DigiSAFE DiskCrypt FAQ - Encrypted Hard Disk

DiskCrypt is a hardware based encryption solution for protecting data on notebooks. It contains an encryption engine and an internal hard disk housed in a standard 2.5”-sized tamper-resistant enclosure, and is a direct replacement for ordinary 2.5” notebook hard drives. The encryption engine intercepts and encrypts all data to and from the internal hard disk. DiskCrypt offers two modes of authentication – Password or Token. Password mode requires the user to enter a password for authentication. Token mode implements a strong two factor authentication mechanism that requires the user to insert his/her KeyCrypt USB token and to enter his/her PIN for authentication.

What is the advantage of using DiskCrypt over a software disk encryption solution to protect my hard disk data?

Unlike existing software solutions, DiskCrypt encrypts every single sector of the hard disk. This means all temporary files, all partitions and even the boot sector is encrypted.

One major disadvantage of software disk encryption products is that they are Operating System (mostly Windows) dependent. DiskCrypt is independent of the OS or the host system BIOS and thus supports any OS.

DiskCrypt does not involve any tedious and error-prone software installation and configuration. Just plug DiskCrypt in the notebook, authenticate yourself and you are ready to go.

Once installed, DiskCrypt does not require any maintenance or patches thus reducing the total cost of ownership of the product.

There are also no performance overheads due to encryption/decryption of data, unlike software-based solutions.

How strong is the encryption of DiskCrypt?

DiskCrypt uses the NIST certified DES and Triple-DES encryption schemes. The key-strength offered by DiskCrypt currently is 64, 128 and 192 bits. Key strength of 64 bits provides sufficient security for most notebook users. If the data is highly confidential, key strengths of 128 and 192 bits are recommended.

What is DES/TDES?

DES (Data Encryption Standard) was originally introduced by NSA (National Security Agency) and IBM and has since become a Federal data encryption standard as defined in FIPS 46-3 (Federal Information Processing Standard). DES works on 64-bit data segments with a 64-bit key of which 8 bits provide parity, resulting in a 56-bit effective length. A variant on DES is TDES, in which the plain text is processed three times with two or three different DES secret keys. With two encryption keys used, the result is an encryption equivalent to using a 112-bit (128-bit) key. With three keys, the result is an encryption equivalent to using a 168-bit (192-bit) key. In practice with a 128-bit TDES, the plain text is encrypted with the first key, decrypted with the second key, and then encrypted again with the first key.

5. Why should I trust the encryption of DiskCrypt?

The TDES hardware cipher/encryption engine used by DiskCrypt is certified by both NIST ( The National Institute of Standards and Technology of the United States of America ) and CSE ( The Communications Security Establishment of the Government of Canada) . NIST certification information is available online at
http://csrc.nist.gov/cryptval/des/desval.html and http://csrc.nist.gov/cryptval/des/tripledesval.html

How strong is the encryption provided by 64/128/192-bit keys?

The encryption strength is usually measured by the amount of “work” (time and computational resources) required to find correct key to decrypt the data. The strength of the encryption depends on the length of the key, i.e. 192-bit key length is the strongest and 64-bit key length is the least strong. The encryption strength increases exponentially with the length of the key. In order words, an increase in key length of 1 bit (e.g. from 128 to 129) doubles the amount of “work” required to find the correct key. Therefore, 192 bits key length provides about a trillion times more strength than 128 bits key length. And similarly, 128 bits key length provides about a trillion times more strength than 64 bits key length.

What key length should I use for my data?

That depends on the value of your data, and the estimated period of time that the data should remain secure. NIST special publication 800-57 – Recommendation For Key Management, dated April 2005, recommends the following for the US Federal Government:

For data that should remain secure through 2010, 3DES with a minimum key length of 80 bits is recommended.

For data that should remain secure through 2030, 3DES with a minimum key length of 112 bits is recommended.

Does encryption slow down the performance of DiskCrypt in comparison with normal, unencrypted hard disks?

No. The real time encryption and decryption engine in DiskCrypt is faster than the data transfer speed of the IDE interface and thus does not incur any performance overheads.

Is the boot sector of DiskCrypt also encrypted?

Yes, DiskCrypt encrypts every sector of the hard disk drive. This means every single byte of information being stored on the hard disk is encrypted, including the boot sector or master boot record.

Are temporary and swap files on DiskCrypt also encrypted?

Yes, DiskCrypt encrypts every sector of the hard disk drive. This means every single byte of information being stored on the hard disk is encrypted, including temporary and swap files.

Can software trojans and/or viruses modify DiskCrypt and compromise its security?

No. Unlike software disk encryption solutions, DiskCrypt is a completely hardware based disk encryption solution and is therefore resistant to modification by software trojans and/or viruses.

Why do I need the DigiSAFE KeyCrypt cryptographic token?

If you have the DigiSAFE KeyCrypt cryptographic token, you can enable stronger two-factor authentication for greater security. With single-factor authentication (e.g. password only), you are only required to present something you know (a password) to authenticate yourself. With two-factor authentication, you are required to present both something you have (the KeyCrypt token) and something you know (the PIN for the KeyCrypt token) in order to authenticate yourself. Therefore it is harder to gain access to a system protected by two-factor authentication as compared to one protected by single-factor authentication.

Does DiskCrypt support two-factor authentication?

Yes. If you purchase the optional DigiSAFE KeyCrypt cryptographic token, DiskCrypt’s Token Mode can be enabled to support two-factor authentication.

Does DiskCrypt have security features to prevent password guessing attacks?

Yes. For Password Mode of login, you can set the number of wrong PIN attempts before the account is locked out. For Token Mode of login, the KeyCrypt token will be locked out after a certain number of wrong attempts. After the account is locked out, you will not be able to log into DiskCrypt. You will need the Administrator Password to reset and unlock the account.

What happens if the user forgets the password or loses the USB token?

In such a case, the Administrator Password can be used to reset the account. After the account is reset, the data can be accessed. Thus, the user will able to resume his/her work even if he/she forgets the password or loses the token.

What happens if the user forgets Administrator Password too?

For security reasons, the Administrator Password is random and unique and DigiSAFE does not keep any record of your Administrator Password. The Administrator Password is required to configure advanced security settings, including recovering from forgotten passwords and lost KeyCrypt tokens. If you lose your Administrator Password, you will not be able to access your data if you forgot your PIN or lose your KeyCrypt token. This means that you must never lose your Administrator Password.

Can password or KeyCrypt PIN be changed later without having to lose data?

Yes, password or token PIN can be easily changed during the time of authentication without having to lose any data stored in the hard disk.

Can DiskCrypt be used by many users at the same time?

DiskCrypt is meant to be used by only one user at a time.

What type of notebooks can DiskCrypt be used with?

DiskCrypt is designed to work on IBM-compatible notebooks. DiskCrypt has been tested with leading brands of notebook computers, including IBM, Dell, HP, Toshiba, Sony, and Acer.

Can DiskCrypt be used on a Mac notebook?

DiskCrypt currently does not support Mac notebooks.

What type of hard disk interface does DiskCrypt support?

Currently, DiskCrypt supports ATA hard disk (IDE) interface. DiskCrypt does not support SCSI, PCMCIA, or Serial ATA hard disk interfaces currently.

Can DiskCrypt be used on a desktop?

Yes. DiskCrypt can be used as a primary master on a desktop with a 3.5” to 2.5” hard disk adapter.

Can DiskCrypt be used in a USB hard disk enclosure?

Currently DiskCrypt cannot be used in a USB hard disk enclosure. However, work is underway to enable DiskCrypt to work in a USB hard disk enclosure.

Can DiskCrypt be used as a secondary or a slave hard disk?

Currently, DiskCrypt is designed to be used as a primary master. Work is underway to enable DiskCrypt to function as a secondary or a slave drive.

How easy is it to start using a new DiskCrypt?

It is very simple and straightforward. If you are starting afresh, just install DiskCrypt into the notebook like a normal hard disk and boot from it. Once authentication is done, DiskCrypt will present itself as a normal hard drive with 20GB or 30GB capacity. You can install an Operating System and start using it just like a normal hard drive.

If you’re already using an existing hard drive and would like to migrate all your data to DiskCrypt, you can purchase the optional DiskCrypt Toolkit. First, simply connect the old hard disk to the USB port of the notebook using the DiskCrypt Toolkit USB enclosure. Then, boot up with the DiskCrypt Toolkit CD and follow the on-screen instructions.

How long does it take to install DiskCrypt?

Installation of DiskCrypt into a notebook computer should take less than 5 minutes. The only recommended step after installation is changing the default factory password. If migration is done from an existing hard disk to DiskCrypt, the time required to migrate is approximately 1 minute per GB of data.

What if I want to keep the data on my existing hard disk?

You can migrate the data on your existing hard disk to DiskCrypt with the optional DiskCrypt Toolkit.

Are there any pre-installed operating systems on DiskCrypt?

No. DiskCrypt does not come pre-installed with any operating systems.

Is there any risk of my data been corrupted and/or lost during installation and migration?

Unlike software disk encryption solutions, DiskCrypt does not do anything to your original data on your original hard disk except make a copy of it onto DiskCrypt if you choose to migrate. Therefore, there is no risk of corrupting your original data. There is also no risk of losing your data because the original copy of the data is and will always be on your original hard disk. If the process of migration of data from your original hard disk to DiskCrypt fails for whatever reasons, your original data is still intact and you can restart the migration process. On the other hand, software disk encryption solutions perform active encryption operations on your original hard disk data. If the encryption process fails halfway, the data on your original hard disk will be corrupted and lost.

What kind of maintenance is required after installation of DiskCrypt?

None. Unlike software solutions, absolutely no maintenance is required for DiskCrypt after initial installation. This drastically reduces total cost of ownership when using DiskCrypt as compared to software-based solutions.

Why do I need the DiskCrypt Toolkit?

For date migration and backup. The DiskCrypt Toolkit consists of a USB hard disk enclosure and a disk migration/cloning software. You can use the toolkit to migrate the data from your existing hard disk to DiskCrypt. At the same time, you already have a full backup of all your data on your old hard disk, which can be used as a backup hard disk. You can use this old hard disk as a backup hard disk.

Can I have multiple partitions on DiskCrypt?

Yes. DiskCrypt acts exactly like a normal hard disk. After authentication, you can create multiple partitions on DiskCrypt as if it was a normal hard disk.

Does DiskCrypt support Windows/Linux/other operating systems?

Yes. Unlike software encryption solutions, DiskCrypt is operating system independent . You can install and run any operating system on DiskCrypt and use it as per normal. DiskCrypt has been tested with Linux, Windows 98 SE, Windows 2000, and Windows XP.

Do I have to upgrade DiskCrypt when I upgrade/change my operating system?

No. DiskCrypt is operating system independent, unlike software encryption solutions which requires constant patching, updating, and upgrading in order to keep up with the operating system and other software updates/upgrades.

Does DiskCrypt support FAT16/FAT32/NTFS etc file systems?

Yes. DiskCrypt is operating system and therefore file system independent, unlike software encryption solutions.

Is DiskCrypt compatible with my existing software/applications?

Yes. DiskCrypt is operating system and application independent. After installation, DiskCrypt works exactly like a normal hard disk. You can install and run any software on DiskCrypt. DiskCrypt will not introduce compatibility issues with your existing software.

Does DiskCrypt support hibernate or standby?

Due to security reasons, DiskCrypt support the Hibernate feature but not Standby. The user is advised to deactivate the Standby feature and “Turn off hard disks” feature in the power options section in control panel before using DiskCrypt.

To save power, users are advised to hibernate instead. When the notebook is switched on in a state of hibernation, the user must authenticate himself/herself before Windows resumes from hibernation.

What is the capacity of DiskCrypt?

Currently, DiskCrypt comes in a capacity of 20GB or 30GB. In the future, DiskCrypt will be available with larger capacities.

What is the indicative price of DiskCrypt? Where and how can I buy?

Please contact our sales representative.

My question is not on this page. How do I find the answer?

Please send us an email.

Where should I send comments on this FAQ?

Click here