I think we all have heard the terms ‘Full Disk Encryption‘ and ‘Filesystem Level Encryption‘. They protect us from data theft by encrypting data on disks. But how do they work, actually? How does full-disk Encryption differ from filesystem-level encryption? And which one to go for?
Let’s look into it in more detail.
What is Full Disk Encryption?
Full-disk encryption, or FDE, is a technology in which everything on disk is encrypted, including the programs that can encrypt bootable operating system partitions. The only exception is some parts of the disk may not get encrypted, for example, the part containing the Master Boot Record (MBR). But for systems using hardware-based full-disk encryption, even the MBR gets encrypted.
In full-disk encryption technology, the whole disk gets encrypted using an encryption key. When the system starts, it prompts the user to provide an encryption key. Using that encryption key, data is decrypted, and the system boots and runs normally.
After the system boots, any information that is read from the disk is decrypted on the fly and stored in memory. Similarly, any information that is written to disk is encrypted and stored in the disk. Without the encryption key, any data stored on the disk remains inaccessible to hackers.
What is File System Level Encryption?
On the other hand, in filesystem-level encryption, individual files and directories in the filesystem are encrypted by the filesystem itself. The whole disk does not get encrypted. Rather, encryption is done on the filesystem level.
Using this encryption technology, we can efficiently encrypt and decrypt selected files and directories in the filesystem, and other not-so-important files and directories can remain unencrypted at the same time.
Here are some good file encryption software:
0 Comments