|
Data Security Solutions – from WinMagicData Security Solutions – from WinMagic
Contact Sales

Encryption Alphabet Soup

Garry McCracken
No Comments

Learning a multiplicity of acronyms is pretty much a requirement for navigating any discipline. Every field has its own set of acronyms and the sequence of 3 or 4 letters that usually make up the acronym most likely has a completely different meaning from discipline to discipline. Even within a discipline it is common to see the acronyms muddled together.

Here are a few that I hear everyday: HDD, SED, FDE, SSD, FIPS, OPAL, eDrive. Ok, the last two aren’t acronyms but nevertheless they can be confusing, especially if they are used in a sentence with the others incorrectly.

Here are a few examples:

  • “SSDs are faster than SEDs.”
  • “I don’t have any SEDs; I have FIPS drives instead.”
  • “I wish I had an Opal drive not an eDrive.”
  • “What is better FDE or SED?”

I will define the above terms and then point out how these sentences are not quite right.

HDD: Hard Disk Drive

A storage device usually with a magnetic spinning disk inside for the storage media.

SSD: Solid State Drive

A storage device that utilizes memory for the storage media.

FDE: Full Disk Encryption

All (almost) the storage is encrypted on a level well below the file system, even the Operating System. The encryption can be done with low level filter drivers (Software FDE) or by the drive itself (Hardware FDE).

SED: Self Encrypting Drive

The encryption is performed right in the drive, typically in an ASIC (Application Specific Integrated Circuit). A SED is a form of Hardware FDE.

Opal: not an acronym in this discipline.

It is the name (I don’t know why) given by the Trusted Computing Group to the storage security protocol specification for managing SEDs.

eDrive: not an acronym

An eDrive is an Opal 2.0 SED configured in a certain way. You need a few extra features over just a base Opal 2.0 drive but practically speaking all the Opal 2.0 drives I have seen could be configured to be an eDrive.

FIPS: Federal Information Processing Standards

There are a few of them but if someone says they have a FIPS drive they probably mean they have a FIPS 140-2 certified drive. The cryptographic engine, if not the whole drive, is approved by the Canadian and US governments. A FIPS drive is a SED. The cryptographic engine used for software FDE can be FIPS 140-2 certified too but you wouldn’t call it a FIPS drive.

Now let’s look at those previous sentences:

  • “SSDs are faster than SEDs.”
    Apples and Oranges, An SSD could even be a SED or vise a versa.
  • “I don’t have any SEDs; I have FIPS drives instead.”
    If you have FIPS drive then you have a SED
  • “I wish I had an Opal drive not an eDrive.”
    An eDrive is an Opal drive configured a certain way. Just revert it to factory settings and you will have an unconfigured Opal 2.0 drive
  • “What is better FDE or SED?”
    A SED is a form of hardware FDE.

Here are a few acronyms that you CAN string together.

  • “I have a FIPS OPAL SED SSD.”
  • “What are the advantages of Opal SEDs over software FDE?”

* I did some fact checking with Wikipedia when writing this Blog. Best to check there for the full definitions.

Garry McCrackenhttps://www.winmagic.com
Garry, a CISSP, has more than 30 years of experience in data communications and information security. He has contributed to the development of WinMagic's full-disk encryption solutions for desktops, laptops, and other mobile devices. When he is not saving the world of data encryption, he takes off his cape to relax and enjoy life at the cottage. Garry writes from a position of technical expertise since we first started SecureSpeak, making him the longest running blogger at WinMagic.
Previous Post
Encryption solutions & Pre-Boot Network-based Authentication
Next Post
The CES of Security Events