DriveCrypt

Has anyone had any experience with this program, I'd like an opinion
before I buy, how good is it?



Q: Has the DriveCrypt Plus Pack encryption ever been broken/hacked?

A: No! In the past, we have also launched several contests offering up
to 100,000 US$ for the first person able to open a DriveCrypt encrypted
disk…

Nobody succeeded! (See our press section for more details)



Q: Is there a back door in your software?

A: No. There is no "back door" in our software, and there is no point
in making one as we might risk losing the good reputation of our
products. Besides this, today there is no law in Germany that can force
us to make one in our software.



Q: We are from the "Police" "Tax authority" "Security Company"…. and
are investigating on someone whose computer is protected with your
DriveCrypt software. Since we were not able to break into the protected
computer ourselves, could you please assist us getting access to the
encrypted data? If requested, we can provide you with a court order.

A: Sorry, but our software has been designed to be the most secure in
the industry, and as such not even our programmers are able to break
into a DriveCrypt encrypted computer.

The only way to get access to the protected data is by entering the
correct password known only by the legitimate user.



Q: Does DCPP works with Windows Vista ?

A: Yes, starting from version 3.9 of DCPP Windows Vista (32 bit)
compatibility where added.



Q: Can I encrypt my entire operating System with DCPP ?

A: Yes, you can encrypt your entire operating system without loosing
any data on it.



Q: Does installing DCPP require a complete reinstall of WinXP and
previously installed programs?

A: No, you can just install DCPP on top of the operating system, DCPP
makes the rest.



Q: Does any software and hardware that runs under WinXP / Win Vista
also run under XP/Vista with DCPP?

A: Yes



Q: Does one lose any OS or PC functionality by using DCPP ?

A: Hibernate will not work when using DCPP.



Q: Can one use any DOS based tools on the DCPP disk ?

A: Yes. But in read only mode



Q: Can one use partitioning tools like Partition Magic with DCPP ?

A: No. DCPP encrypts the whole partitions and partitioning tools are
not able to understand the DCPP format.



Q: Can one use imaging tools like Acronis with DCPP

A: Yes, see DCPP user manual for instructions.



Q: Can one use the WinXP recovery console if needed?

A: No, not if the boot disk is encrypted



Q: Does DCPP encrypt only an entire disk or can it work on individual
volumes/partitions?

A: It encrypts individual partitions.



Q: Does DCPP work with hardware RAID? Software RAID?

A: We did not test it, so for now RAID is not supported.



Q: What happens if WinXP /Vista or other software crashes?

A: DCPP allows creation of a Recovery Disk, with this disk you can
decrypt the operating system with the bootable Floppy Disk or CD. Then,
after entering your password, the recovery disk will allow you to
decrypt the disk from the DOS level. This is useful if the operating
system gets corrupted and does not boot anymore normally.



Q: How vulnerable is DCPP to corruption errors? Is there any mechanism
to recover the disk after some corruption?

A: Yes there is the emergency repair disk, which handles recovering
from a corrupt MBR



Q: How much performance penalty is there when running WinXP / Win Vista
under DCPP?

A: Usually the user will not notice any loss of performance, however it
may be possible to measure a loss of 1-3%. This numbers are very system
specific.



Q: Does DCPP work with dynamic volumes?

A: No. If you also need to work with dynamic volumes, please consider
using DriveCrypt in combination with DCPP.



Q: What is the purpose of this new DCPPaid.exe file ?

A: The purpose of this file is to keep reminding the user that his
DriveCrypt Plus Pack evaluation period has expired and he should now
uninstall the software. We Did not think it fair to deny him access to
his disks, or suddenly remind him that it would be unavailable pretty
soon, so we designed this reminder program, which cannot be removed
without uninstalling DriveCrypt Plus Pack. The DCPPaid file is not
spyware, and we do not use it to communicate or store anything about the
user's activities.



Q: I would like to have a personalized version of your software, is
this possible?

A: Yes, please contact us at






Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

George Orwell

I don't want to knock them out of business, but TrueCrypt is free and
open source. I would go with them. You have to take DriveCrypt's word
concerning not having a back door. Even their claim to not having one
because of the loss of reputation can not be verified. For all you
know this could be an intelligence agency front company. Go with
TrueCrypt.

http://www.truecrypt.org/

anonymous

anonymous <> wrote in news:ggjjsk$sst$1
@news.mixmin.net:

> I don't want to knock them out of business, but TrueCrypt is free and
> open source. I would go with them. You have to take DriveCrypt's word
> concerning not having a back door. Even their claim to not having one
> because of the loss of reputation can not be verified. For all you
> know this could be an intelligence agency front company. Go with
> TrueCrypt.
>
> http://www.truecrypt.org/


Truecrypt is an excellent program BUT...

1) You have no idea who the developers are (they remain pseudonymous)

2) Very few people compile the Windows binaries from source; it is
exceedingly difficult to generate binaries from source that match the
binaries provided by Truecrypt (due to compiler options, etc.)

3) There are NO (zip, nada, zilch) published detailed reviews of the
source code. Availability of open-source *doesn't* mean that reviews
actually get done!

4) Truecrypt has ruthlessley suppressed all earlier versions (from
wayback, sourceforge, oldapps, etc.) even though they were supposedly
open-source (thus making incremental review impossible). This is
ominous!

5) There is no public mechanism for submission and review of bug
reports, etc. Any bug database, etc. is CLOSED! to the public, with only
a "bug report form" available that goes into a black hole unacknowledged.

6) The Truecrypt forums are run in an exceedingly autocratic and
unfriendly way, with many posts arbitrarily removed. Many topics (not
just the ones in the posting guidelines) are "off limits." Moreover, the
forums sometimes close unexplained for long periods (a month or more) and
reemerge with many posts purged. The moderators make it very difficult
for posters to contact each other directly.

7) The license for Truecrypt is NOT open source (e.g., doesn't meet OSI
criteria) and is quite restrictive.

There are a number of rationales presented in defence of the above points
by the developers (e.g., centralized control, quality, reputation, etc.)
but they are all, IMHO, very weak in contrast to the opposing views.

In short, there is NO substantive public evidence that Truecrypt's source
code has been the subject of thorough review, nor is there any reason to
rely on the credentials of the developers (since they remain anonymous).
In that absence, using Truecrypt is an act of blind faith every bit as
much (or more!) than using a closed-source encryption program.

Regards,

nemo_outis

John Smith <> wrote in
news:492d9b8a$0$26143$ ster.com:

> DriveCrypt does have an excellent reputation...... And good support.
> It looks like the best on the market now are the paid PGP products and
> the DriveCrypt Plus Pack.

With commercial developers there are a number of things to look for:

1) Company rep
2) Product rep (including bugtraq bugs, etc.)
3) Company Support
4) Price
5) For the paranoid: Company location (outside US, NATO countries, etc.)
6) Product features (especially whether you need the "corporate
adminsitrative stuff" - most vendors make most of their money from
companies, not consumers)
7) Third-party certification, especially FIPS-2.

For instance, Winmagic's Securedoc (from Canada) has FIPS-2 Level 2
certification. No, that isn't equivalent to open-source and some people
believe even the independent FIPS labs may be compromised, but it does
mean the product has undergone a rigorous independent review using a
standardized process.

However, getting FIPS-2 certification is costly and some feel it is
mostly just a marketing thing (like ISO 9000) so that it can be bought by
government and corporate customers who have to comply with **** like
HIPAA and need to cover their butts for necessary certifications/due
diligence.

My personal preference (yes, even over Truecrypt) is closed-source
commercial Bestcrypt Volume Encryption from Jetico (in Finland). Cutting
edge technology (RAID, XTS, multi-password, etc.) from a company with a
long track record. (No FIPS-2 cert though.)

While Bestcrypt or Truecrypt is enough for most, for those with serious
needs I recommend taking the performance and complication hit and using a
multi-layer approach which largely eliminates any single point of failure
(e.g., if one product has a bug or backdoor).

For instance, one might use a Seagate Momentus FDE-2 hardware-encrypted
drive, with Bestcrypt whole-disk encryption layered on. Real paranoids
might even add a third layer, keeping especially sensitive data in
Truecrypt container files.

Regards,

nemo_outis

George Orwell wrote:

> Has anyone had any experience with this program, I'd like an opinion
> before I buy, how good is it?

Forget Drivecrypt... there's at the very least three open source,
time tested, free alternatives that aren't distributed by snake
oil peddlers with strong ties to known net scum like the "Evidence
Eliminator" spammers and Privacy.LIE criminals.

> Q: Has the DriveCrypt Plus Pack encryption ever been broken/hacked? =20

Hard to say. We don't KNOW of any such incident, but it's quite
possible DCPP even has some sort of "back door" coded right into it
so that anyone with the keys can hack right in no problem. Let
alone some flaw that someone discovered and hasn't released for
obvious reasons.

> A: No! In the past, we have also launched several contests offering up
> to 100,000 US$ for the first person able to open a DriveCrypt encrypted
> disk=E2=80=A6 =20
> =20
> Nobody succeeded! (See our press section for more details) =20

Anyone who knows anything about encryption software knows what a
sham these sorts of challenges really are. They prove nothing.
Smoke and mirrors designed to cover up the fact that you don't have
enough faith in your own product to subject it to critical, expert
analysis.=20

> Q: Is there a back door in your software? =20
> =20
> A: No. There is no "back door" in our software, and there is no point
> in making one as we might risk losing the good reputation of our

Tell it to the people at JAP, suckers. That little incident both
highlighted the fact that encryption software absolutely CAN and IS
back doored in spite of any concerns about "reputation", and how
open source can be a viable tool against such attacks.

> products. Besides this, today there is no law in Germany that can force
> us to make one in our software. =20

ROTFL!

JAP was back doored by the **German** authorities.

<stupid **** snipped>

Peri Bathous

nemo_outis wrote:

> My personal preference (yes, even over Truecrypt) is closed-source
> commercial Bestcrypt Volume Encryption from Jetico (in Finland). Cutting

1. Bestcrypt isn't closed source, you ninny.

2. What happened to you prattling on about it being "whole disk"?

Anonymous

Anonymous <> wrote in
news:20081127001123.360691A77CB@isole:

> nemo_outis wrote:
>
>> My personal preference (yes, even over Truecrypt) is closed-source
>> commercial Bestcrypt Volume Encryption from Jetico (in Finland).
>> Cutting
>
> 1. Bestcrypt isn't closed source, you ninny.

Bestcrypt Volume Encryption, the whole-disk version for Windows, is
closed source. *Some but NOT all* of the source code is available for
review under the SDK (software development kit), and furthermore even
this limited source code is NOT provided under an open-source licence.

(PGP Whole Disk Encryption also makes part but NOT all of its source code
available under a restrictive licence, and it too is not open source.
Bestcrypt makes all its Linux source code available for inspection, but
NOT under an open-source licence. Further, the Linux version does NOT
provide whole disk encryption.)

Bestcrypt (and PGP) are to be commended for this, but it falls far short
of making them open-source programs. Being only "partly closed-source" is
like being only "slightly pregnant."

> 2. What happened to you prattling on about it being "whole disk"?

Bestcrypt is described as "Whole disk encryption" under the first bullet
of the Wikipedia subheading "Features" in its article on Bestcrypt.
http://en.wikipedia.org/wiki/BestCrypt

Further, even the opening defining words of the Wikipedia article on the
topic treat "full disk encryption" and "whole disk encryption" as
synonymous.
http://en.wikipedia.org/wiki/Full_disk_encryption

If you, who are terminologically obtuse, disagree, go argue with the
Wikipedia and stop being a nuisance here.

Regards,

nemo_outis

> 6) The Truecrypt forums are run in an exceedingly autocratic and
> unfriendly way, with many posts arbitrarily removed. Many topics (not
> just the ones in the posting guidelines) are "off limits." Moreover, the
> forums sometimes close unexplained for long periods (a month or more) and
> reemerge with many posts purged. The moderators make it very difficult
> for posters to contact each other directly.

I second that, Truecrypt forums are extremly low quality, they go down
when they feel like it and you can not register with them unless you
use your ISP email which takes away your anonymity.
>
> 7) The license for Truecrypt is NOT open source (e.g., doesn't meet OSI
> criteria) and is quite restrictive.

Quite right, this is the reason why almost all of the Linux
distributions will not include truecrypt, because they do not use the
GPL License. When I have suggested some distro developer to include
Truecrypt out of the box they always point at me at their restrictive
license. Open source does not mean it is necessary GPL licensed.

--
Privacylover: http://www.privacylover.com

Box750

>> products. Besides this, today there is no law in Germany that can force
>> us to make one in our software. =20
>
> ROTFL!
>
> JAP was back doored by the **German** authorities.
>
Thats correct, and Hushmail was backdoored by the Canadian
authorities at the request of the FBI.

But a HD encryption product is different from a proxy or Email
service, JAP and Hushmail both where backdoored to spy on a
SINGLE individual, if you backdoor a HD encryption product then
all users will be compromised regardless of who they are, this is not
admissible by any country standards, US,Germany or France.

It has been done in the past to intercept communications in mass, but
this remains illegal and no court will authorise this. This kind of
"intelligence" can not usually be used in court against you.

--
Privacylover: http://www.privacylover.com

Box750

nemo_outis wrote:

> Anonymous <> wrote in
> news:20081127001123.360691A77CB@isole:
>
> > nemo_outis wrote:
> >
> >> My personal preference (yes, even over Truecrypt) is closed-source
> >> commercial Bestcrypt Volume Encryption from Jetico (in Finland).
> >> Cutting
> >
> > 1. Bestcrypt isn't closed source, you ninny.
>
> Bestcrypt Volume Encryption, the whole-disk version for Windows, is
> closed source. *Some but NOT all* of the source code is available for

Sorry, but you're mistaken.

> (PGP Whole Disk Encryption also makes part but NOT all of its source code

Good grief. You got spanked on this one months ago with a link
right to the complete source code package.

> Bestcrypt is described as "Whole disk encryption" under the first bullet
> of the Wikipedia

Wikipedia... now there's an authoritative source.

Jetico says it's not whole disk, Wikipedia says it is, and you like
a dumbass go with Wikipedia just to try and avoid admitting you're
wrong.

You poor, pathetic, git. If you weren't such a pompous blowhard I'd
actually feel sorry for you.

~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. Please report spam or misuse to the remailer-operator:
<>

Nightmix-Remailer