COMODO Disk Encryption 2.0.138413.24 BETA

[Guest]

[marv0997]

Hi kudos for the programming team of this comodo product, I had tried both the previous stable release and this beta, I saw that you are trying to do this version "idiot proof" that's good for the common guys that just turn the pc on to do some spreadsheet, email and browse the web, but you guys should have left an option to turn on a menu for advance users, I miss the options:
- Ignore disk free space(this one greatly increase the speed of the encryption)
- The ability to select individually witch partitions of the primary drive to encrypt.  
- The option to do a cd recovery .iso
- The option to choose and mix the hash algorithm and the encryption algorithm.

Options I would like to see is:
- The option to use either an usb stick or a password at boot.
- The option to still use an usb stick as normal storage, (imagine a 32gb just for that
  authentication).
- Faster performance for low power netbook and alike(better use of the processor)

well I will continue to test this beta an report back.
Great job.

Marv

Update:

I was testing it with a small hard disk 8 gb, but now that I try with a 320gb hdd I have the following problem.
After 7 hours encrypting I got this error

the operation Edfd_Api_Encrypt_Device failed with error code 8 Not enough storage is available to process this command.

then reboot the computer it took a while but I patiently wait it boot normally then I load the CDE try again it ask me that a previous operation was not finish because a power failure or some other problem, I tell it to continue, and it resume operation but problem is that is a 320GB drive and it goes extremely slow, I will post a follow up.

after resume another 7 hours working the error appear again

the operation Edfd_Api_Encrypt_Device failed with error code 8 Not enough storage is available to process this command.

I reboot it and continue working

I notice that in the task manager/performance in the Totals the handles goes up to 700,000 then the above message shows up and the processor 99% only way to fix is to hard reboot and continue encrypting

[xaocon]

Looks interesting. I'm very excited about trying a free native FDE software in dualboot with windows and linux. Was there a decision to use older cypher modes or is this simply a matter or resource assignment? The same with the encryption schemes.... you have 3DES but no AES 256? Is that an export issue? All OSs are supported? If so what Comodo code lives on after boot? I've noticed there is very little technical documentation for this product. What gives? I understand this is in beta but the 1.x versions provided little documentation either. I used to run your FW and was very impressed with it... I like the company as a whole. Having said that, you are asking for a pretty scary level of trust with this software. I don't want to be one of the people complaining about a beta product but from what I can there aren't plans to provide proof of security after the beta either. I know that you ultimately control what is done with this (no doubt excellent) software, and that you are already providing it for free... please consider this. Since you are already giving it away for free why don't you open the source and put a restrictive license on it. I have no doubts that it will do nothing but prove what excellent quality your products are and, combined with with some of your other features, would quickly make you the defacto vendor of FDE software. I would agree that utilization of hardware acceleration and a key store with more than a single slot would be great design features down the road. I'm looking forward to what comes next.

[Raccoon]

I'm still curious if or when Comodo will reveal this product's source code, or at least the code to the important authentication and encryption algorithm code.  How can we trust our data to yet another on-the-fly disk encryption when we've been burned so many times in the past with inherently vulnerable software?

The only way disk encryption can work is if the source code can survive peer review.  To many products depend on "security through obscurity" meaning "we invented our own encryption scheme and it's only safe as long as nobody looks inside."  How can we be sure you guys didn't get the same idea?  How can we be sure you didn't add an escro key due to pressure from Homeland Security (they used to pay software companies to add an escro key; they might still)?

Respectfully,

Eric

[Melih]

I'm still curious if or when Comodo will reveal this product's source code, or at least the code to the important authentication and encryption algorithm code.  How can we trust our data to yet another on-the-fly disk encryption when we've been burned so many times in the past with inherently vulnerable software?

The only way disk encryption can work is if the source code can survive peer review.  To many products depend on "security through obscurity" meaning "we invented our own encryption scheme and it's only safe as long as nobody looks inside."  How can we be sure you guys didn't get the same idea?  How can we be sure you didn't add an escro key due to pressure from Homeland Security (they used to pay software companies to add an escro key; they might still)?

Respectfully,

Eric

Eric

You raise an important point.

We use standard and well tested algorithms which are now standards.

Security thru obscurity: I have a few things to say about that...

Obscurity is a totally legit way of security...but obscurity is NOT a legit way for "encryption algorithm".

In security, you want as many advantages to yourself as possible, if some of these will come thru obscurity, great. We'll take that. But on the other hand if someone is saying use this encryption algorithm and i am not going to share its source code, then i would have  problem. Because we don't know if that algorithm can easily be broken mathematically. So you ask the algorithm to be public to check if it stood the test of time and attacks by cryptographers.

Therefore, I would urge caution and ask that we keep "Security" separate than "Encryption algorithm" when discussing ideas about revealing security.

Afterall, imagine if our soldiers had no camouflage or obscurity to fight the wars....and they revealed themselves....

thanks
Melih

[Raccoon]

Hi Melih, thanks for replying.

On the surface, you make a good point.  I mean, even home owners hide their secure safes in obscure places (eg, in walls or floors).  But I'm not sure even this analogy can apply to the discussion of software security and closed-source obscurity.

The main problem lies in the fact that even a bullet proof peer tested encryption algorithm is only as good as its authentication mechanism.  Even if you're using AES/Serpent/Twofish encryption with RIPEMD-160 or SHA-512 or Whirlpool, it's how you connect these two which is all important --- and the only way to tell if you did it right is through opening your source.


If you look through my previous posts (not many), you'll see I brought up this matter in 2007 and was met with the same response.  However, the mod/dev back then pointed out the fact that there are over a hundred encryption software on the market -- the majority of them are closed source.  This was his argument for keeping the CDE closed source.  But what he didn't consider is that out of those >100 programs, only 2 of them are used by 90% of the market, and both of them are open source peer reviewed.  The rest are virtually unknown and unused.

If Comodo TRULY wants to get its name out there by making free software available to the public, then Comodo TRULY wants to make CDE its first open-source initiative project.  Otherwise CDE is doomed to failure like the other >100 nameless programs on the market.

Eric

PS.  The 2 programs I mentioned that have dominated the market for nearly a decade are TrueCrypt and FreeOTFE.  Capture that audience, and you've captured the world.

[Melih]

of course implementation of the algorithm is also very important. So maybe its ok to make the implementation of the algorithm public...or even better let people to try to crack the algorithm used...afterall we do have in house cryptography experts who helped us with these implementations. and if people want to prove a point, they can always attack the algorithm to crack it.

There are many optimisation techniques one uses (not for the feint hearted. ) and as I said above, if anyone has doubts is welcome to attack our encryption implementation. It is a standard algorithm, implemented by our guys. I really don't think our encryption algorithm implementation is a weak spot. but of course I am more than happy to eat a humble pie and fix it if we are proven wrong.

To summarise: Your argument applies to making the encryption part of the source code public, not the whole security software. Even then, is there really anyone out there who will take a serious look at these and give us a valuable feedback? I don't think so, but thats only my opinion.

thanks
Melih

[Cadey]

Hello

Installed it under Windows 2003, can't uninstall it anymore.
Lots of erros.
I've tried also to override with the latest Beta version, then uninstall.
But same behavior, can't uninstall.

I always get error : "Please remove or decrypt all encrypted partitions!"

I have no encrypted partitions!

Cadey

[ma5ter]

I've installed CDE 2.0 beta, tried to encrypt primary partition on removable USB IDE drive during night, at the mornig I dicovered an error something like "Not enough space to encrypt"
I reboot the machine and now on boot FROM ANY LOCAL drive I got a smile ASCII 0x1 or 0x2 at the top line and prompt after I try to enter a password a green chessy screen appeared.
Under LiveCD all the partitions is unaccessible.
What the F* is going on I need my data back I don't ask to alter my host drives, HOW TO REMOVE THIS F* CDE ?

[ma5ter]

Boot could be fixed simply by rewriting MBR using any utility e.g. TestDisk available for majority of platforms www_cgsecurity_org/wiki/TestDisk_Download
Now trying to find a way to uninstall CDE bypassing "Plaese remove or decrypt..." stupid message.

[ma5ter]

Finally solved the annoying popup which prevents uninstall, simply erase Enum key under two keys starting with "cde"
HKLM/CurrentCcontrolSet/System/Services/cde*
and reboot then use uninstaller
note don't erase cde* manually let the uninstaller do it's clean job

[Josh™]

What's happenin on this one developers!?

Josh

[MetalShaun]

What's happenin on this one developers!?

Josh

Bump

[hyatt69]

i would like to know the answer to this also as i like and use ctm.

thanks, maybe I'll switch then  

Still a no-go on a combination with CTM i assume?

[MetalShaun]

Just reinstalled to use the zip encryption after not using this program for a while and I am getting this error again when clicking on options. everything else seems fine so far though.

Windows 7 home premium 64bit.

[rapidon]

Hello, (And sorry for my English)

i have the same error than ''MetalShaun''.
I run Seven Ultimate x64.
I have 4 Disks and 2 partitions per Disk,and i have Multi cards Reader and a DVDRW.
At the moment of the test i have not others Disk Encryption Software,
Just comodo CIS (No CTM,no CBU,nothing else from comodo).
I have make many test/Reinstall (Even Vista x32) but at the first screen GUI when i click on "Disk Encryption" button:
"The operation Edfd_Api_Get_Fixed_Storage_Configuration Failed with error code 1784:The supplied user buffer is not valid for the requested operation"
i did not try the two others fonction until the end,but when i click "virtual disk encryption" or "Zip encryption" i dont have any error and i can go at the next options screen

Thank

This Software have a great potential but even for a Beta version it is really unstable.

[Tags:]