Encryption Standards

Security Characteristics

Encryption Algorithms

BestCrypt Volume Encryption allows the user to encrypt data with a number of encryption algorithms known as strong algorithms. Every algorithm is implemented with the largest possible key size defined in the algorithm's specification:

Encryption Mode

BestCrypt Volume Encryption utilizes XTS encryption mode with all encryption algorithms listed above. XTS mode is specially designed for applications working on disk sector level and more secure than other popular modes used earlier (like Cipher Block Chaining (CBC) mode).

Pre-boot Authentication

BestCrypt Volume Encryption allows the user to encrypt System and Boot volumes. When the user encrypts System/Boot volume, he/she must enter an appropriate password before computer starts loading operating system. Without the password BestCrypt Volume Encryption will not be able to transparently decrypt the disk sectors where macOS stores system files. Hence, without the password it is impossible to boot computer where System / Boot volume(s) are encrypted.

Encryption Algorithms

AES (Rijndael)

The algorithm was invented by Joan Daemen and Vincent Rijmen. The National Institute of Standards and Technology (http://www.nist.gov) has recently selected the algorithm as an Advanced Encryption Standard (AES).

The cipher has a variable block length and key length. Authors of the algorithm currently specify how to use keys with a length of 128, 192, or 256 bits to encrypt blocks with a length of 128 bits.

BestCrypt Volume Encryption uses Rijndael with a 256-bit key in XTS mode.

To get more information on the algorithm, visit the Rijndael Home Page: http://www.esat.kuleuven.ac.be/~rijmen/rijndael/.


The Camellia encryption algorithm was developed by Mitsubishi Electric and NTT of Japan. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project.

As the RFC 3713 document states: "Camellia specifies the 128-bit block size and 128-, 192-, and 256-bit key sizes, the same interface as the Advanced Encryption Standard (AES). Camellia is characterized by its suitability for both software and hardware implementations as well as its high level of security. From a practical viewpoint, it is designed to enable flexibility in software and hardware implementations on 32-bit processors widely used over the Internet and many applications, 8-bit processors used in smart cards, cryptographic hardware, embedded systems, and so on. Moreover, its key setup time is excellent, and its key agility is superior to that of AES.".

BestCrypt Volume Encryption utilizes Camellia with a 256-bit key in XTS mode.

To get more information on the algorithm, read the RFC 3713 document.


RC6 block cipher was designed by Ron Rivest in collaboration with Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin from RSA Laboratories. RSA's RC6 encryption algorithm was selected among the other finalists to become the new federal Advanced Encryption Standard (AES). Visit RSA Laboratories WWW-site (http://www.rsasecurity.com/rsalabs/node.asp?id=2512) to get more information on the algorithm.

BestCrypt Volume Encryption uses the RC6 with 256-bit key and 128-bit blocks in XTS mode.


Serpent is a block cipher developed by Ross Anderson, Eli Biham and Lars Knudsen. Serpent can work with different combinations of key lengths. Serpent was also selected among other five finalists to become the new federal Advanced Encryption Standard (AES).

BestCrypt Volume Encryption uses Serpent in XTS mode with a 256-bit key, 128-bits blocks and 32 rounds.

Additional information about the Serpent algorithm is also available on World-Wide-Web from: http://www.cl.cam.ac.uk/~rja14/serpent.html


The Twofish encryption algorithm was designed by Bruce Schneier, John Kelsey, Chris Hall, Niels Ferguson, David Wagner and Doug Whiting.

Twofish is a symmetric block cipher; a single key is used for encryption and decryption. Twofish has a block size of 128 bits and accepts keys of any length up to 256 bits.

The National Institute of Standards and Technology (NIST) investigated Twofish as one of the candidates for the replacement of the DES encryption algorithm. As the authors of the algorithm state, "we have spent over one thousand hours cryptanalyzing Twofish, and have found no attacks that go anywhere near breaking the full 16-round version of the cipher".

BestCrypt uses a full 16-round version of Twofish and a maximum possible 256-bit encryption key length. To encrypt volumes, BestCrypt uses XTS Mode.

Additional information about the Twofish algorithm is available also on the World-Wide-Web from: http://www.counterpane.com/twofish.html

Encryption Mode

Although BestCrypt Volume Encryption supports a number of well-known strong encryption algorithms, it is important to choose the most suitable and strong encryption mode for the algorithms. When choosing a mode, a number of aspects has to be taken into account, including strength of the mode against known attacks and certain application of the algorithms. For example, if we encrypt tape devices or network connection, we have to use encryption mode allowing us to encrypt byte-by-byte sequence. If BestCrypt must encrypt 512-bytes sectors that an operating system randomly reads from a disk, it has to use an other encryption mode.

BestCrypt Volume Encryption uses XTS encryption mode with all encryption algorithms supported by the software.

The Institute of Electrical and Electronics Engineers (IEEE) has approved XTS mode for protection of information on block storage devices according to IEEE 1619 standard released on 19th December, 2007. The IEEE 1619 document states the following for AES encryption algorithm used as subroutine in XTS mode:

"XTS-AES is a tweakable block cipher that acts on data units of 128 bits or more and uses the AES block cipher as a subroutine. The key material for XTS-AES consists of a data encryption key (used by the AES block cipher) as well as a "tweak key" that is used to incorporate the logical position of the data block into the encryption. XTS-AES is a concrete instantiation of the class of tweakable block ciphers described in Rogaway article (Phillip Rogaway - author of the mode). The XTS-AES addresses threats such as copy-and-paste attack, while allowing parallelization and pipelining in cipher implementations."

XTS mode uses its own secret key (a "tweak key") that is completely different from Primary Encryption Key used by certain encryption algorithm.

For example, if block size of AES encryption algorithm is 128 bits, XTS mode requires 128-bit key. As a result, the effective key length for the pair XTS mode + AES becomes higher than AES originally has. While AES key length is 256 bits, XTS+AES pair uses 256+128 = 384 bits key.

The size of XTS key is equal to block size of the certain encryption algorithm, and IEEE 1619 standard states that it must be 128 bits or more. It is the reason why since version 2 BestCrypt Volume Encryption uses encryption algorithms with block sizes not less than 128 bits.

See also:

User Interface
Using BestCrypt Volume Encryption