This comparison can help you select the right encryption tool for personal, corporate or government use. Article by Felipe Daragon - September 21, 2019
If you're looking to encrypt a directory, an entire disk, an USB flash drive or external HDD, or create an encrypted virtual disk, with or without data compression, finding the right tool can be a difficult task. Based on Syhunt's experience with a variety of encryption tools, which we use for protecting sensitive customer and internal data, and also based on my personal experience, this comparison can help you quickly select the best tool for your needs.
|Tool||Disk Encryption||Individual Folder Encryption||Encrypted Volume File Creation/Mounting||Additional Comments|
|BitLocker||Yes (Very fast format)|
Great for USB flash drive
|No||No, but it can encrypt a mounted VHD virtual disk||Windows 7/10 Built-in Feature|
|Cryptomator||No||Yes (Very fast)|
Protects filename, great for USB flash drive
|No||Open source, cross-platform|
|FileWall||No||Yes (but slow for big files)|
Unreliable filename protection feature, good for USB flash drive
|No||Commercial (not actively maintained)|
|FlashCrypt||No||Yes (but insecure)|
Data gets exposed when decrypted, re-encrypted, or recovered
Includes a data compression option
|Pismo File Mount||No||Yes (but not robust)||Yes (but not robust)||Freeware|
Great data compression feature
Private folder can get corrupted occasionally with intense usage
But it can mount an encrypted volume file to an empty NTFS folder
|Yes (for advanced users)|
Without support for dynamically expanding disks.
|Symantec Encryption Desktop||Yes (but with a not practical, incredibly slow format)||Yes (but not practical)|
It can however mount an encrypted volume file to an empty NTFS folder
Supports dynamically expanding disk and shrinking
|Commercial. Includes secure delete feature|
|VeraCrypt||Yes (but little practical)||No||Yes|
Without support for dynamically expanding disks.
|Open source (TrueCrypt fork)|
Note: With exception of Encryption Desktop, none of the tools above support secure deletion of files and Recycle Bin, but this can be achieved through the 2BrightSparks's DeleteOnClick shell extension.
Description: BitLocker is a full volume encryption feature included with Microsoft Windows (Pro and Enterprise only) versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes.
Algorithm: AES-128 (default), AES-256
Review: Fast, practical and reliable for volume encryption. Suited for encrypting a USB flash drive or external HDD. It can be used together with VHD Attach in Windows 7 to create an encrypted virtual disk image file. By default, BitLocker uses AES-128, which the NSA, for example, considers enough for encrypting its SECRET files, but not enough for encrypting TOP SECRET files, so you might consider switching to the more secure AES-256. The command-line options offered by BitLocker work well and can be used together with the command-line options available for mounting and unmounting VHD files. Volumes encrypted in Windows 7 can be accessed in Windows 10 and vice-versa if the old encryption mode is used.
Linux Support: see https://www.linuxuprising.com/2019/04/how-to-mount-bitlocker-encrypted.html
Description:: Cryptomator provides transparent, client-side encryption for the cloud (and locally, too).
Review: Fast, practical and reliable for folder encryption. Suited for encrypting folders within a USB flash drive, external HDD or cloud storage. Effectively protects encrypted file and directory names.
Limitations: Doesn't preserves special file attributes.
Official Homepage: https://cryptomator.org/
Description:: FileWall is an encryption software based on transparent encryption (real-time encryption). Based on this technology, users can more quickly access and modify encrypted files without decryption, unlike traditional encryption software...
Review: Practical for folder encryption, but slow when dealing with big files. Suited for encrypting folders within a USB flash drive, external HDD or cloud storage. Like Cryptomator, FileWall can optionally protect filenames, but I noticed the feature is unreliable, with the original filename sometimes not being converted back when you re-access the encrypted files. Malfunctioning can sometimes prevent encrypted subdirectories from being deleted.
Official Homepage: http://hummerstudio.com/filewall
Description: FlashCrypt was created in order to help users protect their sensitive data stored in personal folders by locking the directories, and became very popular.
Algorithms: AES-256, and RSA-1024 (password recovery facility)
Review: FlashCrypt doesn't provide any kind of on-the-fly encryption. Encrypting and decrypting a folder expose the original files, which can be undeleted from the disk. The tool can be safely used if the encrypted folder is decrypted to an encrypted volume created with another encryption tool. Optional password recovery is available, but exposes the password and data to the FlashCrypt team (from the Russian company FSPro Labs), which may also charge a fee for the recovery.
Pismo File Mount Audit Package
Description: Pismo File Mount Audit Package allows users to mount the contents of ZIP, ISO, Compact ISO, Compact File Set and Private Folder files to the file system as virtual folders.
Algorithms: AES-128, with PKCS5v2 password derived key
Review: Practical for folder encryption (especially if you use build 173), but not robust against data corruption - data can get corrupted occasionally with intense usage (frequent writes and file operations). The tool attempts to automatically recover corrupted private folders, which sometimes work and sometimes doesn't. This tool can help save A LOT of disk space but should be used with caution because of the real possibility of data loss. Because it uses AES-128, it is not suited for encrypting TOP SECRET data. Many useful functionality, like its tray icon and ability to mount a private folder to the same folder of the private folder file, was sadly removed from the tool package after build 173.
Official Homepage: https://pismotec.com/pfm/ap/
Description: ProxyCrypt is a command line tool that creates encrypted volumes within a file or a hard drive. Encryption and decryption are made on the fly, allowing you to use encrypted volumes like normal ones.
Algorithms: AES-256, Serpent & SHACAL-2
Review: Practical command-line tool for advanced users. It can mount an encrypted volume file to a drive letter or an empty NTFS folder. Make sure to use it together with the modified ImDisk Toolkit by w77, which fixes a data corruption issue in Windows 7 or higher.
Official Homepage: https://sourceforge.net/projects/proxycrypt/ and https://sourceforge.net/projects/imdisk-toolkit/
Symantec Encryption Desktop
Description: Encryption Desktop provides organizations with comprehensive and full disk encryption for all kinds of data on desktops, laptops, and removable media.
Algorithms: AES-256, CAST-128 (CAST5) & Twofish-256
Review: Fast, practical and reliable for encrypted volume file creation and mounting. It can compact an encrypted volume file (in X86 but not X64 systems) and mount an encrypted volume file to a drive letter or an empty NTFS folder (though a bug makes it sometimes mount volume files to the wrong mount points). Incredibly slow format for disk encryption and not practical for on-the-fly, individual folder encryption. Encryption Desktop can also securely delete files and create encrypted PGP ZIP and Self-Decrypting files, which work fine, but you cannot edit, view or preview any of the zipped files without decrypting them to the disk. The command-line options offered by Encryption Desktop are limited, sometimes undocumented, and in many cases do not work as expected.
Official Homepage: https://www.softpedia.com/get/Security/Encrypting/Symantec-Encryption-Desktop.shtml (trial download), https://www.symantec.com/products/endpoint-encryption
Description: VeraCrypt is used for on-the-fly encryption. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device with pre-boot authentication. VeraCrypt is a fork of the discontinued TrueCrypt project.
Algorithms: AES-256, Serpent-256, Twofish-256 and others,
Review: Little practical for encrypted volume file creation and mounting, but does the work. Despite supporting various algorithms, VeraCrypt, like the old TrueCrypt, is not very practical for disk encryption. It cannot encrypt individual directories and cannot mount a volume file as NTFS folder. At least, the command-line options offered by VeraCrypt work as expected.
Official Homepage: https://www.veracrypt.fr/
Other Tools & Feedback
We also tried, but didn't approve:
- WinMount - Reason: data corruption experience with the virtualized, compressed MOU file format
- some other tools we may list at a later moment
Feel free to get in touch and let us know of any other encryption tools you feel should be reviewed and perhaps be listed here.