At a Glance
- Open Source, hidden volumes, supports no-installation mode and USB drives
- Fewer features than some competitors; does not have signed drivers for 64-bit Windows
This “on-the-fly” (OTFE) transparent disk encryption program is free and open source.
FreeOTFE may sound like a political bumper sticker, but it
stands for “Free On The Fly Encryption.” The “Free” part is
self-explanatory; “On The Fly Encryption” refers to the
encrypting/decrypting of data as it is written to or read from your
hard disk. The data on your disk (either the whole disk or a
portion of it, as you see fit) is stored in an encrypted form, and
FreeOTFE handles all read and write requests, so that the operating
system, applications, etc, operate normally. Speed impact is
generally minimal and will probably not be noticed by a user under
The easiest and most common way to use open source program
FreeOTFE is to create one or more encrypted files. These files are
basically large chunks of disk space filled with encrypted data.
Once you have created one, you use FreeOTFE to mount it, and it
appears in Windows Explorer as any other hard disk, with a capacity
equal to the file size (that is, you create a 30 gig file, and you
get a 30 gig virtual hard drive). So long as it’s mounted, you use
it like any other drive. But when it’s dismounted, the contents of
the file are effectively incomprehensible without the password,
which ought to be extremely hard to guess or to solve by brute
force–twenty characters with a mix of cases, numbers, and
punctuation is a good minimum.
Another option for FreeOTFE is encrypting an entire partition or
physical hard disk. This should be done only on an empty partition,
and cannot be done on the boot partition, for obvious reasons.
(Other programs, such as the also-free and also-open-source TrueCrypt,
can encrypt a volume “in place”, encrypting existing data, and
encrypt the boot disk as well.) Doing this is most useful if you
have a lot of data you want encrypted.
FreeOTFE has a “no install” mode, though it does require
Administrator privileges to load the drivers. Using this mode is a
good way to put both FreeOTFE and an encrypted volume on a portable
drive, either a flash drive or a small USB drive. If the drive is
stolen or lost, its contents will be inaccessible, and you can use
it on any computer where you have appropriate privileges–for
example, this is ideal for transporting sensitive data between
office and home environments, or between multiple work
In addition, there is a PDA version of
FreeOTFE which creates volumes that work under Windows Mobile
2003 or later, and these volumes, if created in FAT or FAT32
format, can also be mounted on your PC. Finally, there is a version
called FreeOTFE Explorer,
which is “driverless,” so it can be used on any system, but it
supports only FAT32 drives, which are limited to 4GB files.
While FreeOTFE will work under 64-bit Windows Vista and Windows
7, it does not have signed drivers, which those systems require.
The FAQ details a number of ways to overcome this, but all of them
have some drawbacks or complications. Getting signed drivers is a
stated development priority.
FreeOTFE is a good choice if you need to mount volumes on
Windows PDAs as well as PCs, and the FreeOTFE Explorer option
allows you to have an encrypted volume even when you lack
Administrator privileges, both of which are reasonable use cases.
(These additional programs are not part of the FreeOTFE download,
but they work with FreeOTFE volumes, so it makes sense to use
FreeOTFE in all the environments you work with.) In addition,
FreeOTFE offers more cypher and hash options than TrueCrypt, which
can be important if you have a preference or a mandate for a
particular algorithm. Being free and open source, there’s little
reason not to test it against other encryption solutions and see if
it offers a better selection of features for your needs than the