observation i'm going to Diskcryptor - Serpent my netbook. But i'm still interested in hearing from anyone who knows of reliable quality software that uses a very fast but not so secure cypher.

 

If I had the capability to crack TC-containers, being because of weak implementation or a backdoor, I most certainly wouldn't let people know that I had this option.
A lot of people are using TC, and to many it probably seems like an approval of TCs implementation that the FBI went to the public, saying that they were unable to crack the container, leading to more people using the potentionally weak TC-program.

I'm not saying that FBI are lying, I'm just saying that there are reasons for why they wouldn't tell the public, if they in fact were able to crack TC containers.

Yep, the speed-scheme should be something like:
1) Rijndael (AES)
2) Twofish
3) Serpent
For the AES finalists as far as I understand. So it seems to me like the Twofish provides the best performance vs. security margin ratio of those three.

Serpent should be significantly slower than AES, but have a much larger security margin.
See:
https://secure.wikimedia.org/wikipedia/en/wiki/Serpent_(cipher)
http://www.truecrypt.org/docs/serpent