BestCrypt Volume Encryption allows the user to encrypt data with a number of encryption algorithms known as strong algorithms. Every algorithm is implemented with the largest possible key size defined in the algorithm's specification:
| AES (Rijndael) | 256-bit key |
| RC6 | 256-bit key |
| Serpent | 256-bit key |
| Twofish | 256-bit key |
BestCrypt Volume Encryption utilizes XTS encryption mode with all encryption algorithms listed above. XTS mode is specially designed for applications working on disk sector level and more secure than other popular modes used earlier (like Cipher Block Chaining (CBC) mode).
BestCrypt Volume Encryption supports hardware Aladdin eToken R2 and eToken PRO devices. Aladdin eToken is a small removable device connected to USB port and designed to store data in a secure form. BestCrypt Volume Encryption can store encryption keys on eToken devices.
As a result, to get access to an encrypted volume the user should insert eToken to USB port and enter an appropriate password. Your encrypted data cannot be accessed without any of these Two Factors - without the password or without eToken device.
BestCrypt Volume Encryption allows the user to encrypt System and Boot volumes. When the user encrypts System/Boot volume, he/she must enter an appropriate password before computer starts loading Windows operating system. Without the password BestCrypt Volume Encryption will not be able to transparently decrypt the disk sectors where Windows stores system files. Hence, without the password (and hardware eToken, if used) it is impossible to boot computer where System / Boot volume(s) are encrypted.
Note that Microsoft terminology of System and Boot volumes is not so obvious: System Volume is a volume where computer starts to load operating system(s) from; Boot Volume is a volume where operating system (Windows) stores its system files.