We are happy to announce that COMODO Disk Encryption 2.0.138413.24 BETA has been released.
COMODO Disk Encryption protects your sensitive information by enabling you to encrypt any physical disk on your system using several encryption algorithms and cipher modes.
COMODO Disk Encryption offers three varieties of data protection depending on the amount of sensitive data:
Whole Disk Encryption
- You can encrypt any physical disk that contains information to be secured using different encryption algorithms even if that physical disk contains an Operating system installed. You just need to initiate the encryption process with appropriate encryption settings and the encryption process will continue in background.
- COMODO Disk Encryption loader does not depend on your hardware configuration or the Operating System loader.
- COMODO Disk Encryption loader does not depend on your system configuration, you may have multiple Operating Systems installed on several physical disks.
- The authentication is performed at boot time to allow encrypted operating systems to boot. The authentication can be carried out using different authentication types with various levels of security:
* Password Authentication – Set a password of your choice as authentication type to encrypt the required physical disks. The password must be entered whenever the system is started to enable assessing the encrypted disks.
* USB Key Authentication - Configure USB memory as authentication type to encrypt required physical disks. This key must be plugged-in in the system whenever the system is started to enable assessing the encrypted disks.
* Authentication with both Password and USB Key – It’s a combination of both password and USB keys for authentication. This is a highly secure practice that meets the classic two factor authentication criteria of ‘something you own’ plus ‘something you know’.
Virtual Disk Encryption
- With virtual disk encryption functionality you will be able to create virtual encrypted disks to save your information securely. This functionality will use (create/open) an image file to emulate a physical disk.
- The main application lets you dynamically mount and un-mount virtual encrypted disks.
Image files can be used (created/opened) on the local machine or on a network shared folder.
- The encrypted virtual disks are accessible from Windows explorer or from any other third-party software.
- Virtual disks use sparse files as disk images if the underlying file system supports it.
File/Folder Encryption (ZIP Encryption)
- With File/Folder encryption you are able to create encrypted archives (ZIP). These archives store sensitive files and/or folders in a single encrypted compressed file.
- The main application lets you manage (create, extract) these encrypted archives.
The Encryption Engine
The encryption engine is a multi-thread encryption engine which supports the following encryption algorithms:
- AES;
- Serpent;
- Twofish;
and the following cipher modes:
- Cipher-block chaining (CBC);
- Cipher feedback (CFB);
- Output feedback (OFB);
What’s the best about it is that all encryption/decryption processes are performed:
- On-the-fly (OTF) - without disturbing you during your work.
- Fault tolerant:
* You may turn-off your computer during the encryption process and continue it after restart.
* Even if a power failure or a system crash occurs during the encryption process, you will be able to resume that encryption process, to avoid data loss.
Looks good, any idea when there will be a “rescue” medium available? like TrueCrypt provides with it’s boot cd forced to burn before encryption?
So you can always boot your system from it if something corrupts the key header or MBR etc?
I am afraid i have just built a new comp ( which CDE is running fine on) and my old comp is out of action. But i will try to help you fix it. The bug was reproduce able after a few restarts and the only peripheral device , other than mouse and keyboard, i had plugged in was a blue tooth adapter no other drives or memory sticks.
I also had Comodo backup installed which would do a weekly backup from my data drive to my back up partition.
I have tryed this beta version… It looks good, but there are no more advanced configuration options… I can not set the algorithm… i only can set it on small, medium or high…!
Unfortunately, I will uninstall this beta version an get back to the stable!
i recently reinstalled windows after setting up a RAID array and now after installing CDE i get these errors.
I am getting quite fed up with the bugs in comodo products, Evpn has stopped working with the latest beta, CBU sychronisation still causes considerable slowdown on my machine and now CDE dies to.
Hi kudos for the programming team of this comodo product, I had tried both the previous stable release and this beta, I saw that you are trying to do this version “idiot proof” that’s good for the common guys that just turn the pc on to do some spreadsheet, email and browse the web, but you guys should have left an option to turn on a menu for advance users, I miss the options:
Ignore disk free space(this one greatly increase the speed of the encryption)
The ability to select individually witch partitions of the primary drive to encrypt.
The option to do a cd recovery .iso
The option to choose and mix the hash algorithm and the encryption algorithm.
Options I would like to see is:
The option to use either an usb stick or a password at boot.
The option to still use an usb stick as normal storage, (imagine a 32gb just for that
authentication).
Faster performance for low power netbook and alike(better use of the processor)
well I will continue to test this beta an report back.
Great job.
Marv
Update:
I was testing it with a small hard disk 8 gb, but now that I try with a 320gb hdd I have the following problem.
After 7 hours encrypting I got this error
the operation Edfd_Api_Encrypt_Device failed with error code 8 Not enough storage is available to process this command.
then reboot the computer it took a while but I patiently wait it boot normally then I load the CDE try again it ask me that a previous operation was not finish because a power failure or some other problem, I tell it to continue, and it resume operation but problem is that is a 320GB drive and it goes extremely slow, I will post a follow up.
after resume another 7 hours working the error appear again
the operation Edfd_Api_Encrypt_Device failed with error code 8 Not enough storage is available to process this command.
I reboot it and continue working
I notice that in the task manager/performance in the Totals the handles goes up to 700,000 then the above message shows up and the processor 99% only way to fix is to hard reboot and continue encrypting
Looks interesting. I’m very excited about trying a free native FDE software in dualboot with windows and linux. Was there a decision to use older cypher modes or is this simply a matter or resource assignment? The same with the encryption schemes… you have 3DES but no AES 256? Is that an export issue? All OSs are supported? If so what Comodo code lives on after boot? I’ve noticed there is very little technical documentation for this product. What gives? I understand this is in beta but the 1.x versions provided little documentation either. I used to run your FW and was very impressed with it… I like the company as a whole. Having said that, you are asking for a pretty scary level of trust with this software. I don’t want to be one of the people complaining about a beta product but from what I can there aren’t plans to provide proof of security after the beta either. I know that you ultimately control what is done with this (no doubt excellent) software, and that you are already providing it for free… please consider this. Since you are already giving it away for free why don’t you open the source and put a restrictive license on it. I have no doubts that it will do nothing but prove what excellent quality your products are and, combined with with some of your other features, would quickly make you the defacto vendor of FDE software. I would agree that utilization of hardware acceleration and a key store with more than a single slot would be great design features down the road. I’m looking forward to what comes next.
I’m still curious if or when Comodo will reveal this product’s source code, or at least the code to the important authentication and encryption algorithm code. How can we trust our data to yet another on-the-fly disk encryption when we’ve been burned so many times in the past with inherently vulnerable software?
The only way disk encryption can work is if the source code can survive peer review. To many products depend on “security through obscurity” meaning “we invented our own encryption scheme and it’s only safe as long as nobody looks inside.” How can we be sure you guys didn’t get the same idea? How can we be sure you didn’t add an escro key due to pressure from Homeland Security (they used to pay software companies to add an escro key; they might still)?
We use standard and well tested algorithms which are now standards.
Security thru obscurity: I have a few things to say about that…
Obscurity is a totally legit way of security…but obscurity is NOT a legit way for “encryption algorithm”.
In security, you want as many advantages to yourself as possible, if some of these will come thru obscurity, great. We’ll take that. But on the other hand if someone is saying use this encryption algorithm and i am not going to share its source code, then i would have problem. Because we don’t know if that algorithm can easily be broken mathematically. So you ask the algorithm to be public to check if it stood the test of time and attacks by cryptographers.
Therefore, I would urge caution and ask that we keep “Security” separate than “Encryption algorithm” when discussing ideas about revealing security.
Afterall, imagine if our soldiers had no camouflage or obscurity to fight the wars…and they revealed themselves…
On the surface, you make a good point. I mean, even home owners hide their secure safes in obscure places (eg, in walls or floors). But I’m not sure even this analogy can apply to the discussion of software security and closed-source obscurity.
The main problem lies in the fact that even a bullet proof peer tested encryption algorithm is only as good as its authentication mechanism. Even if you’re using AES/Serpent/Twofish encryption with RIPEMD-160 or SHA-512 or Whirlpool, it’s how you connect these two which is all important — and the only way to tell if you did it right is through opening your source.
If you look through my previous posts (not many), you’ll see I brought up this matter in 2007 and was met with the same response. However, the mod/dev back then pointed out the fact that there are over a hundred encryption software on the market – the majority of them are closed source. This was his argument for keeping the CDE closed source. But what he didn’t consider is that out of those >100 programs, only 2 of them are used by 90% of the market, and both of them are open source peer reviewed. The rest are virtually unknown and unused.
If Comodo TRULY wants to get its name out there by making free software available to the public, then Comodo TRULY wants to make CDE its first open-source initiative project. Otherwise CDE is doomed to failure like the other >100 nameless programs on the market.
Eric
PS. The 2 programs I mentioned that have dominated the market for nearly a decade are TrueCrypt and FreeOTFE. Capture that audience, and you’ve captured the world.
