• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Hardware-Encrypted SSDs

S

shackrock

Limp Gawd
Joined
Oct 15, 2008
Messages
150
I can't seem to find any, anywhere... looking for one that fits in a 2.5" form factor (for my laptop). Any ideas?
 
http://www.rocstor.com/products/rocsafe.html you could try this?
wink.gif
erm not sure on laptops though. my bad if my link didn't help. just why the extra protection for? serious FBI/CIA/GOV files? haha
 
ha, I run a business and i'll have a lot of personal financial info on the laptop.
 
If you cannot find a suitable hardware based option, how about Bitlocker (built into Windows) or Truecrypt?

Truecrypt supports AES-NI, which is in some of the Core-iX processors. With AES-NI, Truecrypt can encrypt/decrypt at 1.6GB/s :eek:

That should be fast enough that you won't notice any major slowdown.

Bitlocker seems to support AES-NI as well
 
blackhawk777 said:
You should read this:

http://www.techrepublic.com/blog/security/the-security-limitations-of-solid-state-drives/5154
Click to expand...

That article has two key points: Encrypting data already on disk, and Secure data deletion. If the drive is a hardware encrypted drive then there is no risk of either scenario happening since the data is encrypted as soon as it's written. Secure deletion also isn't required since the full drive is encrypted before data is stored, so there's no usable data to begin with, though I guess that's debatable depending on your level of paranoia.
 
blackhawk777 said:
You should read this:

http://www.techrepublic.com/blog/security/the-security-limitations-of-solid-state-drives/5154
Click to expand...

Good article. HOWEVER, if I am starting out encrypted, and remain always encrypted - I see no problem with the SSD's - as the article states, it's tough to do a secure deletion or encrypt-in-place - but if we're always encrypted from the get go, I think it's not bad.

So, knowing this, in combination with truecrypt having ridiculous speeds with core-iX processors...maybe it's time for me to buy a new laptop (core i5 or i7), with an SSD in there....
 
obug said:
If you cannot find a suitable hardware based option, how about Bitlocker (built into Windows) or Truecrypt?

Truecrypt supports AES-NI, which is in some of the Core-iX processors. With AES-NI, Truecrypt can encrypt/decrypt at 1.6GB/s :eek:

That should be fast enough that you won't notice any major slowdown.

Bitlocker seems to support AES-NI as well
Click to expand...

One thing to consider with these is they write to every block on the partition empty or not so TRIM will not work. Also deletes will be slow unless you make the partition smaller than the size of the disk.
 
drescherjm said:
One thing to consider with these is they write to every block on the partition empty or not so TRIM will not work. Also deletes will be slow unless you make the partition smaller than the size of the disk.
Click to expand...

What are the effects of the OS (windows 7, i assume) not being able to use TRIM?
 
All writing to the SSD would be slow. And the drive would wear out sooner than normal.
 
If the drive has aggressive garbage collection then the lack of trim may not be that noticeable. Also I believe every SSD has spare space for garbage collection purposes, which would reduce the "wear out sooner than normal" effect. Personally speaking, I've been using a fully encrypted drive-sized partition on my new SSD and the writes are still plenty fast.
 
BTW, You can reduce the effect of both of these by making your partition smaller than the size of the SSD. Say 25% less and do not use that space for any other partition.
 
drescherjm said:
I believe worse than magnetic disk.
Click to expand...

What are you basing this on?

drescherjm said:
BTW, You can reduce the effect of both of these by making your partition smaller than the size of the SSD. Say 25% less and do not use that space for any other partition.
Click to expand...
This is good advice. Anywhere from 15% - 25% will effectively act as a replacement for TRIM for any drive with decent garbage collection.
 
While there are harddrives with hardware encryption, I would not consider them safe, as they only implement ECB or plain CBC encryption AFAIK. The controllers are likely not fast enough for the more modern XTS scheme. I would prefer Truecrypt any day. That way the SSD never even sees the unencrypted data.
 
sounds like TrueCrypt with a Core Ix processor is the way to go... with our without an SSD, but I'll probably do it with... ha.
 
the encryption features are available on the sandforce controller chips if i remember, but it was never implemented in the firmware so its not possible to use it. they had some problem with doing it correctly or something like that.
 
I use Truecrypt AES WDE on a Thinkpad X201 Tablet and Intel G2 80GB (i7 something...I forget...it has the AES-NI instructions). It's very fast. I have no noticed any slow-down in comparison with the same drive without encryption.

Kingston makes a SSD that has built in WDE.
 
Encryption on Sandforce 1xxx is useless, as the decryption key is stored on the damn drive.

Still waiting on a decent FIPS-certified hardware encrypted SSD (hello Intel, you there?)
 
Last edited:
Relativistic said:
Encryption on Sandforce 1xxx is useless, as the decryption key is stored on the damn drive.

Still waiting on a decent FIPS-certified hardware encrypted SSD (hello Intel, you there?)
Click to expand...

FIPS certification is nearly meaningless, it only certifies that an acceptable algorithm was used. It does not certify that there are no implementation flaws. Meaningful encryption certification would require 10s of man years of effort per product, and thus will likely never materialize.

Use Truecrypt or some other comparable open source full drive encryption package. Open source cryptographic systems are much less likely to contain implementation flaws, especially if they've been around a while, and are widely used. And when flaws are discovered in open source software crypto systems, you can get updates to fix them.

Also, shut the machine down when you leave it unattended. All software based full disk encryption software based solutions are vulnerable to having the encryption keys read from RAM if an attacker gains physical access while the machine is on or sleeping.
 
You must log in or register to reply here.
Back
Top