Encryption Alphabet Soup

Learning a multiplicity of acronyms is pretty much a requirement for navigating any discipline. Every field has its own set of acronyms and the sequence of 3 or 4 letters that usually make up the acronym most likely has a completely different meaning from discipline to discipline. Even within a discipline it is common to see the acronyms muddled together.

Here are a few that I hear everyday: HDD, SED, FDE, SSD, FIPS, OPAL, eDrive. Ok, the last two aren’t acronyms but nevertheless they can be confusing, especially if they are used in a sentence with the others incorrectly.

Here are a few examples:

  • “SSDs are faster than SEDs.”
  • “I don’t have any SEDs; I have FIPS drives instead.”
  • “I wish I had an Opal drive not an eDrive.”
  • “What is better FDE or SED?”

I will define the above terms and then point out how these sentences are not quite right.

HDD: Hard Disk Drive

A storage device usually with a magnetic spinning disk inside for the storage media.

SSD: Solid State Drive

A storage device that utilizes memory for the storage media.

FDE: Full Disk Encryption

All (almost) the storage is encrypted on a level well below the file system, even the Operating System. The encryption can be done with low level filter drivers (Software FDE) or by the drive itself (Hardware FDE).

SED: Self Encrypting Drive

The encryption is performed right in the drive, typically in an ASIC (Application Specific Integrated Circuit). A SED is a form of Hardware FDE.

Opal: not an acronym in this discipline.

It is the name (I don’t know why) given by the Trusted Computing Group to the storage security protocol specification for managing SEDs.

eDrive: not an acronym

An eDrive is an Opal 2.0 SED configured in a certain way. You need a few extra features over just a base Opal 2.0 drive but practically speaking all the Opal 2.0 drives I have seen could be configured to be an eDrive.

FIPS: Federal Information Processing Standards

There are a few of them but if someone says they have a FIPS drive they probably mean they have a FIPS 140-2 certified drive. The cryptographic engine, if not the whole drive, is approved by the Canadian and US governments. A FIPS drive is a SED. The cryptographic engine used for software FDE can be FIPS 140-2 certified too but you wouldn’t call it a FIPS drive.

Now let’s look at those previous sentences:

  • “SSDs are faster than SEDs.”
    Apples and Oranges, An SSD could even be a SED or vise a versa.
  • “I don’t have any SEDs; I have FIPS drives instead.”
    If you have FIPS drive then you have a SED
  • “I wish I had an Opal drive not an eDrive.”
    An eDrive is an Opal drive configured a certain way. Just revert it to factory settings and you will have an unconfigured Opal 2.0 drive
  • “What is better FDE or SED?”
    A SED is a form of hardware FDE.

Here are a few acronyms that you CAN string together.

  • “I have a FIPS OPAL SED SSD.”
  • “What are the advantages of Opal SEDs over software FDE?”

* I did some fact checking with Wikipedia when writing this Blog. Best to check there for the full definitions.

Previous Post
Encryption solutions & Pre-Boot Network-based Authentication
Next Post
The CES of Security Events

Related Posts

Risk Mitigation

When I attended the Gartner Security & Risk Management summit a couple of weeks ago, I attended a session about Encryption Planning Made Simple. It was a good look at some of the issues facing organizations today and the barriers…
Read more

WinMagic Certified Secure Validation

Today SanDisk announced their new SSD offering, the X300s – it’s their first drive to feature encryption capabilities. As part of this announcement, WinMagic also announced that SanDisk is the first drive partner we work with to complete the WinMagic…
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Contact Us

This will close in 0 seconds