Full disk encryption is a method of encrypting data on a hard drive, useful for easily stolen drives. There are two styles: those that encrypt the master boot record and those that don’t. Hardware-based encryption has minimal impact on system speed, while software-based encryption has a moderate impact. This type of encryption is used more often on easily portable drives.
Full disk encryption is a method of encrypting data on a hard drive. Unlike many encryption methods, full disk encryption encompasses the entire hard drive rather than a specific segment. This style of encryption is useful for drives that are easily stolen, such as those in a laptop or external drive. This encryption is usually done through software, but some purpose-built discs also offer hardware-based encryption.
There are two general styles of full disk encryption; those that encrypt the master boot record and those that don’t. The Master Boot Record provides several important functions, but the two important ones for this process are performing the second step of the computer startup process and maintaining the hard drive’s partition table. Typically, hardware systems can encrypt the master boot record, but software systems cannot.
A hardware full-disk encryption system is built right into the drive. After the computer has been turned on and the computer’s basic input/output system (BIOS) has finished the initial startup phase, the master boot record continues the startup process. With hardware-based encryption, a password box appears in this step. Without that password, startup will not continue.
With a software system, the master boot record is usually left alone. After the BIOS has finished its step, the operating system still needs to be loaded. Since it hasn’t loaded yet, any programming, such as a full-disk encryption program, won’t load. It is only after the MBR loads the drive’s partition table and finishes booting that the operating system and associated functions begin to function.
Full disk encryption affects system resources differently depending on the encryption style used. Hardware encryption is completely separate from the active computer system and, therefore, will have minimal impact on the speed and operation of your computer. Software encryption is both a constantly running program and an extra step in disk access. Typically, software-based encryption will have a moderate impact on system speed and stability.
Encrypting an entire hard drive provides basic protection when the computer is off or boots up, but very little when the computer is on. When the computer is turned off, anyone attempting to use the encrypted hard drive must provide password information. After the operating system has loaded, the password has been used and the encryption is passive. While the contents of the drive are still technically encrypted, nothing is locked down during active use. As a result, this type of encryption is used on easily portable drives more often than on standard desktop systems.
Protect your devices with Threat Protection by NordVPN
