Revision as of 20:59, 23 November 2010 edit Frap (talk \| contribs) Extended confirmed users, File movers, Pending changes reviewers, Rollbackers 35,593 edits No edit summary ← Previous edit		Revision as of 21:00, 23 November 2010 edit undo Frap (talk \| contribs) Extended confirmed users, File movers, Pending changes reviewers, Rollbackers 35,593 edits →Feature - fenefits Next edit →
Line 23: The two main use cases are Data At Rest protection, and Cryptographic Disk Erasure. In Data At Rest protection a laptop is simply closed which powers down the disk. The disk now self-protects all the data on it. Because all the data, even the OS, is now encrypted, with a secure mode of [[Advanced Encryption Standard\|AES]], and locked from reading and writing the data is safe. The drive requires an authentication code which can be as strong as 32 binary bytes (2^256) to unlock. With Cryptographic Disk Erasure the drive is commanded, with proper authentication credentials, to self-generate a new media encryption key and go into a 'new drive' state. Unlike other forms of sanitization, this action takes a few milliseconds at most. So a drive can be safely repurposed very quickly.

Hardware-based full disk encryption: Difference between revisions