-1

Encrypted drives are usually decrypted at boot, so if the system is running live and the drive is unplugged while "hot" and plugged into another system will the data still be unencrypted?

I may be misunderstanding the implementation here, but let's use a LUKS encrypted drive as the example. Is the decryption handled in RAM or something like that (as opposed to decrypting the underlying, smaller mapper)? If this is the case, then it wouldn't matter if the drive was taken out because it would not be decrypted, whereas if it is done on the mapper for the encryption (written as decrypted) it would likely persist as decrypted between swapping the drive.

SamCyanide
  • 339
  • 1
  • 5
  • 3
    It's all on-the-fly decryption using the encryption drivers available for a given format. It would take a very long time to decrypt an entire drive just to use it. Bitlocker functions the same way. – Nathan C Nov 01 '17 at 15:53

2 Answers2

4

Drives aren't encrypted on mount. All data on the drive stays encrypted at all times. It's that they can only be mounted with the proper decryption key. When they're mounted they look like they're decrypted.

So actually, nothing special happens when you unplug an encrypted drive. You just forcefully dismount the volume if it's still mounted.

Zac67
  • 10,320
  • 2
  • 12
  • 32
0

The information on the disk is encrypted, and will be decrypted if the OS have the proper keys. Without the keys, there will be only an opaque blob of encrypted data.

Removing the disk from the computer and mounting it on the next will not decrypt anything.

ThoriumBR
  • 5,302
  • 2
  • 24
  • 34