Open source disk encryption for Windows

To the author's knowledge, there are only 4 open source disk encryption systems for Windows:

1. Truecrypt by Truecrypt Foundation
2. FreeOTFE by Sarah Dean
3. PGPdisk from PGPi package
4. Crosscrypt by Stefan Scherrer

None of these allows the encryption of the system partition. All "full disk encryption" software is closed source. The author of this site strongly discourages the use of closed source crypto. However, through special tools it is possible to effectively establish a fully encrypted Windows system with open source crypto.

Users who are forced by some policy to use closed source crypto or who don't fear potential backdoors, may select a certified disk encryption product. Information about Common Criteria evaluated (EAL) disk encryption software can be obtained from the CommonCriteria Portal. Users are advised to carefully study the relevant certification reports and remember that EAL ratings are not always as meaningful as advertised (Understanding the Windows EAL4 Evaluation by Jonathan S. Shapiro).

There are also 2 closed source disk encryption systems that are free: Microsoft EFS and the free version of CompuSec.
Microsofts cryptographic file system EFS is not recommended for use on a single-user standalone computer but may find its place in a domain: The Encrypting File System: How secure is it?


Comparison

As of version 6.5, PGPdisk has been removed from the freeware version of PGP. PGPdisk prior to 6.5 only supports Win9x/NT and hence is not considered in this comparison.

Name Block ciphers
and key sizes		 Hash functions Block cipher modes -
IV generation modes		 Key generation 2-factor
authentication
Truecrypt
by Truecrypt Foundation		 AES
Blowfish
CAST5
Serpent
3DES
Twofish
(and cascades)		 SHA-1
RIPEMD-160
Whirlpool		 LRW
(CBC only legacy support)		 PKCS#5 PBKDF2 Yes
FreeOTFE
by Sarah Dean		 AES
Blowfish
CAST5
CAST6
DES
3DES
MARS
RC-6
Serpent
Twofish		 SHA-256
SHA-384
SHA-512
Whirlpool
Tiger
(and many more)		 CBC-ESSIV
(most secure offered)		 salted (and iterated?)
key generation		 Yes
Crosscrypt AES 128
AES 192
AES 256
Twofish		 ? CBC-plain IV ? Yes


Conclusion

Crosscrypt seems to be no longer maintained and offers only insecure block cipher mode that allows watermarking attacks.
Therefore it is not recommended.
Truecrypt and FreeOTFE are both actively maintained and seem to be secure at first glance (given that key generation of FreeOTFE is in accordance with PKCS#5 PBKDF2). The author would recommend not to condemn FreeOTFE because it does not support LRW already like Truecrypt.
The author of this site cannot determine whether Truecrypt and FreeOTFE are secure or not.
Users are advised to ask cryptographers for an evaluation of the cryptographic strength of Truecrypt and FreeOTFE in the appropriate places, e.g. sci.crypt newsgroup.


Full disk encryption with open source

Although none of the open source crypto supports an encrypted root partition, there are ways of achieving this or at least coming close.

1. Truecrypt plugins tcgina and tctemp allow encryption of the Windows user profile and the Windows swap file/temporary/print spooler files respectively.

2. Truecrypt + Bootable CD/DVD: In principal it is possible to boot the operating system from a Live-CD with Truecrypt support and access encrypted partitions from the Live-OS which has the advantage that normally no traces of computer activity are kept.
There exists a Truecrypt plugin for BartPE. Unfortunately BartPE has some serious limitations which make everyday use inconvenient. Truecrypt might find its way into Linux derived Live-OSes (-> grml) but then of course one runs a Linux machine.

3. Truecrypt + Windows XP from USB stick: to the author's knowledge it is possible to boot Windows XP from an USB stick if the BIOS supports this functionality. One could create such an USB-boot-WinXP and store it both on a DVD and USB. Whenever the OS on the USB stick has been "contaminated", it is erased and the backup copy from the DVD restored.

4. Truecrypt + VirtualMachine: one could create a Truecrypt volume and install a VirtualMachine within the encrypted volume. Then the operating system is started from within the VirtualMachine. Thus one has an XP that is fully encrypted because it's running in the VirtualMachine which itself is within the Truecrypt volume. The Host OS of course does store some information (VirtualMachine and Truecrypt infos), one could avoid that by starting the VirtualMachine from BartPE. One has to make sure that VM swapping memory is disabled.

Virtual Machines: Bochs, QEMU, VMware, Virtual PC.

Truecrypt forum thread: Whole system encrypted successful