[an error occurred while processing this directive]


Lab Report -
Encryption Plus for Hard Disks 2.01 (June 1999)
A product review from the Windows NT Magazine laboratories by Mark Joseph Edwards

Contact: PC Guardian

System Requirements:
Windows NT, Pentium processor or better, Floppy drive, hard disks.

Each year, computer intruders steal millions of pounds worth of information. As you strive to tighten the security around your business information, don't overlook data encryption as an added layer of protection. PC Guardian's Encryption Plus for Hard Disks (EPHD) protects a computer's hard disks by using the Blowfish encryption algorithm. The company designed the product for virtually any network environment.


EPHD protects disk drives by inserting itself into the system's boot sequence, protecting entire drives rather than individual files and directories. During installation, EPHD moves the boot sector of the computer's primary boot disk to another location, and writes its own information in the original boot sector location. When the computer boots, EPHD gains control over the boot sequence and requires you to enter a password to initialise the file system on the protected drives. Without the correct password, the computer won't boot from the hard disk. If you boot your computer from a 3.5" disk, you still can't access the hard disk in any way without the correct password.

Passwords are the core of EPHD, and the software provides three different password types for gaining access to a system: daily password, master password, and a local administrative password. The daily password is for authorised users of a particular system, and the master and administrative passwords let users perform EPHD installations and reset daily and one-time password assignments. EPHD also uses an administrator-defined privacy code for the master encryption key during encryption processes.

After the OS boots, EPHD handles encrypting and decrypting operations on-the-fly and completely transparent to the user. On the network, a computer's shared resources remain usable without any special requirements to the connecting user. However, because EPHD requires you to manually enter a password at boot time, an NT server won't automatically reboot if you've installed EPHD.


EPHD supports up to two hard disks and as many as ten encrypted partitions on any computer system, but the current version 2.01 doesn't support SCSI devices or partitions that you've created using the popular Partition Magic software. Nor does EPHD encrypt PC Card devices or disk drives. In addition to its encryption capabilities, EPHD performs a boot sector integrity check to ensure no boot sector virus has infected the system. If the software discovers evidence of tampering, it repairs the damage. The software also includes a screen saver that you activate by using an inactivity timer or by clicking a screen-lock button. Once the screen saver is active, EPHD requires you to enter one of the three passwords (i.e., daily, master, administrative) to unlock the system.

As I stated previously, PC Guardian designed EPHD using the Blowfish encryption algorithm developed by Bruce Schneier. EPHD uses a 128-bit block cipher for sale inside the United States and Canada, and provides a 64-bit version for exporting to other countries. The software uses about 4KB of resident memory and uses about 4 percent to 6 percent of your CPU's power, depending on your overall system configuration.


To install EPHD, I first ran the set-up program, which copied the EPHD Administrator program onto the system. The Administrator program creates the User Install Disks, which contain the files for installing and establishing encryption on your servers and workstations. Unfortunately, the set-up program didn't let me select the installation path for the Administrator program. Set-up forced me to install the Administrator program in C:\pcguard. I'd rather choose the destination myself.

After I installed the Administrator program, I ran the program to produce the User Install Disks. To produce the disks, I had to define a privacy code, a master password, an administrative password, and the initial user password that users are prompted for when first installing EPHD. I could also choose to customise a one-time password message and configure the software so end-users can't uninstall it without authorisation. After I chose a destination folder to copy the files into, the process was complete. Next, I had to run the User Install Disk software on each system that I wanted to encrypt. I ran the set-up program, which copied the software onto the system and presented the user interface (UI) main menu where I selected which drives to protect with encryption. I had to reboot twice - once to start the encryption process and once after the encryption was complete.

Nice Stuff

Overall, EPHD is a nice addition to a computer's security. The product prevents unauthorised users from booting the OS and prevents access to all data on the hard disks it protects, so neat tools such as NTFSDOS won't let users access partitions.
If you're considering protecting your information with encryption, I recommend you look closely at Encryption Plus for Hard Disks.