New Features in BestCrypt Version 8


BestCrypt version 8 provides users with a higher security level as well as with a set of new functions. In addition, with version 8, there are several ways of encrypting data:

The following sections describe the enhancements in more detail.

Security enhancements

1. BestCrypt allows encrypting data with many encryption algorithms. Every algorithm is implemented with the largest possible key size defined in the algorithm's specification:

(Note that BestCrypt v.8 also supports the following algorithms to provide compatibility with earlier versions of the software: Blowfish (256-bit key), Blowfish (128-bit key), DES (56-bit key).)


2. BestCrypt v.8 can utilize LRW Encryption Mode with all encryption algorithms listed above. LRW Mode is specially designed for applications working on disk sector level and is more secure than other popular modes used earlier (like Cipher Block Chaining (CBC) mode). Depending on your system, there can be some read /write performance degradation when using LRW. Please use the Benchmark Utility to test.

BestCrypt v.8 can utilize XTS Encryption Mode with AES (Rijndael), RC6, Serpent, and Twofish encryption algorithms. The Institute of Electrical and Electronics Engineers (IEEE) has approved XTS mode for protection of information on block storage devices according to IEEE 1619 standard released on 19th December, 2007.


3. Version 8 provides enhanced plausible deniability, comparing with earlier versions:


4. BestCrypt v.8 allows choosing Secure Hash Algorithm. At the moment, the following hash algorithms are available: SHA-256, SHA-1, RIPEMD-160, MD5.


5. Version 8 allows using Public Key Encryption technology to provide access to encrypted data. The software supports key pairs in standard formats like PKCS #12, and X.509. It supports PGP keys. It means, for example, that users can use the public key of some other person to allow him/her to access data inside an encrypted container.


6. The software supports Secret Sharing Scheme. This functionality allows a group of persons to share a single encrypted container so that only selected members of the group will be able to access data inside the container.


7. BestCrypt v.8 allows users to remove the header of the encrypted container from the container file. Without the header, it is absolutely impossible to access data inside the container, because the header stores the encryption key for the data. The container's header may be stored in a separate file apart from the container such as a removable device. So, even if a user is unable to store a large container file in a safe place, he/she can do that with a small file where the header of the container is stored.


New functionality

1. BestCrypt v.8 supports Windows Vista, including 32-bit and 64-bit versions of the operating system.
BestCrypt supports Windows 7 since version 8.20, Windows 8 since version 8.25.


2. BestCrypt v.8 allows mounting encrypted containers created with KG-Ghost key generator, not only as a disk drive with a drive letter (like D:, E: or Z:), but also as a mount point, i.e. as a subfolder on a regular NTFS partition. It is useful, for example, because the new drive appearing on a computer is more noticable than as some additional data appearing in an NTFS subfolder. With BestCrypt v.8., the user can now mount multiple containers simultaneously, not being limited by the number of free drive letters on his/her computer.


3. Version 8 supports its own database of Public Keys. The user can control the database with Public Key Manager utility. BestCrypt Public Key Manager supports importing public keys from files created by other programs, for example, by the program PGP or software that uses the X.509 standard.


4. BestCrypt v.8 includes a special module allowing any third-party individual or company to easily translate the software to other languages. Please contact our technical support department for more information on translating the software.


5. The software now allows mounting BestCrypt virtual drives as removable devices. Sometimes it is useful, for example, if your computer lacks a reliable power supply. Windows caches data flow on removable devices in a different way in version 8, so an accidental power loss results in fewer consequences, insuring consistency of data stored on removable devices.


6. If a BestCrypt virtual drive (for example, E:) is shared for network access, earlier versions of BestCrypt save information about the share and restore it when the user mounts the virtual drive again. Earlier BestCrypt versions cannot save sharing information if subfolders on the virtual drive are shared (for example, E:\shared_subfolder_1). Version 8 of the software has no such limitation and all sharing information for the virtual drive is restored when the user mounts the drive.


7. BestCrypt v.8 includes Algorithm Benchmark Test utility that calculates time needed to encrypt and decrypt data on your system for every installed algorithm and encryption mode.


New ways of encrypting data

Earlier BestCrypt versions provide the user with access to encrypted data using encrypted containers and virtual drives. For example, the user could create a 30 GBytes container file, then mount it as an additional 30 GBytes virtual drive Z: (or E:, F:, or other drive letter). Virtual drive Z: works as any other regular drive and all the data on the drive is stored in encrypted form.

BestCrypt v.8, like previous versions, supports virtual drive technology. Not limited to virtual drive technology, BestCrypt v.8 now allows users to encrypt data in the following ways:


1. Encrypting a whole disk volume (partition) including boot/system Windows partition. The user can encrypt an old MS-DOS style partition as well as modern volumes residing on a number of physical disk devices. For example, Spanned, Striped, Mirrored or RAID-5 volumes can be encrypted. The name of the software from the BestCrypt family which can encrypt whole volumes is called BestCrypt Volume Encryption . Read the Help documentation for BestCrypt Volume Encryption to get more information on the software.


2. When the user encrypts a whole partition, the only way to move data in encrypted form to other computer is to move the physical hard drive with the encrypted partition. When the user creates an encrypted container file, he/she can move the file to another computer and, after mounting it as a virtual drive, the user can access encrypted data.

In all cases, the user must have encryption software installed on the destination computer. In the case with an encrypted container file, the file stores the file system structures of virtual drive. Data inside the container file is not compressed.

BestCrypt v.8 has a special utility allowing the user to compress a group of files or folders to an encrypted archive (i.e. a single compressed file). The encrypted archive can be created as a self-extracting program. This allows the recipient of the archive to extract the encrypted files without having encryption software installed. The name of the utility that supports encrypted compressed and self-extracting archives is BCArchive.

BCArchive supports password-based encryption and public key encryption. The user can encrypt files using the password or public key of the recipient who will receive the data. BCArchive supports a number of standards existing for public key encryption (like PKCS-12, X.509, RFC 2440), as well as a number of secure hash functions and encryption algorithms. Read Help documentation for BCArchive utility to get more information on the software.


See also: