Although BestCrypt supports a number of well-known strong encryption algorithms, it is important to choose the most suitable and strong encryption mode for the algorithms. When choosing a mode, a number of aspects has to be taken into account, including strength of the mode against known attacks and certain application of the algorithms. For example, if we encrypt tape devices or network connection, we have to use encryption mode allowing us to encrypt byte-by-byte sequence. If BestCrypt must encrypt 512-bytes sectors that an operating system randomly reads from a disk, it has to use an other encryption mode.
BestCrypt uses LRW encryption mode with all encryption algorithms supported by the software. "LRW" is derived from the names Liskov, Rivest, Wagner - the authors of the encryption mode. The Institute of Electrical and Electronics Engineers (IEEE) has published a description of the LRW mode in IEEE P1619 document.
LRW mode is less susceptible of compromising or attack than current techniques such as Counter-Mode encryption or Cipher Block Chaining (CBC) encryption. The mode addresses threats such as copy-and-paste and dictionary attacks. LRW mode is specially designed for encryption of storage at the sector level.
LRW mode uses its own secret Secondary Encryption Key that is completely different from Primary Encryption Key used by certain encryption algorithm. The size of LRW Secondary Key is equal to block size of the certain encryption algorithm. For example, if block size of AES encryption algorithm is 128 bits, LRW mode requires 128-bit Secondary Key.
As a result, the effective key length for the pair LRW mode + AES becomes higher than AES originally has. While AES key length is 256 bits, LRW+AES pair uses 256+128 = 384 bits key.