BestCrypt Volume Encryption version 3 provides the next evolution in performance and security from the pioneers in native encryption for disk volumes.
1. More robust support of encrypted disk volumes. To reconfigure the size, location or type of software RAID, earlier versions of the software first required decryption of the encrypted volumes. Now version 3 of BestCrypt Volume Encryption automatically adapts its internal information for encrypted volumes when changing their configuration. (Read Update Notes)
2. Two-Factor Authentication with conventional removable disks (like USB sticks). With version 3 of BestCrypt Volume Encryption, encryption keys can be moved to removable storage. So anyone who wants to access an encrypted volume must: 1) know password for the key; 2) have the removable disk where the key is stored. (Read Update Notes)
3. Added layer of security by booting of encrypted volumes from trusted network. In this case, encryption keys of boot/system disk volumes are not stored on the local computer, but on a network server. Enterprises can now benefit from an additional level of security. Since encryption keys are stored on an enterprise server, access to encrypted computers will be only possible when connected to the enterprise network. (Read Update Notes)
4. Speed boost from support for new machine instructions (AES-NI) in the latest Intel processors. As a result, speed of the AES encryption module utilizing AES-NI instructions increased up to 5 times. Disk access to the encrypted volumes now operate up to 30% faster.
5. Faster initial encryption. Earlier versions of the software encrypted a whole disk volume sector-by-sector, including unused disk space. If disk is large (terabytes), initial encryption process requires dozens of hours. In version 3 of BestCrypt Volume Encryption, if the volume is empty, the user can run Format and encrypt process that will avoid long sector-by-sector encryption. The volume will be just marked as 'encrypted' and all the data written to the volume later will be encrypted. Unused disk space remains unencrypted. Optionally, the user can run Erase, format and encrypt process. In that case, the volume will be wiped (overwritten), formatted and marked for encryption.
6. Secure unattended reboot. Version 3 of BestCrypt Volume Encryption utilizes Trusted Platform Module (TPM) hardware available on many motherboards for the purpose of unattended reboot of computers with encrypted boot/system disk volumes. This feature is necessary to manage servers that are required to function around the clock. If such a server has an encrypted boot/system volume, every reboot of the server requires manual password entry at boot time. With this new feature, a server administrator can choose an interval of time when BestCrypt Volume Encryption (with help of TPM) should support unattended reboot of the server. (Read Update Notes)
7. Support of eToken Pro Java hardware from SafeNet (former Aladdin). Earlier versions of BestCrypt Volume Encryption supported Two-Factor Authentication with the help of eToken R2 and eToken Pro hardware. eToken Pro Java is the latest hardware designed by SafeNet for such a purpose.
8. Added convenience for mounting volumes and protection against accidental formatting. When Windows discovers that an encrypted unmounted volume has been connected, it asks for the volume to be formatted. In some cases, this resulted in accidental formatting of encrypted volumes. Version 3 of BestCrypt Volume Encryption now has the option to disable Windows formatting messages and offers an additional option to suggest mounting the volume for access.
9. Added support for other physical sector sizes. Disk devices with physical sector sizes other than 512 bytes are now supported in version 3 of BestCrypt Volume Encryption.
The following new functionality is available only for volumes encrypted with version 3 of the software:
- Reconfiguration size, location or type of the volume. If the volume is encrypted with earlier version of the software, you should decrypt the volume before reconfiguring it (feature 1 in the list above);
- Two-Factor authentication with conventional removable disks (like USB sticks) is available only for volumes encrypted with version 3 (feature 2 in the list above);
- Moving encryption keys of boot/system disk volumes to network server is possible only if the volumes are encrypted with version 3 of the software (feature 3 in the list above);
- Secure unattended reboot option can be activated only if boot/system disk volumes are encrypted with with version 3 of the software (feature 6 in the list above);
If the functionality is required for volume encrypted with older version of the software, you should decrypt the volume and encrypt it again with version 3 of BestCrypt Volume Encryption.