Views
[edit] DiskCryptor FAQ
Q: What file systems does DiskCryptor support?
A: DiskCryptor supports FAT12, FAT16, FAT32, NTFS and exFAT file systems.
Q: Does DiskCryptor work with RAID volumes?
A: Yes, DiskCryptor works with any RAID volumes, that are supported by your system.
Q: Will I still be able to access my encrypted disk if bad sectors will appear on it?
A: Yes. You will be able to work with that disk the same way as if it was regular non-encrypted one, but with an exception when it comes to volume header. If header will become lost, so will all your data on that disk. Therefore it is strongly recommended that you keep a copy of volume header in a safe place, by backing it up from programs menu "Tools->Backup Header".
Q: Is it safe to use chkdsk and Disk Defragmenter tools on encrypted disks?
A: Yes. It is perfectly safe to use any such tools that are interacting with a file system of an encrypted disk.
Q: Are there plans to include the feature for creation of hidden partitions and hidden OS?
A: Yes, this is planned for future versions. Currently, security aspects of this concept are being worked upon.
Q: Are you going to implement the feature, so that the data will be destroyed on entering the second password?
A: No, that would not be implemented, because of the security concerns. DiskCryptor incorporates only conceptual security models for data protection, that are based on a reliable and well-studied algorithms. Future versions are planned to have an option for secure partition deletion, that can be used for data destruction before an adversary can gain access to it. As soon as an adversary gains access to your data storage medium, destruction of data becomes impossible, because a foe can make backup copies beforehand.
Q: Will the DiskCryptor project become commercial, or if there is a plan to make a commercial version of the program?
A: No. DiskCryptor will always be distributed under the free GPL license. There are many proprietary encryption programs, however they are completely useless, as there no proofs of their reliability, - proof being an open source code. Trustworthy and safe cryptographic software cannot be closed source - this is an axiom.
Q: How safe is it to use DiskCryptor? Can I be sure, that no one will break into my data?
A: There is nothing that can be safe in the world, and there are quite a few means to open data without breaking encryption algorithms. Data can be exposed because of malware infestation, or by trying a large number of password possibilities (if you have a weak password), or due to attacks with a physical access to a live system, and other methods. If you cannot prepare for all these different possibilities, then there is a risk that an adversary will use them. As far as possible, DiskCryptor tries to protect you from a number of program attacks, the guarantee of safety, however, can only be achieved through a comprehensive approach to security, which requires for you to have corresponding knowledge. You can read more about the subject, in the article "Risks of using cryptographic software and possible ways of data leaks".
Q: Is there a compatibility with multi-boot managers, and if it is possible to place boot loader on an external medium?
A: Yes, all that is possible. Please refer to the documentation.
Q: Can I make a donation to aid the development of the project?
A: Currently donations are not accepted.
Q: Is it possible for the password to my disk and/or its contents to be compromised by a malware?
A: Yes, malware running with administrative privileges, may extract the password from the memory and to read any data. DiskCryptor does not protect you from malware. This is not a vulnerability of the program, as such kind of protection is not a part of the cryptographic software function.
Q: I would like DiskCryptor to have built-in functionality for protection against malware/trojans/keyloggers.
A: There will never be such functionality in the original project, as I adhere to the concept of provable security. Reliability of protection from malware cannot be affirmatively linked to the strength of cryptographic primitives, so that is why in order to maintain the reputation of the program, such protection functionality will never be implemented. Nevertheless, you can make your own fork of the project, and to determine its development policy, yourself.
Q: How can I protect myself from "Evil Maid Attack" type of malware?
A: To protect yourself from such type of attacks, you need to use bootloader that is placed on an external CD/USB medium, and is configured to boot your OS from a specified partition. In that scenario, your hard disk will have no unencrypted executable code. A more sophisticated adversary, however, may infect BIOS or tamper with a hardware, therefore you should take it as a rule, that if an adversary have had a physical access to your computer, then this computer (or its individual parts) is no longer suitable for processing confidential data.
Q: The built-in benchmark shows that encryption speed is 300 MB/sec, but during the actual encryption process, its speed has been no higher than 20 MB/sec. Why?
A: In this case, we are talking about different kind of speeds. The built-in benchmark shows the top speed with which cryptographic algorithms can perform, and this speed is depended on your CPU. But during the encryption of a partition, we see the speed of disk access in alternating read/write mode. The speed reflected in built-in benchmark is applicable when working with already encrypted volume.
Q: How does the "Wipe Mode" function work? After wiping I still can recover deleted files on a mounted encrypted volume, so what does it do?
A: The wipe that DiskCryptor performs is a bit different from what you might have come to expect with tools such as Eraser. Wipe function in DiskCryptor does not delete files nor any remnant data that a file system might contain. This is not necessary for DiskCryptor to do, because the programs encrypts the whole file system, with all the visible and invisible data that it has. What "Wipe Mode" does, is that it prevents possibility to recover data by examining residual magnetic energy, which can be done on a specialist equipment. When in "Wipe Mode", DiskCryptor reads each sector's data, wipes the sector, and then writes the encrypted data back to it. So any data that was there before, including deleted files, will still be there when the encrypted volume is later mounted.
Links
