BestCrypt Volume Encryption
It’s Friday evening and you’ve just got home from a long week of work bracketed by endless commutes. You collapse on the couch with a beer and reach for your laptop, opting for a bit of Netflix while you decide what to do with the rest of your night. ‘Wait a minute’ you think, ‘where is my laptop?’ And then with a sinking feeling it dawns on you: you grabbed your bag from the train seat next to you, but your laptop case was in the overhead luggage rack. After several frantic calls round train stations the horrible truth creeps in: the laptop is gone, taking a sizeable portion of personal data with it.
Situations like this aren’t exactly uncommon and are a strong reminder of the benefits of using encryption on your daily devices. Encryption won’t do much to soothe the irritation of losing an expensive laptop, but it will help to put your mind at ease if a chunk or your personal data falls into the hands of a thief – or someone with an aversion to handing in lost property.
For the less familiar, encryption is a process of encoding information using an algorithm called a cipher, which produces a ciphertext that should be unintelligible to any unauthorised third parties attempting to view it. There are numerous encryption standards with varying strengths, pros and cons, but we’ll come back to that later.
If you’ve recently purchased a device running Windows Home Edition, you might be surprised to find that it doesn’t come with disk encryption as standard. You have to upgrade to Windows Professional for access to BitLocker. If you want to encrypt all the data on your laptop data but don’t feel inclined to throw another wad of cash at Microsoft, BestCrypt Volume Encryption offers a leading alternative. The software is also available for OS X.
What is Volume Encryption?
Before we go any further it may be worth distinguising volume encryption from other terms that get bandied around, including partition and disk encryption.
A hard disk can be made up into multiple data partitions for purposes such as holding separate Operating Systems. Partition encryption solutions therefore only work with encrypting individual partitions.
Disk encryption software on the other hand may be able to encrypt all the partitions on an individual disk, but often encrypts each hard drive on a computer individually, requiring the management of different encryptions keys. As such, disk encryption solutions won’t be able to support more complex set-ups such as the RAID configurations available in Direct Attached Storage (DAS) solutions.
Volume encryption provides the most flexibility, allowing the combined encryption of multiple partitions spread across separate hard disks as single volumes. With this system the entire volume is encrypted until a password is entered by a user and then all files are unlocked in all partitions within the given volume.
With many of us now working with data across multiple disks these days, volume encryption software is arguably the most sensible option for efficient encryption. It’s worth noting that if you do only currently work from one partition or drive then a volume encryption solution would also act as partition or disk encryption software respectively.
BestCrypt Volume Encryption features pre-boot authentication, which prevents unauthorised access to both the volume where Windows boots from and the volume where system files are stored.
With the common risks in relying solely on a password it’s also good to see that the software allows for two-factor authentication, which generally means providing two of: something you know (e.g password), something you have (e.g. security token) or something you are (e.g. fingerprint scan). In this case users can combine a hardware token such as a YubiKey (holding the volume encryption key) with a password that must be entered for encryption or decryption.
For Windows users, the latest version of BestCrypt (Version 4 at time of writing) also offers a Single Sign-On (SSO) option, meaning that after entering the BestCrypt decryption password at boot time you can be be logged straight into your account without a requirement for further credentials. Further details on this functionality and use of SSO for multiple user accounts can be found here.
UEFI Secure Boot
Every computer needs a low-level software to manage the boot up process and wake up various components, but the BIOS (Basic Input Output Software) we have known for decades is a bit long in the tooth and lacking in features – including security.
The catchily titled Unified Extensible Firmware Interface (UEFI) now ships as a BIOS replacement in most modern computers and includes secure boot functionality, where the software checks that the Windows boot loader has been signed by Microsoft and isn’t an imposter sneakily trying to run malware outside of the operating system. This helps prevent various ‘Evil Maid’ exploits where an attacker could plug an external drive into a computer and boot from that, bypassing system firmware.
BestCrypt Volume Encryption supports the more secure UEFI boot process.
Multiple Strong Encryption Algorithms
For the encryption process the software also allows you to choose between multiple encryption algorithms:
Key size refers to the number of bits in an encryption algorithm’s key, which determines the maximum number of combinations that would be required to break the algorithm. Everything else being equal, longer keys mean stronger security.
An encryption round is the repeatable sequence of steps a given encryption algorithm will complete as part of the encryption process. For example, AES (Rijndael) completes the functions SubBytes, ShiftRows, MixColumns and AddRoundKey as part of a single round, which can then be repeated up to 14 times depending on the configuration of the algorithm.
With the exception of Camellia all of the algorithms listed were finalists in a NIST (National Institute of Standards and Technology) 2002 competition to become the new Advanced Encryption Standard (AES) and can all be considered strong forms of encryption. Rijndael was eventually selected as the winning standard due to its consistent speed and performance across different hardware and software platforms.
Ultimately, the decision on whether to encrypt your devices is a personal choice, depending on the volumes and types of data stored on them and your (or your employer’s) risk tolerance. If the thought of losing your laptop makes you break out in a cold sweat, BestCrypt Volume Encryption is a solid choice for the cost, packing a range of features.