BestCrypt: Cross-Platform Filesystem Encryption
I mentioned that BestCrypt for Linux has a GUI, but as of this writing it's still in a beta state. BC_Panel (Figure 2) is available only as a binary RPM.
On the one hand, BC_Panel (the binary is actually called bestcrypt, but for clarity's sake I'll stick to BC_Panel here) is stable, obviously well written and at least cosmetically is very similar to its Windows counterpart. However, BC_Panel supports only a subset of the functionality provided by bctool and therefore, only a subset of the Windows GUI for BestCrypt; it isn't quite up to date with either.
For example, the New (container) dialog lists only a few possible algorithm options out of the ten or so actually supported. Worse still, trying to create a container with any of the algorithms presented as options by BC_Panel fails with an error message unless you're logged on (and running X) as root.
If you're root, BC_Panel does successfully create, format, mount, unmount and re-encrypt (with a different algorithm) BestCrypt containers, and even dynamically detects and lists containers mounted by the bctool command (for volumes on which the user running BC_Panel has read-permissions, that is). Thus, while I wouldn't rely on it for production use, BC_Panel seems to be useful for certain maintenance functions (if you don't mind conducting entire X sessions as root) and generally shows great promise; I hope Jetico releases a production-worthy version of it soon.
Okay, I've established that BestCrypt is easy to install and use under Linux. But what about its compatibility with Windows? And what kind of potential does BestCrypt have for bringing disk-volume encryption to the Windows-using masses? The news is good on both counts.
For the past week I've been alternating booting my laptop system to Windows 98 and SuSE Linux 7.1, using the same BestCrypt container (which resides on my DOS/VFAT partition) as the working directory for my writing activities under both OSes. Other than an apparently harmless blue-screen error when I shut down Windows (Windows complains that one or more files are still open on the BestCrypt volume when it's unmounted), BestCrypt has performed flawlessly. I've lost no data, noticed no slowdown in disk performance when using the BestCrypt volume and have noticed no discrepancies whatsoever between the two versions of BestCrypt's handling of my shared container.
Equally nifty, I've had to invest practically no time at all in reading documentation or scanning mailing-list postings in order to use BestCrypt under Windows (unlike practically every other tool I've written about lately). BestCrypt's Windows GUI is extremely easy to use (Figure 3).
Granted, I'm intimately acquainted with the inner workings of public-key cryptography and have used other tools like PGPdisk for years. In other words, my credentials as an ordinary end user are suspect, to say the least. Still, I feel confident in stating that as far as usability is concerned, BestCrypt has at least an equally good chance asPGPdisk had in becoming the essential mainstream tool that elevates the masses to a Zen-like state of encrypted-volume enlightenment (and security).
What I'm not confident stating is that based on painstaking cryptanalysis and code review, I believe BestCrypt to be impregnable. (Boy, I sure hope that sentence never gets partially quoted. Good thing those Jetico folks seem so highly principled!) Being neither a professional cryptologist nor even a programmer, I will have to leave it to others to judge the real strength of BestCrypt's security.
What I can tell you is that BestCrypt supports an impressive collection of known-good algorithms (or, as the more cynically minded might put it, it's “crypto-buzzword-compliant”), including the newly announced US Government Advanced Encryption Standard, Rijndael, plus two of the more promising runners-up in the AES contest: Ron Rivest's RC6 and Bruce Schneier's Twofish. If all three of those are too new for you, BestCrypt also supports Triple-DES, Blowfish (with several different key sizes), IDEA, CAST and the Russian Federal standard GOST algorithm. BestCrypt also supports “single” DES, though its use isn't recommended due to its easily brute-forced (small) key size.
As an added bonus, Windows users get two additional features: Swap-file encryption, which protects you from attempts by others to extract passwords and other sensitive data from your Windows swap-file, and BCWipe, a low-level file eraser. Of these two, the swap-file encryption feature doesn't appear to be part of the Linux version yet.
BCWipe, however, can be purchased separately for Linux (i.e., it isn't bundled with BestCrypt as it is in the Windows version). BCWipe, like PGP's Wipe feature, repeatedly overwrites the data that remains when you “delete” a file, making it nearly impossible for deleted data to be recovered by any but the most sophisticated disk-recovery tools (if at all).
Thus, to the best of my qualifications in determining so, BestCrypt's security appears to be strong from a technical standpoint: it supports a number of important cryptographic and noncryptographic security technologies.
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
|Dynamic DNS—an Object Lesson in Problem Solving||May 21, 2013|
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
- RSS Feeds
- Dynamic DNS—an Object Lesson in Problem Solving
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- A Topic for Discussion - Open Source Feature-Richness?
- Validate an E-Mail Address with PHP, the Right Way
- Drupal Is a Framework: Why Everyone Needs to Understand This
- What's the tweeting protocol?
- Tech Tip: Really Simple HTTP Server with Python
- BASH script to log IPs on public web server
4 hours 7 min ago
7 hours 43 min ago
- Reply to comment | Linux Journal
8 hours 15 min ago
- All the articles you talked
10 hours 39 min ago
- All the articles you talked
10 hours 42 min ago
- All the articles you talked
10 hours 43 min ago
15 hours 8 min ago
- Keeping track of IP address
16 hours 59 min ago
- Roll your own dynamic dns
22 hours 12 min ago
- Please correct the URL for Salt Stack's web site
1 day 1 hour ago