Encryption by the Disk Utility - is it software or hardware encryption?

It would be FDE, full disk encryption. With that said, it would be software, as the only way to get hardware encryption of a HDD is for the manufacturer to have an encryption chip on the drive itself, that is enabled in the BIOS, which is why these drives are mostly used in PC's and not Mac's.

Disk Utility does FDE well. AFAIK it uses 256bit AES encryption. As long as you use a secure password, your data is as safe as you can ask for.

With that said, make sure you never forget the password, or have it stored somewhere safe, as the encryption will keep you out of the disk if you do, as easily as it will keep others out. 😉

Hope this helps.

When you encrypt a HDD drive with the Disk Utility on a Mac, the entire drive is set up as an encrypted HFS+ CoreStorage volume. macOS automatically detects these when you plug it in. The OS detects the encrypted drive, and a popup appears on the screen to provide the password to unlock the drive. Once you input your password, the drive unlocks, and you can red/write data to the drive as normal. Once you eject & unplug the drive, it is again locked with everything on the drive encrypted. Your password is what initially encrypts the drive and what unlocks/decrypts it so you can use it. Without the password you used to encrypt the drive, it is just useless gibberish to anyone else.

I would probably recommend reading up on FDE Encryption so you fully understand how it works, but that is it in a nutshell.

Disk Utility when used to encrypt and external non boot drive is using the exact same (software) encryption as Apple use on the boot drive - that is the same as used by FileVault2, this is also what an encrypted TimeMachine backup uses. Whilst there are some differences between HFS+ and APFS encrypted volumes it basically boils down to XTS-AES-128bit encryption. I believe in most cases the processing of AES encryption and decryption both to do the initial conversion and any subsequent access is 'accelerated' by offloading this processing to hardware chips in modern Macs just like video codec processing for H.264 video is.

Note: Most other companies software encryption uses AES 256bit. Arguably this makes Apple's implementation a bit weaker but also less of a burden. Apple's version is still FIPS 140-2 certified.

Hardware encryption as provided by a dedicated hardware encrypted drive would normally use pretty much the same encryption as these software solutions use. The advantages of it being hardware is that as you surmised it offloads this task from the computer, it also means it is a platform independent implementation meaning that theoretically you could have an external hardware encrypted drive, format it as say ExFAT or FAT32 and use it on both Mac and Windows. By contrast Apple's software encryption is Mac only and Microsoft's BitLocker is Windows only. A possible disadvantage of hardware encrypted external drives is that they are likely not to be useable as a Mac boot drive.

Note: There used to be TrueCrypt a free open-source software encryption tool that could be used to encrypt external drives (it never supported booting on a Mac) but this is long discontinued. There is PGP Disk a commercial solution but this does not support booting - it is not to be confused with Symantec aka PGP WDE which is a different product.

In reality the performance hit of software encryption is unnoticeable - probably less than 5%. Even a hardware encrypted device has an overhead so that does not mean it is that much faster than a software encrypted drive.