Skip to content

Full Disk Encryption#

Besides encrypting messages between Bob and Alice, what else is encryption used for? Disk encryption is a big candidate.

We know what a disk is: it's a way of storing information. But what if that information is kept on the disk in plain text and the disk is stolen? That's a problem.

To solve that issue, we can use full disk encryption - using a symmetric algorithm - to encrypt everything on the disk. The results are known as "encryption at rest", which means once the data has been written to the disk it's written as cipher text (the encrypted data.)

When you're using the disk, the information is encrypted and decrypted on the fly, in real time. When you stop using the disk, it's encrypted (at rest.) If the disk is stolen, it would be very difficult to recover the information from it without the secret key.

Examples full disk encryption are BitLocker on Windows and FileVault on macOS.