FAQ

Program Features

What file systems does DiskCryptor support?

DiskCryptor supports FAT12, FAT16, FAT32, NTFS and exFAT file systems.

What operating systems are supported?

DiskCryptor supports any Microsoft operation system since Windows 2000.
Windows 2000 support will cease with the release of DiskCryptor
1.0
which will require Windows XP or newer.

Other operation systems (like Linux, etc.) are currently not supported
and no plans exist to add support.

Does DiskCryptor work with RAID volumes?

Yes, DiskCryptor works with any RAID volumes that are supported by your
system.

Is there a compatibility with multi-boot managers, and if it is possible to place boot loader on an external media?

Yes, all that is possible. Please refer to the
documentation.

How does the "Wipe Mode" function work? After wiping I still can recover deleted files on a mounted encrypted volume, so what does it do?

The wipe that DiskCryptor performs is a bit different from what you
might have come to expect with tools such as
Eraser. Wipe function in DiskCryptor does not
delete files nor any remnant data that a file system might contain. This
is not necessary for DiskCryptor to do, because the programs encrypts
the whole file system, with all the visible and invisible data that it
has. What "Wipe Mode" does, is that it prevents possibility to recover
data by examining residual magnetic energy, which can be done on a
specialist equipment. When in "Wipe Mode", DiskCryptor reads each
sector's data, wipes the sector, and then writes the encrypted data back
to it. So any data that was there before, including deleted files, will
still be there when the encrypted volume is later mounted.

How does the "Pause" function work?

After pausing encryption process it is possible to close
DiskCryptor/reboot PC and continue encryption later from the same point.
Also it is possible to start encrypting a drive on one computer with DC,
pause the encryption, move the drive to another computer, and then
resume the encryption.

How can I create portable version of DiskCryptor and use it from USB flash drive?

Portable mode will be realized together with container's support as they
can be mounted without driver installation. Currently DiskCryptor
supports volumes and driver installation is obligatory (administrator
rights required) and the following restart (it is possible to load
driver without rebooting, however in this case filter can be assigned
with volume class only by hacks, which I do not want to use).

Are you going to implement the feature, so that the data will be destroyed on entering the second password?

No, that would not be implemented, because of the security concerns.
DiskCryptor incorporates only conceptual security models for data
protection, that are based on a reliable and well-studied algorithms.
Future versions are planned to have an option for secure partition
deletion, that can be used for data destruction before an adversary can
gain access to it. As soon as an adversary gains access to your data
storage medium, destruction of data becomes impossible, because a foe
can make backup copies beforehand.

I would like DiskCryptor to have built-in functionality for protection against malware/trojans/keyloggers.

There will never be such functionality in the original project, as I
adhere to the concept of provable security. Reliability of protection
from malware cannot be affirmatively linked to the strength of
cryptographic primitives, so that is why in order to maintain the
reputation of the program, such protection functionality will never be
implemented. Nevertheless, you can make your own fork of the project,
and to determine its development policy, yourself.

Is it possible to change password without re-encryption?

Yes, right click on mounted volume and choose Change Password from
context menu.

Security

Is it possible for the password to my disk and/or its contents to be compromised by a malware?

Yes, malware running with administrative privileges, may extract the
password from the memory and to read any data. DiskCryptor does not
protect you from malware. This is not a vulnerability of the program, as
such kind of protection is not a part of the cryptographic software
function.

How safe is it to use DiskCryptor? Can I be sure, that no one will break into my data?

There is nothing that can be safe in the world, and there are quite a
few means to open data without breaking encryption algorithms. Data can
be exposed because of malware infestation, or by trying a large number
of password possibilities (if you have a weak password), or due to
attacks with a physical access to a live system, and other methods. If
you cannot prepare for all these different possibilities, then there is
a risk that an adversary will use them. As far as possible, DiskCryptor
tries to protect you from a number of program attacks, the guarantee of
safety, however, can only be achieved through a comprehensive approach
to security, which requires for you to have corresponding knowledge. You
can read more about the subject, in the article "Risks of using
cryptographic software and possible ways of data
leaks
".

Is it possible to run DiskCryptor without administrator rights?

No, unless you're willing to go through a substantial rewrite of the
DiskCryptor source code. The DiskCryptor driver has been written to
provide access to the DiskCryptor interface specifically only to
administrators in order to preserve the security architecture of the
underlying operation system. Also, several tasks performed by the
DiskCryptor GUI require administrator rights; to get around this would
require code being transferred from the GUI to the driver. Ultimately it
is easier to maintain the integrity and the underlying security
measurements of the operation system by not allowing DiskCryptor to run
without administrator rights.

How vulnerable is volume header backup?

Backup is encrypted with your password and as safe
as strong is your password.

Is it safe to use chkdsk and Disk Defragmenter tools on encrypted disks?

Yes, it is perfectly safe to use any such tools that are interacting
with a file system of an encrypted disk. It is only unsafe to use such
tools if they access disk directly and bypass file system API, which may
result in bad sector appearance in file system.

Is it safe to resize encrypted partitions?

When the partition is mounted it can be resized with native windows facilities like diskmgmt.msc or diskpart.exe, compatybility with 3rd party tools has not been tested so I can only advize against it.

How can I protect myself from "Evil Maid" Attack type of malware?

To protect yourself from such type of attacks, you need to use
bootloader that is placed on an external CD/USB medium, and is
configured to boot your OS from a specified partition. In that scenario,
your hard disk will have no unencrypted executable code. A more
sophisticated adversary, however, may infect BIOS or tamper with a
hardware, therefore you should take it as a rule, that if an adversary
have had a physical access to your computer, then this computer (or its
individual parts) is no longer suitable for processing confidential
data.

Other

I have forgotten password to very important data, please help! What do I have to do to recover it?

If the data is so important, then try to remember your password. Nothing
else can be done about this, and the author can not help you personally
either.

Will I still be able to access my encrypted disk if bad sectors will appear on it?

Yes, you will be able to work with that disk the same way as if it was a
regular non-encrypted one, but with the exception when it comes to
volume header. If header will become lost, so will all your data on that
disk. Therefore it is strongly recommended that you keep a copy of
volume header in a safe place, by backing it up from programs .

The built-in benchmark shows that encryption speed is 300 MB/sec, but during the actual encryption process, its speed has been no higher than 20 MB/sec. Why?

In this case, we are talking about different kind of speeds. The
built-in benchmark shows the top speed with which cryptographic
algorithms can perform, and this speed is depended on your CPU. But
during the encryption of a partition, we see the speed of disk access in
alternating read/write mode. The speed reflected in built-in benchmark
is applicable when working with already encrypted volume.

Where can I find list of DiskCryptor's error codes with description?

Error code's listing is located in file dcconst.h and available here as well.

Will the DiskCryptor project become commercial, or if there is a plan to make a commercial version of the program?

No. DiskCryptor will always be distributed under the free GPL license.
There are many proprietary encryption
programs
,
however they are completely useless, as there no proofs of their
reliability, - proof being an open source code. Trustworthy and safe
cryptographic software cannot be closed source - this is an axiom.

Can I make a donation to aid the development of the project?

You can support the project on patrean: https://www.patreon.com/DavidXanatos