While many people actively choose to encrypt their data, others may be surprised to find out that their current drive is doing so automatically without input from them. Why is that? Today’s SuperUser Q&A post has the answers to a curious reader’s question.

Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.

Photo courtesy of Roo Reynolds (Flickr).

The Question

SuperUser reader Tyler Durden wants to know why his SSD internally encrypted data without a password:

Why would an SSD internally encrypt data without a password?

The Answer

SuperUser contributor DragonLord has the answer for us:

Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.

The SSD does this by storing the encryption key in plain text. When you set an ATA disk password (Samsung calls this Class 0 security), the SSD uses it to encrypt the key itself, so you will need to enter the password to unlock the drive. This secures the data on the drive without having to erase the entire contents of the drive or overwrite all data on the drive with an encrypted version. Having all the data encrypted on the drive also brings another perk: the ability to effectively erase it instantly. By simply changing or deleting the encryption key, all data on the drive will be rendered unreadable without having to overwrite the entire drive. Some newer Seagate hard-drives (including several newer consumer drives) implement this feature as Instant Secure Erase(1). Because modern hardware encryption engines are so fast and efficient, there is no real performance advantage to disabling it. As such, many newer SSDs (and some hard-drives) have always-on encryption. In fact, most newer WD external hard-drives have always-on hardware encryption.

(1) In response to some of the other comments: This may not be entirely secure considering that governments may be able to decrypt AES within the near future. It is, however, generally sufficient for most consumers and for businesses who are trying to reuse old drives.