We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.

What are the Different Types of Disk Encryption Software?

By S.A. Keel
Updated May 16, 2024
Our promise to you
EasyTechJunkie is dedicated to creating trustworthy, high-quality content that always prioritizes transparency, integrity, and inclusivity above all else. Our ensure that our content creation and review process includes rigorous fact-checking, evidence-based, and continual updates to ensure accuracy and reliability.

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

Editorial Standards

At EasyTechJunkie, we are committed to creating content that you can trust. Our editorial process is designed to ensure that every piece of content we publish is accurate, reliable, and informative.

Our team of experienced writers and editors follows a strict set of guidelines to ensure the highest quality content. We conduct thorough research, fact-check all information, and rely on credible sources to back up our claims. Our content is reviewed by subject-matter experts to ensure accuracy and clarity.

We believe in transparency and maintain editorial independence from our advertisers. Our team does not receive direct compensation from advertisers, allowing us to create unbiased content that prioritizes your interests.

Disk encryption software is a full disk encryption method,where the different types of software implement different functions and strategies for encryption of an entire disk drive, known as full disk encryption (FDE). Among the various methods, some FDE software will require the use of separate hardware, either for unlocking a drive, or storing the encryption keys, or in some cases both. Other FDE software may unlock the disk at the time the user logs into the computer, while others won't even boot the computer's operating system without authorization. Still other types distinguish themselves by the way they handle the format of the disk and the way the encryption is generated from the disk's structure.

Some disk encryption software implementations have deniable encryption. Here, the data is nested, where lower levels can be denied existence. If the user is required to give up the password for any reason, only certain data can be accessed, such as operating system files, programs, or data that the user has decided isn't really all that secret. The user shows compliance by giving up a password and seemingly unlocking the disk, yet the real secret data remains hidden beneath another password that remains secret.

In many cases where this plausible deniability is used, the software creates something of a volume within a volume. The main disk partition is loaded with one password, running the operating system and software, while a second, invisible disk partition is only accessible with the second password. Of course, this method only works well if the attacker isn't able to see any distinguishing characteristics of an underlying, encrypted data structure. To get around this, the software doesn't leave any marks lying around that indicate whether disk encryption is being used. To an outside observer the data seems random and uninteresting, unless the key to unlock it is known.

Some disk encryption software is designed to support or even require additional hardware devices that are used to unlock the disk. One such method is the use of expansion cards with an additional processor for handling the encryption and decryption of the data on the drive. Other hardware additions, such as smart cards or universal serial bus (USB) dongles, may need to be inserted into the computer to provide the key for unlocking the disk. Many of these hardware additions adhere to the Trusted Platform Module (TPM) specification, but only certain types of disk encryption software fully implement the TPM.

Lastly, various disk encryption software may work by using a file as the encrypted volume, a separate logical partition of a physical drive, or the entire disk. With full disk encryption software, everything is secured, including the information on how the disk is partitioned, the boot information, as well as the data. This type of FDE software will probably require some additional pre-boot password just to get the computer to start up the operating system. Furthermore, some software may not be capable of handling encryption for the power management techniques of the operating system, such as sleep or hibernation states.

Disk encryption software is not immune to attack techniques. In some software, brute-force dictionary attacks can be made against the passwords. Other types of software may use information about the disk's sectors in unsecured ways, allowing for the detection of encrypted files on a system. Another danger lies in the random access memory (RAM) in the computer, where the operating system has left remnants of the encryption keys. In what's called a cold boot attack, the computer can be quickly restarted and booted from a separate operating system, which can then read what was left over in the computer's RAM.

EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Discussion Comments
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.