What is Hard Disk Encryption?

The term hard disk refers to the main storage used in a computer. There are several synonyms for hard disk, including disk drive and hard drive, and hard disc is an alternative spelling. Encryption means converting data to a different form using an algorithm, making it inaccessible to anyone not possessing a secret key. Hard disk encryption refers to the act of encrypting the entire contents of a computer’s hard disk. It stands in contrast to file encryption, which only certain, specific data, leaving the rest readable.

Hard disk encryption has several other names. It is known as whole disk encryption, full disk encryption or full-disk encryption — which is also abbreviated as FDE, hard drive encryption, or simply disk encryption. Hard disk encryption has been considered to be a valuable security measure, provided by the operating system or a software program. It is meant to protect data on any computer, such as a desktop machine, and has been deemed particularly useful for laptop computers, removable devices, and other portable devices that leave the office and could be stolen or lost. For full functionality, it depends on having strong passwords, as well as a backup process that will allow the network administrator to restore if a password is forgotten or an employee is let go or leaves an organization. It can also be used in combination with authentication measures, such as a smart card keyboard or biometric indicator.

The security of hard disk encryption was called into question in 2008 with the publication of research by a project jointly supported by Princeton University and the Electronic Frontier Foundation (EFF). The research found that even with hard disk encryption, a computer’s data may still be at risk because DRAM (Dynamic Random Access Memory) retains data for a few seconds up to a minute after loss of power, and even if the DRAM is removed, allowing the encryption key and memory images to be obtained. It was also observed that when a user locks or suspends computer operations, or puts the computer into hibernation or sleep mode, RAM contents may be preserved and accessed. Efforts continue to render data more secure. In 2009, the Trusted Computing Group (TCG) — which includes hard drive manufacturers Fujitsu®, GST®, Hitachi®, IBM®, LSI®, Samsung®, Seagate®, ULink®, Wave Systems®, and Western Digital® — published a hard disk encryption standard, called the TCG Storage Specification standard, that they have all agreed to and which would omit the need for software encryption, since the system would be built into the hard drives themselves, but it’s not clear if this addresses the DRAM issues.