Disk encryption is a method of safeguarding the information on a hard disk. With this style of encryption, the entire drive, with the exception of the master boot record (MBR), is encrypted using a single key. The MBR is left unencrypted to aid with the computer’s booting and information retrieval process. Some full disk encryption systems also encrypt the MBR, but these are much less common. Full disk encryption is useful for security, but it has several faults that make it necessary to use other methods at the same time.
There are two main methods of disk encryption; hardware- and software-based. Hardware encryption requires specially equipped drives that encrypt and decrypt on the fly. Once the key is entered into the drives systems, the fact that the drive is encrypted shouldn’t be noticeable to the user. Software systems require a software layer that acts as an interface between the drive and the user. These systems are easier to implement than hardware, but can slow a system down.
In either case, the method of accessing an encrypted drive is basically the same. When the computer boots, a box will come up asking for a key. The computer is in a suspended state until the key is entered. After the user enters the encryption key, the computer boots as normal. If the encrypted drive is not the one with the computer’s operating system, then the prompt will come when the drive is mounted for use.
The main reason to use full disk encryption is for security when the drive is powered down. After the computer is turned on and the disk’s key is in the system, the drive’s encryption has no effect on the user. When the drive is powered down, it will be inaccessible to anyone without the key. This is particularly important for portable drives, like those in laptops, which are easily stolen.
Since the disk’s encryption only works properly in an off state, most encrypted disks feature other types of security as well. The most common additional security is folder encryption. Folder encryption works similarly to disk encryption, except it is active all the time. When the drive is powered down, two different levels of security will need bypassing to access the information.
Disk encryption is particularly susceptible to a type of hack called a cold boot attack. If an active system is rebooted using a specialized form of processor signal, it will dump all the active memory to a file. The security key for the drive is part of this active data. It is possible to extract that file and search through the information for the key, completely bypassing the disk’s security.