FreeOTFE is a discontinued

open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized so ...

computer program for on-the-fly disk encryption (OTFE). On

Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ...

, and

Windows Mobile Windows Mobile is a discontinued family of mobile operating systems developed by Microsoft for smartphones and personal digital assistants. Its origin dated back to Windows CE in 1996, though Windows Mobile itself first appeared in 2000 as Pock ...

(using FreeOTFE4PDA), it can create a virtual drive within a file or partition, to which anything written is automatically encrypted before being stored on a computer's hard or USB drive. It is similar in function to other disk encryption programs including

TrueCrypt TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device (pre-boot authentication). On 28 M ...

and Microsoft's BitLocker. The author, Sarah Dean, went absent as of 2011. The FreeOTFE website is unreachable as of June 2013 and the domain name is now registered by a

domain squatter Cybersquatting (also known as domain squatting) is the practice of registering, trafficking in, or using an Internet domain name, with a bad faith intent to profit from the goodwill of a trademark belonging to someone else. The term is derived fro ...

. The original program can be downloaded fro
a mirror at Sourceforge
In June 2014, a

fork In cutlery or kitchenware, a fork (from la, furca 'pitchfork') is a utensil, now usually made of metal, whose long handle terminates in a head that branches into several narrow and often slightly curved tine (structural), tines with which one ...

of the project now named LibreCrypt appeared on

GitHub GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, cont ...

Overview

''FreeOTFE'' was initially released by Sarah Dean in 2004, and was the first open source code disk encryption system that provided a modular architecture allowing 3rd parties to implement additional algorithms if needed. Older FreeOTFE licensing required that any modification to the program be placed in the

public domain The public domain (PD) consists of all the creative work to which no exclusive intellectual property rights apply. Those rights may have expired, been forfeited, expressly waived, or may be inapplicable. Because those rights have expired ...

. This does not conform technically to section 3 of the Open Source definition. Newer program licensing omits this condition. The FreeOTFE license has not been approved by th
Open Source Initiative
and is not certified to be labeled with the open-source certification mark. This software is compatible with Linux encrypted volumes (e.g. LUKS, cryptoloop,

dm-crypt dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike it ...

), allowing data encrypted under Linux to be read (and written) freely. It was the first open source transparent disk encryption system to support

Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...

and PDAs. Optional two-factor authentication using

smart card A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...

s and/or hardware security modules (HSMs, also termed security tokens) was introduced in v4.0, using the PKCS#11 (Cryptoki) standard developed by RSA Laboratories. ''FreeOTFE'' also allows any number of "hidden volumes" to be created, giving

plausible deniability Plausible deniability is the ability of people, typically senior officials in a formal or informal chain of command, to denial, deny knowledge of or responsibility for any damnable actions committed by members of their organizational hierarchy. Th ...

and

deniable encryption In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists. The user ...

, and also has the option of encrypting full partitions or disks (but not the system partition).

Portable use

FreeOTFE can be used in "portable" (or "traveller") mode, which allows it to be kept on a USB drive or other portable media, together with its encrypted data, and carried around. This allows it to be used under

without installation of the complete program to "mount" and access the encrypted data through a virtual disk. The use of this mode requires installing device drivers (at least temporarily) to create virtual disks, and as a consequence administrator rights are needed to start this traveller mode. As with most open source software that uses device drivers, the user must enable test signing when running Windows Vista x64 and Windows 7 x64 systems.Additional Information for Windows Vista x64 and Windows 7 x64 Users
/ref>

Driverless operation

Packaged with FreeOTFE is another program called "FreeOTFE Explorer",
/ref> which provides a ''driverless system'' that allows encrypted disks to be used without administrator rights. This allows FreeOTFE encrypted data to be used on (for example) public computers found in libraries or computer kiosks (

interactive kiosk An interactive kiosk is a computer terminal featuring specialized hardware and software that provides access to information and applications for communication, commerce, entertainment, or education. By 2010, the largest bill pay kiosk networ ...

s), where administrator rights are unavailable. Unlike FreeOTFE, FreeOTFE Explorer does not provide on-the-fly encryption through a virtual drive. Instead it lets files be stored and extracted from encrypted disk images, in a similar manner as ZIP and

RAR RAR or Rar may refer to: * Radio acoustic ranging, a non-visual technique for determining a ship's position at sea * "rar", the ISO 639-2 code for the Cook Islands Māori language * RAR (file format), a proprietary compressed archive file format i ...

archives, by using a

Windows Explorer File Explorer, previously known as Windows Explorer, is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file ...

like interface.

Algorithms implemented

Due to its architecture, FreeOTFE provides great flexibility to the user with its encryption options.

Ciphers

FreeOTFE implements several ciphers, including: * AES * Blowfish *

CAST5 In cryptography, CAST-128 (alternatively CAST5) is a symmetric-key block cipher used in a number of products, notably as the default cipher in some versions of GPG and PGP. It has also been approved for Government of Canada use by the Communi ...

/ CAST6 *

DES Des is a masculine given name, mostly a short form (hypocorism) of Desmond. People named Des include: People * Des Buckingham, English football manager * Des Corcoran, (1928–2004), Australian politician * Des Dillon (disambiguation), sever ...

Triple DES In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The Data Encryption Standa ...

MARS Mars is the fourth planet from the Sun and the second-smallest planet in the Solar System, only being larger than Mercury. In the English language, Mars is named for the Roman god of war. Mars is a terrestrial planet with a thin at ...

* RC6 *

Serpent Serpent or The Serpent may refer to: * Snake, a carnivorous reptile of the suborder Serpentes Mythology and religion * Sea serpent, a monstrous ocean creature * Serpent (symbolism), the snake in religious rites and mythological contexts * Serp ...

Twofish In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but it was not selected for standardization. T ...

It includes all

National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical s ...

(NIST)

Advanced Encryption Standard The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant ...

(AES) finalists, and all ciphers can be used with multiple different keylengths.

Cipher modes

FreeOTFE originally offered encryption using cipher-block chaining (CBC) with encrypted salt-sector initialization vector ( ESSIV), though from v3.00 introduced LRW and also the more secure XTS mode, which supersedes LRW in the IEEE P1619 standard for disk encryption.

Hashes

As with its cipher options, FreeOTFE offers many different hash algorithms: * MD2 *

MD4 The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms. The initialism "MD" st ...

* MD5 * RIPEMD-128 *

RIPEMD-160 RIPEMD (RIPE Message Digest) is a family of cryptographic hash functions developed in 1992 (the original RIPEMD) and 1996 (other variants). There are five functions in the family: RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320, of w ...

* RIPEMD-224 * RIPEMD-320 *

SHA-1 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographically broken but still widely used hash function which takes an input and produces a 160- bit (20- byte) hash value known as a message digest – typically rendered as 40 hexa ...

* SHA-224 * SHA-256 * SHA-384 *

SHA-512 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...

Tiger The tiger (''Panthera tigris'') is the largest living Felidae, cat species and a member of the genus ''Panthera''. It is most recognisable for its dark vertical stripes on orange fur with a white underside. An apex predator, it primarily pr ...

Whirlpool A whirlpool is a body of rotating water produced by opposing currents or a current running into an obstacle. Small whirlpools form when a bath or a sink is draining. More powerful ones formed in seas or oceans may be called maelstroms ( ). ''Vo ...

References

External links

* * {{Cryptographic software Cryptographic software Disk encryption Free security software Windows security software Windows Mobile software Portable software Free software