Encrypting disk hard drives – Best security practice today
When a drive is first bought into service, before anything is written to it, a high quality entropy source should be used to produce a large (128 or 256 bit), high entropy symmetric secret. This is the encryption key. It will then be forever used to key an inline AES algorithm which encrypts / decrypts the drive contents on the fly. All the data stored on the drive will then be complete gyberish without knowing the key.
If the inline AES encryption is fast enough to keep up with the read/write performance of the drive and/or its interface then there is no performance penalty of using the encryption.
How can the encryption key be protected
A user or the operating system supplies a secret (e.g. a password). A PBKDF (Password-Based Key Derivation Function) is used to to encrypt the drive encryption key with it and this can then be stored on the drive in place of the encryption key. This has therefore become a “password dependant key”. Without the user / OS secret the drive encryption key cannot be obtained by the decryption software and the drive is therefore protected.
Securely wiping an encrypted drive
If you change the encryption key and you will have securely wiped the drive with cryptgraphic security, including all sectors that have ever been taken out of service by the drive wear levelling and fault detection functions.
Software vs hardware encrypted drives?
A hardware encrypted drive simply has the software encryption applied within the drive itself. Researchers have shown (2018-12) that many of the popular encrypted drives have not implemented security correctly and therefore have vulnerabilities. There is therefore a strong argument that you should not rely upon hardware encrypted drives over proven software encryption to achieve proper security.