Encryption Alphabet Soup

Learning a multiplicity of acronyms is pretty much a requirement for navigating any discipline. Every field has its own set of acronyms and the sequence of 3 or 4 letters that usually make up the acronym most likely has a completely different meaning from discipline to discipline. Even within a discipline it is common to see the acronyms muddled together.

Here are a few that I hear everyday: HDD, SED, FDE, SSD, FIPS, OPAL, eDrive. Ok, the last two aren’t acronyms but nevertheless they can be confusing, especially if they are used in a sentence with the others incorrectly.

Here are a few examples:

  • “SSDs are faster than SEDs.”
  • “I don’t have any SEDs; I have FIPS drives instead.”
  • “I wish I had an Opal drive not an eDrive.”
  • “What is better FDE or SED?”

I will define the above terms and then point out how these sentences are not quite right.

HDD: Hard Disk Drive

A storage device usually with a magnetic spinning disk inside for the storage media.

SSD: Solid State Drive

A storage device that utilizes memory for the storage media.

FDE: Full Disk Encryption

All (almost) the storage is encrypted on a level well below the file system, even the Operating System. The encryption can be done with low level filter drivers (Software FDE) or by the drive itself (Hardware FDE).

SED: Self Encrypting Drive

The encryption is performed right in the drive, typically in an ASIC (Application Specific Integrated Circuit). A SED is a form of Hardware FDE.

Opal: not an acronym in this discipline.

It is the name (I don’t know why) given by the Trusted Computing Group to the storage security protocol specification for managing SEDs.

eDrive: not an acronym

An eDrive is an Opal 2.0 SED configured in a certain way. You need a few extra features over just a base Opal 2.0 drive but practically speaking all the Opal 2.0 drives I have seen could be configured to be an eDrive.

FIPS: Federal Information Processing Standards

There are a few of them but if someone says they have a FIPS drive they probably mean they have a FIPS 140-2 certified drive. The cryptographic engine, if not the whole drive, is approved by the Canadian and US governments. A FIPS drive is a SED. The cryptographic engine used for software FDE can be FIPS 140-2 certified too but you wouldn’t call it a FIPS drive.

Now let’s look at those previous sentences:

  • “SSDs are faster than SEDs.”
    Apples and Oranges, An SSD could even be a SED or vise a versa.
  • “I don’t have any SEDs; I have FIPS drives instead.”
    If you have FIPS drive then you have a SED
  • “I wish I had an Opal drive not an eDrive.”
    An eDrive is an Opal drive configured a certain way. Just revert it to factory settings and you will have an unconfigured Opal 2.0 drive
  • “What is better FDE or SED?”
    A SED is a form of hardware FDE.

Here are a few acronyms that you CAN string together.

  • “I have a FIPS OPAL SED SSD.”
  • “What are the advantages of Opal SEDs over software FDE?”

* I did some fact checking with Wikipedia when writing this Blog. Best to check there for the full definitions.

Previous Post
Encryption solutions & Pre-Boot Network-based Authentication
Next Post
The CES of Security Events