1413 Two Encryption Modes for Software-Encrypted Device

  • Updated on Feb 6, 2026
  • 1 minute(s) read
  • VN
 Prev Next

The choice of these options applies only during the initial encryption pass, when a software-encrypted device is being installed with SecureDoc, and then goes through the process of mass-protecting the disk contents.

Full Encryption:
With full encryption, we encrypt every sector on the disk on the first pass, protecting both sectors that contain data, as well as what the Operating System sees as "free space".

Fast Encryption
With fast encryption, SecureDoc only encrypts those sectors that the Operating Systems sees as containing data during the first pass, leaving free space untouched.

Clarification:

Both methods will encrypt data on the fly as data is written to the hard disk, so as the disk fills up with new data, that additional data will always be encrypted as it is written.

Fast encryption sounds great - why would one not use it?
The risk of Fast encryption vs. Full encryption is this:  If a given disk had been previously used (e.g. reformatted and re-imaged), the reformatting process does not wipe out any previous data - it simply marks all the sectors as available for re-use.  If there had been confidential data on that disk, it can still be accessed following deletion, or reformatting - in fact, to completely wipe a disk often takes a great many passes of a FIPS wipe tool.

So, by using fast encryption on old equipment, there is a chance those sectors that were marked as free by the file system will not be encrypted by SecureDoc (because the Operating system doesn't recognize them as having had data in them, so SecureDoc will not encrypt them.  With the right tools, an attacker can then read those sectors and gain access / compromise the information in them.

Full encryption on the other hand will protect all data on the disk whether they are in use or deleted.

Conclusion:

With any hard disk on a computer that is not effectively "factory fresh", WinMagic recommends the safest option is to recommend the use of full encryption.  This guarantees that any deleted files are also encrypted, ensuring complete safety of information that may still reside inside an older/re-used disk drive.

Custom Fields

  • Operating System: All
  • Product_Documentation: Yes
  • Version: Affects all versions of SD
Related articles