Earlier this week, the biggest disk drive makers in the world completed a specification that paves the way for full-disk encryption in most, and in the future, probably all drives. Select manufacturers, such as Seagate, have been offering encrypted drives for a little while, but this is the first time a standard has been put in place. Thanks to such action, you can expect to see the feature becoming a big part of our computing lives.
It appears that drives can be equipped with either AES 128-bit or AES 256-bit encryption, both of which are incredibly secure. Once a drive is installed, you will need to set a password, and like most passwords, it shouldn’t be forgotten, and it should be rather complex. Even if the drive is encrypted, it means nothing if someone manages to crack your easy password.
The best part about the drive encryption is that it’s all-in-one solution, completely independent of the OS. It also doesn’t matter how many or what type of partitions you have, and best of all, it’s supposed to be completely transparent to the user, and won’t affect the drive’s performance. Luckily, although losing data sucks, if you happen to forget your password, you can wipe the drive and start over. So, data lost, but hard drive retained (and money saved).
“This represents interoperability commitments from every disk drive maker on the planet,” said Robert Thibadeau, chief technologist at Seagate Technology and chairman of the TCG. “We’re protecting data at rest. When a USB drive is unplugged, or when a laptop is powered down, or when an administrator pulls a drive from a server, it can’t be brought back up and read without first giving a cryptographically-strong password. If you don’t have that, it’s a brick. You can’t even sell it on eBay.”