Disk Encryption

Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people and uses disk encryption software or hardware to encrypt data that goes on a disk or disk volume.

Disk encryption prevents unauthorized access to data storage and is transparent to a user that has the proper logon credentials for the computer.

All common operating systems provide software based disk encryption, which should be used.

  • Microsoft Bit-Locker uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.
  • Apple FileVault full-disk encryption (FileVault 2) uses XTS-AES-128 encryption with a 256-bit key to help prevent unauthorized access to the information on your startup disk.
  • Ubuntu Linux uses a combination of Cryptsetup (sets up dm-crypt managed device-mapper mappings), dm_crypt (provides transparent encryption of block devices) and LUKS (standardizes a partition header, as well as the format of the bulk data). Cryptsetup is usually run at Ubuntu installation, allowing you to tailor the encryption settings to your specification from the beginning.