Disk encryption software encrypts entire disk drives and can require separate hardware for unlocking or use deniable encryption. Some software creates hidden volumes, while others use additional hardware devices. However, disk encryption software is not immune to attacks, such as brute-force dictionary attacks or cold boot attacks.
Disk encryption software is a method of full disk encryption, where different types of software implement different functions and strategies for encrypting an entire disk drive, known as full disk encryption (FDE). Among various methods, some FDE software will require the use of separate hardware, either to unlock a drive or store encryption keys, or in some cases, both. Other FDE software can unlock the disk the moment the user logs in to the computer, while others won’t even boot the computer’s operating system without permission. Still others differ in the way they handle the disk format and the way encryption is generated from the disk structure.
Some implementations of disk encryption software have deniable encryption. Here, the data is nestled, where the lower layers can be denied existence. If the user is required to give up the password for any reason, only certain data can be accessed, such as operating system files, programs, or data that the user has decided is not all that secret. The user shows compliance by giving up a password and seemingly unlocking the disk, yet the real secret data remains hidden under another password which remains secret.
In many cases where this plausible deniability is used, the software creates some kind of volume within a volume. The main disk partition is loaded with a password, which runs the operating system and software, while a second invisible disk partition can only be accessed with the second password. Of course, this method only works well if the attacker is unable to see any distinguishing features of an underlying encrypted data structure. To work around this problem, the software does not leave any marks around indicating if disk encryption is being used. To an outside observer, the data seems random and uninteresting unless you know the key to unlocking it.
Some disk encryption software is designed to support or even require additional hardware devices used to unlock the disk. One such method is to use expansion cards with an additional processor to handle the encryption and decryption of data on the drive. You may need to insert other hardware additions, such as smart cards or Universal Serial Bus (USB) dongles, into your computer to provide the key to unlock the disk. Many of these hardware additions adhere to the Trusted Platform Module (TPM) specification, but only some types of disk encryption software fully implement the TPM.
Finally, various disk encryption software can work by using a file as an encrypted volume, a separate logical partition of a physical drive, or the entire disk. With full disk encryption software, everything is protected, including information about how the disk is partitioned, boot information, and data. This type of FDE software will likely require an additional pre-boot password just to allow the computer to boot into the operating system. Also, some software may not be able to handle encryption for operating system power management techniques, such as sleep or hibernate states.
Disk encryption software is not immune to attack techniques. In some software, it is possible to perform brute-force dictionary attacks against passwords. Other types of software can use disk sector information in insecure ways, allowing the detection of encrypted files on a system. Another danger lies in the computer’s random access memory (RAM), where the operating system has left behind encryption keys. In what is called a cold boot attack, the computer can be quickly restarted and booted by a separate operating system, which can then read what is left in the computer’s RAM.
Protect your devices with Threat Protection by NordVPN
