It is currently Mon Sep 22, 2014 3:33 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: SSD hardware encryption?
PostPosted: Fri Oct 19, 2012 4:56 am 
Offline

Joined: Sun Oct 06, 2002 1:20 pm
Posts: 341
Location: Vancouver
Apparently some Intel SSDs can encrypt data in hardware so that you don't have to use software like TrueCrypt. Does anyone know which SSDs and motherboards can support this feature?


Top
 Profile  
 
 Post subject: Re: SSD hardware encryption?
PostPosted: Fri Oct 19, 2012 5:14 am 
Offline
*Lifetime Patron*

Joined: Tue May 15, 2007 1:39 am
Posts: 1925
Location: Finland
Sounds like an enterprise feature. Micron markets theirs as "SED" versions, Self Encrypting Drives.

AFAICT no mobo support required, as it's all on the drive. Intel has some stuff going with CPUs under "vPro", but I'm not too familiar with that.

_________________
Case: FD Define Mini
Parts: P8Z77-M Pro µATX, i5-3570K @stock, N650Ti-1GD5/OC, G.Skill 2x4/1600/CL9 DDR3U, Xonar DX, WD G 1 TB, m4 128 GB, RX-5300 PSU
Cooling: Noctua NH-U12P SE2 + Scythe SS PWM, 2x Noctua NF-P12
Extras: Eaton UPS, Dell 24" EIPS, Ducky kb, SteelSeries m, Synology DS213j NAS
idle & load: CPU 32 °C & 44 °C @ 300/600 & 600/800 RPM, GPU 35-65 °C @ 1200-1650 RPM


Top
 Profile  
 
 Post subject: Re: SSD hardware encryption?
PostPosted: Fri Oct 19, 2012 5:24 am 
Offline

Joined: Sun Oct 06, 2002 1:20 pm
Posts: 341
Location: Vancouver
According the following video, Intel's drives requires you to set two passwords in the BIOS, a master password and a drive password: http://www.youtube.com/watch?v=DV5zuDF6MIw#t=2m42s

The video isn't very clear on which models support this feature though.


Top
 Profile  
 
 Post subject: Re: SSD hardware encryption?
PostPosted: Fri Oct 19, 2012 5:31 am 
Offline

Joined: Sun Jan 31, 2010 6:43 pm
Posts: 132
Location: US
I'll update this post when I find the proper links, but the Intel 320 (older), 330, and 520 series consumer SSDs support AES128 encryption on the NAND. This means that the controller encrypts the data actually being written onto the NAND, so if somebody theoretically pulled one of the NAND chips off the drive, they would just see gibberish.

In normal usage, the controller automatically uses the decryption key to pass the data along to the computer transparently; However, if you set a hard drive password in the BIOS, it will hide the decryption key until the drive is unlocked, in effect making the drive unreadable without the hard drive password. The only annoying thing about this is you have to input the password at every bootup.


Top
 Profile  
 
 Post subject: Re: SSD hardware encryption?
PostPosted: Fri Oct 19, 2012 10:02 am 
Offline

Joined: Sun Oct 06, 2002 1:20 pm
Posts: 341
Location: Vancouver
Thanks -- how do we determine if a motherboard supports this password system, is there a name for this specification?

Also, is this the same thing as "self encrypting drives"?


Top
 Profile  
 
 Post subject: Re: SSD hardware encryption?
PostPosted: Fri Oct 19, 2012 11:45 am 
Offline

Joined: Sun Jan 31, 2010 6:43 pm
Posts: 132
Location: US
Here is a good place to look regarding the Intel implementation.

Usually, the feature in a motherboard BIOS is called "hard disk password" or something similar. A more official name for it is "ATA password" support. Since it's an optional feature, many motherboards forgo support, or are otherwise flaky in their implementation. Yes, this is very similar to "self encrypting drives".


Top
 Profile  
 
 Post subject: Re: SSD hardware encryption?
PostPosted: Sat Oct 20, 2012 7:23 am 
Offline
*Lifetime Patron*

Joined: Thu Feb 13, 2003 6:53 am
Posts: 1523
Location: Sweden
I trust Truecrypt because it's open. I doubt Intels own solution is.

_________________
Main: ASRock B85M-ITX | i3-4330 | 16GB DDR3 | Intel 730 240GB | HDPLEX H1-S | picoPSU | No moving parts | Idle 13.9W
HTPC: ASRock H81M-ITX | Pentium G3420 | 4GB DDR3 | Intel 520 120GB | HDPLEX H1-S | picoPSU | No moving parts | Idle 11.2W
Gaming: Intel DH77EB | i5-3570K | GTX 750 Ti | 16GB DDR3 | Intel 520 120GB | TJ08-E | G-360 360W
Server: Intel DH77DF | i3-2100T | 4TB+3x3TB | picoPSU | Idle 24W AC


Top
 Profile  
 
 Post subject: Re: SSD hardware encryption?
PostPosted: Sun Oct 21, 2012 6:15 pm 
Offline

Joined: Sun Jan 31, 2010 6:43 pm
Posts: 132
Location: US
Well TrueCrypt and similar (eg. Bitlocker) operate at the file system level. I use Bitlocker on my laptop since it has a TPM module and allows for single sign-on (I don't have to put a password to boot the computer and another to login to my computer), but each have their advantages and disadvantages.

One reason why someone might not want to use a file system level encryption suite with the Intel 330/520 series is because they use the Sandforce SF-2200 series controller. Because Sandforce controllers owe a lot of their performance advantages to performing realtime data compression, dealing with encrypted data (which is very nearly incompressible) will cause quite a large performance loss. Anandtech's bench results help illuminate the difference you will see when enabling TrueCrypt or Bitlocker.

Lastly, performance wise, the encryption provided by Intel SSDs is completely free. If you have to rely on your CPU to encrypt data at the file system level, you may see higher CPU usage and lower read/write rates. Then again, if you have a relatively recent CPU that supports AES-NI, this point is moot.


Top
 Profile  
 
 Post subject: Re: SSD hardware encryption?
PostPosted: Mon Oct 22, 2012 1:57 am 
Offline

Joined: Wed Aug 13, 2008 11:45 am
Posts: 523
Location: 128.0.0.1
Vicotnik wrote:
I trust Truecrypt because it's open.


Seconded. Open Source, very popular and more than 10 years old. This means that almost everybody who's been interested in encryption will have taken a look at it, trying to expose weaknesses. There are no backdoors, as sometimes found in proprietory software. It is most likely the most secure solution on the planet.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group