CryptDisk Features

May 7 2018

• Designed for daily use
  CryptDisk is intended to be used every day, and tries to make using it as convenient as possible without compromising strong data security.
• Lightweight and portable
  CryptDisk requires only four files, which can be kept in a zipfile less than 650KB. No installer is required, simply run CryptDisk.exe and it will automatically configure itself. Admin privileges are only required once, after the first configuration it can run using normal user privileges.
• Full Windows Compatibility
  CryptDisk runs on Windows Vista, 7, 8, 8.1, 10, and 11 (24H2) including with Secure Boot enabled. I'm sure it would run on Windows 9, if there were such a thing.
• Strong password hashing
  Passwords are hashed using Argon2, winner of the Password Hashing Competition in July 2015. Argon2 uses a variety of methods to make it difficult to derive the cryptographic secret from the plain text password, providing a defense against dictionary and rainbow attacks.
• Strong block ciphers
  Keys can use AES256 (Rijndael), Salsa20, and ChaCha20 block ciphers. Each of these have been extensively tested and proven on their own.
• Hybrid ciphers
  The fundamental ciphers are combined to create hybrids, including AES256-Salsa, AES256-ChaCha, Salsa-ChaCha, AES256-Salsa-ChaCha.
• Customizable Rounds
  The number of internal rounds for each block cipher can be customized, effectively creating a new custom block cipher.
• Block Chains
  Each block cipher uses block chains to obscure any patterns that may be present in the source data. This also makes sure any change to any data in the stream will invalidate any subsequent data.
• Entropy Streams
  Each cipher stream is salted with a very large random number. This means every stream (ie every disk sector) will be completely different, even when the plain text may be identical.
• Key Files
  Keys are generated using a very large entropy set. The password only unlocks the key file, and the very large entropy within is used to encrypt the data. This provides both a second level of security (password + key file) and better secrets. Key passwords can be changed without needing to re-encrypt the data.
• Ad Hoc Keys
  Sometimes key files are impractical or inconvenient. Ad hoc keys are derived strictly from the password without using key files. This is useful when passwords need to be exchanged verbally without any digital files.
• Scriptable commands
  All CryptDisk features can be invoked using text scripts. This makes it easy to automate routine or complicated tasks. Stdio Redirector
• File Encryption
  CryptDisk provides commands to encrypt and decrypt individual files using the same keys used for virtual disks.
• Public Key Pairs
  Public/private key pairs can be created, exported, imported, and combined to create encryption keys. This lets users exchange public keys that can be combined with the private keys to access shared encrypted disks and files without ever sharing any passwords.
• Fast Disk Cloning
  Virtual disks can be cloned, which can subsequently be synchronized using differential updates. This vastly reduces the time required to update disks used on different systems, since only the modified sectors need to be copied. This makes it fast and easy to keep backups of virtual disks, even when they are very large. More info: Volume Clones
• Key Cloning
  Key files can be cloned to use a different password while retaining the same internal secret. This lets admins distribute keys with with different passwords that access the same shared disks and files.
• Disk Rekeying
  Disks can be re-encrypted using an entirely different key. This lets a user switch to a different key while leaving the disk image untouched. This is useful when a key has been compromised.
• Restricted View
  Disks can be mounted in restricted view. This restricts disk access to only programs launched by CryptDisk.exe, protecting extremely private data from exposure to background tasks such as file indexers.
• Snatch-and-Run Protection
  The WatchDog feature can automatically unmount disks if your laptop is removed from your physical control.

What CryptDisk Does Not Do

• Bootable Drives: CryptDisk cannot create bootable disks. If this is a requirement, look into VeraCrypt.
• Hidden Volumes: I never saw the need or value.
• Unix Compatibility: While all the encryption algorithms are well-known standards, I did not spend any time trying to make the output compatible with any other implementation. CryptDisk cannot be used to exchange encrypted disks or files with other systems that do not use CryptDisk.
• BitCoins: Don't get me started.