FreeOTFE is a discontinued

open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...

computer program for on-the-fly disk encryption (OTFE). On

Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

, and

Windows Mobile Windows Mobile is a discontinued mobile operating system developed by Microsoft for smartphones and personal digital assistants (PDA). Designed to be the portable equivalent of the Windows desktop OS in the emerging Mobile device, mobile/port ...

(using FreeOTFE4PDA), it can create a

virtual drive Virtual disk and virtual drive are software components that emulate an actual disk storage device. Virtual disks and virtual drives are common components of virtual machines in hardware virtualization, but they are also widely used for various pu ...

within a file or partition, to which anything written is automatically encrypted before being stored on a computer's

hard Hard means something that is difficult to do. It may also refer to: * Hardness, resistance of physical materials to deformation or fracture * Hard water, water with high mineral content Arts and entertainment * Hard (TV series), ''Hard'' (TV ser ...

USB Universal Serial Bus (USB) is an industry standard, developed by USB Implementers Forum (USB-IF), for digital data transmission and power delivery between many types of electronics. It specifies the architecture, in particular the physical ...

drive. It is similar in function to other disk encryption programs including

TrueCrypt TrueCrypt is a discontinued source-available freeware utility software, utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, encrypt a Disk partitioning, partition, or encrypt the whole Data storag ...

and Microsoft's

BitLocker BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the Advanced Encryption Standard ...

. The author, Sarah Dean, went absent as of 2011. The FreeOTFE website is unreachable as of June 2013 and the domain name is now registered by a

domain squatter Cybersquatting (also known as domain squatting) is the practice of registering, trafficking in, or using an Internet domain name, with a bad faith intent to profit from the goodwill of a trademark belonging to someone else. The term is derived fro ...

. The original program can be downloaded fro
a mirror at Sourceforge
In June 2014, a

fork In cutlery or kitchenware, a fork (from 'pitchfork') is a utensil, now usually made of metal, whose long handle terminates in a head that branches into several narrow and often slightly curved tines with which one can spear foods either to h ...

of the project now named LibreCrypt appeared on

GitHub GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug trackin ...

Overview

''FreeOTFE'' was initially released by Sarah Dean in 2004, and was the first open source code disk encryption system that provided a modular architecture allowing 3rd parties to implement additional algorithms if needed. Older FreeOTFE licensing required that any modification to the program be placed in the

public domain The public domain (PD) consists of all the creative work to which no Exclusive exclusive intellectual property rights apply. Those rights may have expired, been forfeited, expressly Waiver, waived, or may be inapplicable. Because no one holds ...

. This does not conform technically to section 3 of the

Open Source definition ''The Open Source Definition'' (OSD) is a policy document published by the Open Source Initiative. Derived from the Debian Free Software Guidelines written by Bruce Perens, the definition is the most common standard for open-source software. ...

. Newer program licensing omits this condition. The FreeOTFE license has not been approved by th
Open Source Initiative
and is not certified to be labeled with the open-source certification mark. This software is compatible with Linux encrypted volumes (e.g.

LUKS The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux. LUKS implements a platform-independent standard on-disk format for use in various tools. This facilitate ...

cryptoloop Cryptoloop is a Linux kernel's disk encryption module that relies on the Crypto API, which is a cryptography framework introduced in version 2.5.45 of the Linux kernel mainline. Cryptoloop was first introduced in the 2.5.x kernel series; its funct ...

dm-crypt dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike ...

), allowing data encrypted under Linux to be read (and written) freely. It was the first open source transparent disk encryption system to support

Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft W ...

and PDAs. Optional

two-factor authentication Multi-factor authentication (MFA; two-factor authentication, or 2FA) is an electronic authentication method in which a user is granted access to a website or Application software, application only after successfully presenting two or more distin ...

using

smart card A smart card (SC), chip card, or integrated circuit card (ICC or IC card), is a card used to control access to a resource. It is typically a plastic credit card-sized card with an Embedded system, embedded integrated circuit (IC) chip. Many smart ...

s and/or

hardware security module A hardware security module (HSM) is a physical computing device that safeguards and manages secrets (most importantly digital keys), and performs encryption and decryption functions for digital signatures, strong authentication and other crypt ...

s (HSMs, also termed

security tokens A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to, or in place of, a password. Examples of security tokens include wireless key cards used to open locked doors, ...

) was introduced in v4.0, using the PKCS#11 (Cryptoki) standard developed by

RSA Laboratories RSA Security LLC, formerly RSA Security, Inc. and trade name RSA, is an American computer and network security company with a focus on encryption and decryption standards. RSA was named after the initials of its co-founders, Ron Rivest, Adi Sh ...

. ''FreeOTFE'' also allows any number of "hidden volumes" to be created, giving

plausible deniability Plausible deniability is the ability of people, typically senior officials in a formal or informal chain of command, to deny knowledge or responsibility for actions committed by or on behalf of members of their organizational hierarchy. They may ...

and

deniable encryption In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists. The use ...

, and also has the option of encrypting full partitions or disks (but not the system partition).

Portable use

FreeOTFE can be used in "portable" (or "traveller") mode, which allows it to be kept on a

drive or other portable media, together with its encrypted data, and carried around. This allows it to be used under

without installation of the complete program to "mount" and access the encrypted data through a virtual disk. The use of this mode requires installing

device drivers In the context of an operating system, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabli ...

(at least temporarily) to create virtual disks, and as a consequence administrator rights are needed to start this traveller mode. As with most open source software that uses device drivers, the user must enable test signing when running Windows Vista x64 and Windows 7 x64 systems.Additional Information for Windows Vista x64 and Windows 7 x64 Users
/ref>

Driverless operation

Packaged with FreeOTFE is another program called "FreeOTFE Explorer",
/ref> which provides a ''driverless system'' that allows encrypted disks to be used without administrator rights. This allows FreeOTFE encrypted data to be used on (for example) public computers found in libraries or computer kiosks (

interactive kiosk An interactive kiosk is a computer terminal featuring specialized hardware and software that provides access to information and applications for communication, commerce, entertainment, or education. By 2010, the largest bill pay kiosk network ...

s), where administrator rights are unavailable. Unlike FreeOTFE, FreeOTFE Explorer does not provide on-the-fly encryption through a virtual drive. Instead it lets files be stored and extracted from encrypted disk images, in a similar manner as ZIP and RAR archives, by using a

Windows Explorer File Explorer, previously known as Windows Explorer, is a file manager application and default desktop environment that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user i ...

like interface.

Algorithms implemented

Due to its architecture, FreeOTFE provides great flexibility to the user with its encryption options.

Ciphers

FreeOTFE implements several ciphers, including: * AES *

Blowfish Tetraodontidae is a family of marine and freshwater fish in the order Tetraodontiformes. The family includes many familiar species variously called pufferfish, puffers, balloonfish, blowfish, blowers, blowies, bubblefish, globefish, swellfish, ...

* CAST5 /

CAST6 In cryptography, CAST-256 (or CAST6) is a symmetric-key block cipher published in June 1998. It was submitted as a candidate for the Advanced Encryption Standard (AES); however, it was not among the five AES finalists. It is an extension of an ...

* DES /

Triple DES In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The 56-bit key of the Dat ...

MARS Mars is the fourth planet from the Sun. It is also known as the "Red Planet", because of its orange-red appearance. Mars is a desert-like rocky planet with a tenuous carbon dioxide () atmosphere. At the average surface level the atmosph ...

RC6 In cryptography, RC6 (Rivest cipher 6) is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard (AES) competition. ...

Serpent Serpent or The Serpent may refer to: * Snake, a carnivorous reptile of the suborder Serpentes Mythology and religion * Sea serpent, a monstrous ocean creature * Serpent symbolism, the snake in religious rites and mythological contexts * Serpen ...

Twofish In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but it was not selected for standardization. Two ...

It includes all

National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into Outline of p ...

(NIST)

Advanced Encryption Standard The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant ...

(AES) finalists, and all ciphers can be used with multiple different keylengths.

Cipher modes

FreeOTFE originally offered encryption using

cipher-block chaining In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transforma ...

(CBC) with encrypted salt-sector initialization vector (

ESSIV Disk encryption is a special case of data at rest protection when the storage medium is a sector-addressable device (e.g., a hard disk). This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussio ...

), though from v3.00 introduced LRW and also the more secure XTS mode, which supersedes LRW in the

IEEE P1619 Institute of Electrical and Electronics Engineers (IEEE) standardization project for encryption of stored data, but more generically refers to the Security in Storage Working Group (SISWG), which includes a family of standards for protection of s ...

standard for disk encryption.

Hashes

As with its cipher options, FreeOTFE offers many different hash algorithms: * MD2 *

MD4 The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms. The initialism "MD" st ...

MD5 The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as Request for Comments, RFC 1321. MD5 ...

* RIPEMD-128 *

RIPEMD-160 RIPEMD (RIPE Message Digest) is a family of cryptographic hash functions developed in 1992 (the original RIPEMD) and 1996 (other variants). There are five functions in the family: RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320, of ...

* RIPEMD-224 * RIPEMD-320 *

SHA-1 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecimal digits. It was designed by the United States ...

SHA-224 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...

SHA-256 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compressi ...

SHA-384 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...

SHA-512 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...

Tiger The tiger (''Panthera tigris'') is a large Felidae, cat and a member of the genus ''Panthera'' native to Asia. It has a powerful, muscular body with a large head and paws, a long tail and orange fur with black, mostly vertical stripes. It is ...

Whirlpool A whirlpool is a body of rotating water produced by opposing currents or a current running into an obstacle. Small whirlpools form when a bath or a sink is draining. More powerful ones formed in seas or oceans may be called maelstroms ( ). ''Vo ...

References

External links

* * {{Cryptographic software Cryptographic software Disk encryption Free security software Windows security software Windows Mobile software Portable software