BestCrypt Volume Encryption software provides the following advanced functionality:
1. Encrypting all types of volumes residing on fixed and removable disks:
2. BestCrypt Volume Encryption allows encrypting data with many encryption algorithms known as strong algorithms. Every algorithm is implemented with the largest possible key size defined in the algorithm's specification:
3. BestCrypt Volume Encryption utilizes XTS Encryption Mode with all encryption algorithms listed above. XTS Mode is specially designed for applications working on disk sector level and more secure than other popular modes used earlier (like Cipher Block Chaining (CBC) mode) and faster than LRW mode.
4. After installation BestCrypt Volume Encryption can encrypt volumes where Windows boots from, as well as the volume where Windows stores its system files (including Registry, Page file and Hibernate file). Initial encryption is transparent both for running applications and for Windows system modules. Initial encryption can be paused and the user can continue the process at any time, for example after turning off/on the computer.
5. BestCrypt Volume Encryption performs Computer Pre-Boot Authentication if system or boot volume / partition is encrypted. It means that BestCrypt Volume Encryption is loaded before operating system and allows computer to boot only after entering a proper password.
6. BestCrypt Volume Encryption supports computers with operating systems loaded according to the Unified Extensible Firmware Interface (UEFI) between an operating system and platform firmware.
7. BestCrypt Volume Encryption provides an easy way to customize Pre-Boot Authentication texts that appear when the user is asked for password. The feature is intended both for providing a password hint and for hiding the fact that pre-boot authentication process is running.
8. BestCrypt Volume Encryption supports hardware tokens SafeNet (former Aladdin) eToken PRO and eToken Java as a secure hardware storage for encryption keys. With hardware token the user gets two levels of protection for encrypted data, because in addition to password it is necessary to connect small hardware token where encryption key is stored.
9.The software provides Two-Factor Authentication also with regular removable disks (like USB sticks). In this case the person who wants to access encrypted volume must: a) know password for the key; b) have the removable disk where the key is stored.
10. The software allows the user to store encryption keys not on local computer, but on a network server. It opens an additional security level for enterprise use of the software. Since encryption keys are stored on remote server, access to encrypted computer will be possible only if it is connected to enterprise network.
11. The software utilizes Trusted Platform Module (TPM) hardware available on many motherboards for the purpose of unattended reboot of computers with encrypted boot/system disk volume. The feature is necessary to manage servers that are required to function around-the-clock. If such a server has boot/system volume encrypted, every reboot of the server requires manual entering of password at boot time. To solve the problem administrator of the server can choose interval of time when BestCrypt Volume Encryption with the help of TPM should support unattended reboot of the server.
12. BestCrypt Volume Encryption provides Secure Hibernating. If the user encrypts volume where Windows stores Hibernate File, BestCrypt Volume Encryption encrypts all write operations when Windows goes into Hibernate state and decrypts read operations when the computer wakes up from Hibernate state. Since pre-boot authentication is necessary at wake-up time, only the user who knows the proper password (and has hardware token, if used) can run computer from Hibernate mode. Secure Hibernating is a functionality that must be implemented in such software as BestCrypt Volume Encryption, otherwise all data written at Hibernate time (together with encryption keys) appears on disk in opened decrypted form.
13. As well as Hibernate File, BestCrypt Volume Encryption encrypts Windows Crash Dump Files. Windows writes files in a very special way, because when a crash occurs, regular disk write operations cannot be used. Without encrypting Crash Dump Files the security level of the software were significantly lower, because the files can store a snapshot of memory together with encryption keys on disk in opened decrypted form.
14. BestCrypt Volume Encryption does not modify reserved sectors on the hard drive to store its boot code when the user encrypts system/boot volume. As a result, BCVE does not conflict with other software that may wish to use the sectors (like Windows dynamic disk support, Adobe protection scheme, system boot recovery programs). But BCVE still needs to modify MBR sector.
15. BestCrypt Volume Encryption supports a number of rescue functions allowing the user to decrypt volumes if a serious disk crash occurs.