Jetico heeft kort geleden versie 4.02.05 van zijn BestCrypt Volume Encryption for Windows uitgebracht. Met deze software kun je complete harde schijven of partities versleutelen op Windows-computers. Ook is het mogelijk om tweetrapsauthenticatie met behulp van Yubikey of SafeNet eTokens aan te zetten, en is er ondersteuning aanwezig voor hibernation, uefi secure boot en natuurlijk tpm. De lijst met veranderingen van deze uitgave ziet er als volgt uit:
- Fixed occasional crash with blue screen at system shutdown
- Fixed Single Sign-On feature not working when installed within BestCrypt Suite
New Features in Version 4
- Announced general availability of BestCrypt Volume Encryption v.4 for Windows
The following new functionality and features are available in BestCrypt Volume Encryption version 4:
- Enhancements in the security level of the software:
- Camellia encryption algorithm with 256-bit key added
- Scrypt algorithm to derive key from password utilized to replace previous password-to-key procedure
- Zxcvbn algorithm to estimate strength of password added. Now when the user chooses password to encrypt data, dialog window will show a progress indicator and text description of the password strength (Bad, Week, Good, Great). Since encryption algorithms utilized in the software are unbreakable, the only weak place where attack is possible is to guess passwords. With Zxcvbn algorithm and clear illustration of the password strength this kind of attack becomes very hard
- Two-Factor Authentication when encryption key is stored remotely on removable hardware:
- Added support for Yubikey token devices
- Added support for SafeNet eToken devices on UEFI computers
- Key management procedures unified for all types of removable key storages: USB disks, eToken, Yubikey devices
- Single-Sign-On functionality. When the option is set, the user enters his/her Windows credentials once and then only enters the boot time password every time the computer reboots. After that, the user will be automatically logged in without the need to enter Windows password. This removes the need to type passwords twice.
- Faster initial encryption. Normally the software encrypts all sectors on a disk volume when the user decides to encrypt the volume. The process may require many hours for large disks. Previous versions allowed the process to run quickly for new, unformatted disk volumes, because only filesystem tables had to be encrypted in this case. This quick process is possible only for empty volumes, devoid of user data. New in version 4 is an option to encrypt volumes with the user data so that only sectors storing the data will be encrypted. If 2 TByte volume stores only 20 GB of data, then only 20 GB will be initially encrypted with this option. Please be sure to fully consider the relevant security precautions before using the option.
- Automatic Update Utility. The software now can be updated automatically according to the schedule configured by the user.
- Secure unattended reboot is now supported on UEFI computers. BestCrypt Volume Encryption utilizes Trusted Platform Module (TPM) hardware available on many motherboards for the purpose of unattended reboot of computers with encrypted boot/system disk volumes. This feature is necessary to manage servers that are required to function around the clock. If such a server has an encrypted boot/system volume, every reboot of the server requires manual password entry at boot time. With this feature, a server administrator can choose an interval of time when BestCrypt Volume Encryption (with help of TPM) should support unattended reboot of the server.
- Encryption of group of disk volumes. Earlier versions of the software could encrypt a single disk volume at once. The user had to wait until initial encryption of first volume ended and then start encrypting next volume. Version 4 allows users to run the initial encryption process for all volumes (or a selected group of volumes) in a single operation.
- Traveller Mode Disk. The program now allows creating a USB flash disk, that contains both the Traveller Files and the encrypted data. As a result, it can be mounted on a system where BestCrypt Volume Encryption is not installed, without any additional efforts.
- Enhancements in the user interface:
- The System tray icon can be turned on to quickly observe statuses of disk volumes and mount/dismount them
- The user can configure hot keys to run some frequently used operations easily
- The Program menu has been restructured for better navigation and understanding
- Dialogs, icons, toolbar have been modified for better experience