New features in version 5
The following new functionality and features are available in BestCrypt Volume Encryption version 5:
1. Enhancements in the security level of the software:
- ARIA encryption algorithm with 256-bit key added
- Parameters for the Scrypt algorithm to derive key from password now are customizable. The user can choose how long the program will calculate encryption key from the password, that makes password-iterating attacks harder
- Support for international characters in the password strings now added for UEFI computers. Now every password character is 16-bit Unicode instead of 8-bit ASCII characters used in earlier versions of the software. This significantly increases the variety of passwords and makes password attacks more difficult
2. Performance improvements:
- Implementations of ARIA and Camellia algorithms optimized for AVX2 CPU instruction set
- Implementations of AES algorithm optimized for x64 CPU architecture
- Performance improved for the NVM Express storage devices
3. Protecting the data in process.
The program now includes new Jetico BestCrypt DataShelter utility to protect folders from unwanted processes and users. While BestCrypt Volume Encryption encrypts sectors on the disk providing strong Data-In-Rest protection, BestCrypt DataShelter provides Data-In-Process protection. The utility allows creating a protection policy that is unique for every folder, as well as using more general policies for several folders.
4. The software now provides a whole disk encryption for TCG Opal 2.0 storage devices.
While normally BestCrypt Volume Encryption encrypts physical sectors of disk volumes (for example, sectors of volume D: on the Hard Drive 0), the Whole Disk Encryption functionality utilizes hardware commands of hard drives supporting TCG Opal 2.0 specification to protect physical sectors of the hard drive (for our example, all sectors on the Hard Drive 0 where volume D:\ resides).
5. Improvements to the rescue process:
- BestCrypt Volume Encryption recovery procedure is now integrated with Windows Recovery Environment (WinRE)
- Rescue decryption process was significantly improved to run at comparable to regular decryption speed
6. Two-factor authentication improvements:
- The software now supports wide range of PKCS#15 compliant smart cards and crypto tokens
- Trusted Platform Module (TPM) hardware can be utilized as a second factor for authentication
7. New and improved key management features:
- Support for Intel Platform Trust Technology (PTT) and other fTPM technologies
- Better support of the Unattended Mount At Restart functionality from the Trusted Platform Module (TPM) hardware
- Support of the dual boot configurations by the Unattended Mount At Restart functionality
8. Graphic User Interface (GUI) added for the UEFI preboot environment.
The new GUI environment allows international language support for both UI input and output, and provides virtual keyboard for ease of use.
9. Main commands of the software now available as the Windows Shell Extension.
Commands to mount/dismount and encrypt/decrypt disk volumes can be run from the "My Computer" window by clicking on disk volume icons.