Professional Edition Only

/Encryption

Specifies the encryption method for the volume being created in advance on the command line. When the encryption method is not specified on the command line, SafeHouse defaults to using 256-bit Twofish (2F256), which is a very fast and proven cipher which is suitable for nearly all environments.

Generally, unless you have a specific reason to choose one of the other ciphers, we recommend accepting the default of 256-bit Twofish. SafeHouse includes the other ciphers to accommodate environments where special government or corporate policies dictate that a specific method of encryption be used.

Older versions of SafeHouse included support for other less-secure ciphers due to now-obsolete export requirements. This version of SafeHouse can read the older volumes with the reduced-strength ciphers; however, when creating new volumes, only the strong algorithms referenced below can be specified.

Syntax:

/ENCRYPTION= [2F256 | BF448 | AES128 | AES256 | DES | TDES168 | NONE]

Explanations of the available encryption methods are provided below.

2F256 - Twofish

Twofish is an extremely fast 256-bit modern-day cipher that offers the best combination of strength and speed. This is our recommended choice when you don't have a policy requirement to use one of the other methods.

BF448 - Blowfish

The Blowfish algorithm is very strong and uses a 448-bit encryption key. Although not as fast as newer ciphers such as Twofish, Blowfish is a solid cipher that has gained worldwide respect over the years.

To benefit from the full strength of this cipher, you should use extra long passwords. Otherwise, your password becomes the weak link.

AES128 - Advanced Encryption Standard, 128-bit version

AES is the new Advanced Encryption Standard adopted by NIST and the United States Government to replace the aging DES cipher. It is a strong modern-day algorithm available in 128-bit and 256-bit versions. The latter offers greater strength, trading slightly on reduced speed.  AES was previously known as Rijndael. This is the 128-bit option.

AES256 - Advanced Encryption Standard, 256-bit version

AES is the new Advanced Encryption Standard adopted by NIST and the United States Government to replace the aging DES cipher. It is a strong modern-day algorithm available in 128-bit and 256-bit versions. The latter offers greater strength, trading slightly on reduced speed.  AES was previously known as Rijndael.  This is the 256-bit option.

DES - Data Encryption Standard

This 56-bit algorithm was once the workhorse of the industry, however, it is now considered to be insecure and obsolete.  The DES cipher is included here only for backwards compatibility and for environments where its use is still mandated by policy requirements.

TDES168 - Triple DES

Triple-DES is three rounds of 56-bit DES; yielding an effective strength of 168 bits. Although 168 bits of encryption strength is still considered to be quite strong, this cipher is extremely slow compared to the newer modern-day ciphers. It is included here to support environments where its use is still mandated by policy.

NONE

No encryption is performed. Password access controls are still enforced. This option is intended only for testing the speed of SafeHouse without the overhead of the encryption algorithms. Do not use this option for live production files that need to be protected.

Examples:

/Encryption=DES

/en=2F256

/encrypt=TDES168

/en=AES128

Utilities Supporting this option:

hard drive encryption  file security  Compare to Symantec