BestCrypt: Cross-Platform Filesystem Encryption
I mentioned that BestCrypt for Linux has a GUI, but as of this writing it's still in a beta state. BC_Panel (Figure 2) is available only as a binary RPM.
On the one hand, BC_Panel (the binary is actually called bestcrypt, but for clarity's sake I'll stick to BC_Panel here) is stable, obviously well written and at least cosmetically is very similar to its Windows counterpart. However, BC_Panel supports only a subset of the functionality provided by bctool and therefore, only a subset of the Windows GUI for BestCrypt; it isn't quite up to date with either.
For example, the New (container) dialog lists only a few possible algorithm options out of the ten or so actually supported. Worse still, trying to create a container with any of the algorithms presented as options by BC_Panel fails with an error message unless you're logged on (and running X) as root.
If you're root, BC_Panel does successfully create, format, mount, unmount and re-encrypt (with a different algorithm) BestCrypt containers, and even dynamically detects and lists containers mounted by the bctool command (for volumes on which the user running BC_Panel has read-permissions, that is). Thus, while I wouldn't rely on it for production use, BC_Panel seems to be useful for certain maintenance functions (if you don't mind conducting entire X sessions as root) and generally shows great promise; I hope Jetico releases a production-worthy version of it soon.
Okay, I've established that BestCrypt is easy to install and use under Linux. But what about its compatibility with Windows? And what kind of potential does BestCrypt have for bringing disk-volume encryption to the Windows-using masses? The news is good on both counts.
For the past week I've been alternating booting my laptop system to Windows 98 and SuSE Linux 7.1, using the same BestCrypt container (which resides on my DOS/VFAT partition) as the working directory for my writing activities under both OSes. Other than an apparently harmless blue-screen error when I shut down Windows (Windows complains that one or more files are still open on the BestCrypt volume when it's unmounted), BestCrypt has performed flawlessly. I've lost no data, noticed no slowdown in disk performance when using the BestCrypt volume and have noticed no discrepancies whatsoever between the two versions of BestCrypt's handling of my shared container.
Equally nifty, I've had to invest practically no time at all in reading documentation or scanning mailing-list postings in order to use BestCrypt under Windows (unlike practically every other tool I've written about lately). BestCrypt's Windows GUI is extremely easy to use (Figure 3).
Granted, I'm intimately acquainted with the inner workings of public-key cryptography and have used other tools like PGPdisk for years. In other words, my credentials as an ordinary end user are suspect, to say the least. Still, I feel confident in stating that as far as usability is concerned, BestCrypt has at least an equally good chance asPGPdisk had in becoming the essential mainstream tool that elevates the masses to a Zen-like state of encrypted-volume enlightenment (and security).
What I'm not confident stating is that based on painstaking cryptanalysis and code review, I believe BestCrypt to be impregnable. (Boy, I sure hope that sentence never gets partially quoted. Good thing those Jetico folks seem so highly principled!) Being neither a professional cryptologist nor even a programmer, I will have to leave it to others to judge the real strength of BestCrypt's security.
What I can tell you is that BestCrypt supports an impressive collection of known-good algorithms (or, as the more cynically minded might put it, it's “crypto-buzzword-compliant”), including the newly announced US Government Advanced Encryption Standard, Rijndael, plus two of the more promising runners-up in the AES contest: Ron Rivest's RC6 and Bruce Schneier's Twofish. If all three of those are too new for you, BestCrypt also supports Triple-DES, Blowfish (with several different key sizes), IDEA, CAST and the Russian Federal standard GOST algorithm. BestCrypt also supports “single” DES, though its use isn't recommended due to its easily brute-forced (small) key size.
As an added bonus, Windows users get two additional features: Swap-file encryption, which protects you from attempts by others to extract passwords and other sensitive data from your Windows swap-file, and BCWipe, a low-level file eraser. Of these two, the swap-file encryption feature doesn't appear to be part of the Linux version yet.
BCWipe, however, can be purchased separately for Linux (i.e., it isn't bundled with BestCrypt as it is in the Windows version). BCWipe, like PGP's Wipe feature, repeatedly overwrites the data that remains when you “delete” a file, making it nearly impossible for deleted data to be recovered by any but the most sophisticated disk-recovery tools (if at all).
Thus, to the best of my qualifications in determining so, BestCrypt's security appears to be strong from a technical standpoint: it supports a number of important cryptographic and noncryptographic security technologies.
|Understanding OpenStack's Success||Feb 21, 2017|
|Natalie Rusk's Scratch Coding Cards (No Starch Press)||Feb 17, 2017|
|Own Your DNS Data||Feb 16, 2017|
|IGEL Universal Desktop Converter||Feb 15, 2017|
|Simple Server Hardening||Feb 14, 2017|
|Server Technology's HDOT Alt-Phase Switched POPS PDU||Feb 13, 2017|
- Understanding OpenStack's Success
- Own Your DNS Data
- Simple Server Hardening
- Understanding Firewalld in Multi-Zone Configurations
- Teradici's Cloud Access Platform: "Plug & Play" Cloud for the Enterprise
- Returning Values from Bash Functions
- From vs. to + for Microsoft and Linux
- Natalie Rusk's Scratch Coding Cards (No Starch Press)
- Bash Shell Script: Building a Better March Madness Bracket
- IGEL Universal Desktop Converter
Pick up any e-commerce web or mobile app today, and you’ll be holding a mashup of interconnected applications and services from a variety of different providers. For instance, when you connect to Amazon’s e-commerce app, cookies, tags and pixels that are monitored by solutions like Exact Target, BazaarVoice, Bing, Shopzilla, Liveramp and Google Tag Manager track every action you take. You’re presented with special offers and coupons based on your viewing and buying patterns. If you find something you want for your birthday, a third party manages your wish list, which you can share through multiple social- media outlets or email to a friend. When you select something to buy, you find yourself presented with similar items as kind suggestions. And when you finally check out, you’re offered the ability to pay with promo codes, gifts cards, PayPal or a variety of credit cards.Get the Guide