What is hard disk encryption?
Full Disk Encryption (FDE) protects the information stored on a hard disk or hard disk partition from unauthorized access by encrypting all data. The data of a computer’s operating system is also encrypted. Accessing the data or booting the computer requires a key that is unlocked by authentication with an identifier or with special hardware. Once the key has been released, the encryption and decryption of the data take place automatically and transparently for the user when the data is read or written.
Solutions for hard disk encryption exist for all common operating systems. Both solutions integrated directly by the manufacturers of the operating system and applications from external providers are available. Hard disk encryption is particularly useful for mobile computers such as laptops. It protects the data after the device is stolen. Reading the hard drives with the help of an external device is no longer possible without the key.
How hard disk encryption works
Hard disk encryption ensures that all data written to a hard disk is encrypted. During reading, the software decrypts the data. However, they remain encrypted on the hard disk. For users and applications, hard disk encryption is transparent.
Encryption is enabled for the entire hard disk or a partition. To boot a computer, the operating system must be decrypted. For this, it is necessary to perform authentication in a pre-boot process. The authentication is password or hardware based. Authentication releases the key and the data on the hard disk is decrypted and readable during the computer startup process.
The Advanced Encryption Standard (AES) is often used as the encryption method. AES works quickly, offers a high level of security, and is supported by common hardware. Both the content of the files and the file names are encrypted. By encrypting the file names, no conclusions can be drawn about the contents of the files.
Advantages and disadvantages of hard disk encryption
The most important advantage of hard disk encryption is that it is no longer possible to read the hard disks without a key. Methods such as removing the hard disk and connecting it to external systems or booting a stolen computer using external media such as USB sticks can no longer be used to access the stored contents. Because the encryption is integrated into the operating system, Full Disk Encryption works transparently and automatically in the background for both users and applications. Setting up and activating the encryption is simple and quick.
A disadvantage is that the performance of the system may be affected by the computing power required for encryption and decryption. Hardware with support for the AES encryption algorithms minimizes the performance losses. Another disadvantage is that if the key, password, or authentication hardware is lost, the data on the hard disk is no longer readable.
Hard disk encryption solutions for different operating systems
Integrated or external solutions for hard disk encryption exist for all common operating systems such as Windows, Linux, or macOS. In certain Windows editions, the BitLocker program from Microsoft is already included. For computers with macOS, FileVault can be used.
In Linux environments, FDE solutions such as Loop-AES or dm-crypt are available. In addition, cross-operating system solutions and open-source-based or commercial programs for full disk encryption can be used. These solutions include CrossCrypt, TrueCrypt, VeraCrypt, PGP Whole Disk Encryption, BestCrypt Volume Encryption, DriveLock, and many more.