Disk encryption: Difference between revisions

There are multiple tools available in the market that allow for disk encryption. However, they vary greatly in features and security. They are divided into three main categories: [[software]]-based, [[hardware]]-based within the storage device, and [[hardware]]-based elsewhere (such as [[CPU]] or [[HBA]]). [[Hardware-based Full Disk Encryption]] within the storage device are called [[self-encrypting drives]] and have no impact on performance whatsoever. Furthermore the media-encryption key never leaves the device itself and is therefore not available to any virus in the operating system. The [[Trusted Computing Group]] Opal drive provides industry accepted standardization for self-encrypting drives. External hardware is considerably faster than the software-based solutions although CPU versions may still have a performance impact, and the media encyption keys are not as well protected. All solutions for the boot drive require a [[Pre-Boot Authentication]] component which is available for all types of solutions from a number of vendors. It is important in all cases that the authentication credentials are usually a major potential weakness since the [[symmetric cryptography]] is usually strong.