Trying to set up Crucial M500 encryption

Discussion in 'SSDs & Data Storage' started by Muugokszhiion, Feb 13, 2014.

  1. Muugokszhiion

    Muugokszhiion n00b

    Messages:
    33
    Joined:
    Jul 22, 2005
    Problem
    Recently I installed the solid-state Crucial M500 drive for my computer and reinstalled Windows 7. It is SO FAST and I love it! However, I cannot figure out how to get the encryption working.

    Goal
    Want to set up full disk encryption using this self-encrypting drive; want to require password on system startup; encryption must be as secure as possible!

    System
    Build: Samsung Q430 laptop
    OS: Windows 7 Home Premium 64-bit
    BIOS: Phoenix Securecore NB Version 04KF.M013.20100623.KSJ
    SMBIOS Version: 2.6
    Processor: Intel Core i5 CPU M450 @ 2.40 GHz (4 CPUs), ~2.4GHz
    Memory: 8 GB RAM
    GPU: NVIDIA GeForce 310 M 4 GB memory
    Hard drive: Crucial M500 480GB SATA 2.5-Inch 7mm (with 9.5mm adapter) Internal Solid State Drive CT480M500SSD1

    Considerations
    The SED requires some kind of third-party software to manage keys and properly encrypt the data. I'm not a computer expert, so from what I Googled, it seems that only Wave Encryption, WinMagic-SecureDoc, and Bitlocker for Windows 8 are compatible with Crucial M500, but those first two are expensive enterprise software.

    Thus my first approach would just be to upgrade to Windows 8 and use the built-in Bitlocker--is that any guarantee that this would work? How can I be sure that my system will be fully compatible and support what I'm trying to do? I just want to get the Crucial M500 encryption to work and protect my data.

    I read somewhere that the computer has to be UEFI-compatible and/or support Secure Boot in order to manage the SED feature. Is this correct? How do I know if my computer has this? Can anyone suggest instructions or help explain how to set up encryption for my SSD?

    I've looked everywhere and can't find clear, concise information about configuring the Crucial M500 encryption. I'd greatly appreciate any assistance! Thanks in advance! :)
     
  2. Old Hippie

    Old Hippie [H]ardness Supreme

    Messages:
    6,013
    Joined:
    Oct 31, 2005
    Are you one of those guys that insist on running a secure erase 10 times before submitting an RMA?

    Unless you have govt/industrial secrets on there, encryption is just over the top and can severely limit your chances of data recovery if there comes a time when it's needed.

    If you're serious about encryption you'll have to upgrade to W8 Pro or Enterprise and purchase BitLocker to keep your porn safe. :D
     
  3. drescherjm

    drescherjm [H]ardForum Junkie

    Messages:
    14,475
    Joined:
    Nov 19, 2008
    For a deskop I would normally say don't bother however a laptop can get lost or stolen. I remember the time last year where I thought I left my 6+ year old laptop in my car in work parking lot (which happens to be a university) anyways I was very scared when I got home that I could not find the laptop at my house or the car. Not worried about the laptop at all since its probably worth $50 but my concern was any password that is stored in the browser, cache... I have hundreds of accounts way more than I could remember to change. After I could not find it I spent 30 minutes or so changing my lastpass password and also all the passwords that I could remember that I do not put in lasspass (like banks ...). Very furstrating. Although it turns out I left the laptop at my brotherinlaw's house..
     
    Last edited: Feb 14, 2014
  4. Old Hippie

    Old Hippie [H]ardness Supreme

    Messages:
    6,013
    Joined:
    Oct 31, 2005
    While I totally agree with ya (I also have hundreds of passwords) I have configured W7 to not save any.

    I believe an easier solution would be to use RoboForm portable with a nice long pass that includes small/capitol letters along with numbers.

    But,to each their own. :)
     
  5. drescherjm

    drescherjm [H]ardForum Junkie

    Messages:
    14,475
    Joined:
    Nov 19, 2008
    lasspass works similar however I know I was logged in to lasspass when I put the laptop to sleep. I guess I should turn off the always stay logged in. Although with my arthritic fingers I hate typing long passwords that I get wrong a few times before typing correctly. Although with win8 I guess I can have it reveal the password while typing so I can spot my mistake before submitting. On top of that I do not trust lasspass for my financial passwords. I mean their servers have been hacked at least 1 time since I started using that so these passwords are not in the database but some could be in the browser save password. I guess I have to think differently from using a desktop and a laptop.
     
  6. Muugokszhiion

    Muugokszhiion n00b

    Messages:
    33
    Joined:
    Jul 22, 2005
    I do have such information on my laptop, and I don't need your opinion on my level of security or what I'm protecting. The original question stands: is there a simple way for me to do what I have listed in the "Goal" section of the original post?

    Have you tried this personally or are you just guessing? Can you help me know if my system hardware/software would be compatible with this effort?

    Please, let's keep this on-topic. I'm asking for your help here, everyone.
     
  7. Romale23

    Romale23 Gawd

    Messages:
    866
    Joined:
    Dec 12, 2006
    Bitlocker is pretty bad, it doesn't actually meet government encryption standards they just used it because at the time it was the only choice. Microsoft has a recovery tool that lets you recover a bitlockered drive you lost the password to. I mean, for most people that's probably fine but if your actually trying to like encrypt to the point where if your not the NSA your not going to get it, there are better choices like truecrypt
     
  8. Old Hippie

    Old Hippie [H]ardness Supreme

    Messages:
    6,013
    Joined:
    Oct 31, 2005
    Pretty simple answer.

    Read about it on the MS website or Google bitlocker+windows+8.

    I'm sorry but there's way too many that have no real legitimate need for any encryption other than over-paranoia.

    While you didn't disclose the actual reasons for your need, unless it's your personal sensitive info I would think that a company/govt. agency would provide the help/program to insure security.

    Sorry if I offended you but you are the first poster I've ever read having a legit need and asking about it on a public forum and I've been around many forums for quite awhile.

    I just call 'um like I see 'um. :D
     
  9. Muugokszhiion

    Muugokszhiion n00b

    Messages:
    33
    Joined:
    Jul 22, 2005
    Wow that is shady! Thanks for that info. I'll avoid Bitlocker.

    I agree, TrueCrypt is excellent. But I am trying to find software for my Crucial M500 Self-Encrypting Hard Drive. Sure, I could set up pre-boot authorization with TrueCrypt, but I want to use the hardware encryption that this SSD provides. Can anyone recommend software other than Bitlocker that I can use to get the hardware-based encryption set up?

    No worries, I'm asking publicly because I don't have anything illegal on my computer or crazy government secrets or anything lol, just lots of personal info (credit card, taxes, addresses, passwords) and work documents (healthcare and patient-related so privacy is extremely important). Our IT department isn't great, so I just wanted to take matters into my own hands, use this cool HDD I have, and learn something along the way.
     
  10. evilsofa

    evilsofa [H]ardForum Junkie

    Messages:
    10,078
    Joined:
    Jan 1, 2007
  11. Old Hippie

    Old Hippie [H]ardness Supreme

    Messages:
    6,013
    Joined:
    Oct 31, 2005
    These are the type of things that can be put on an encrypted USB stick with along with other programs.

    Doesn't seem to me you need the whole drive encrypted and like I said before, it can lead to major problems......especially if you don't have backups.

    I've commented enough on your learning experience with the cool new drive but will leave you to ponder about the learning experience if or when the encrypted drive fails.

    That would be a doozie. :D
     
    Last edited: Feb 15, 2014
  12. dave99

    dave99 2[H]4U

    Messages:
    2,129
    Joined:
    Jan 20, 2011
    Do you have links for this claim? Bitlocker is FIPS approved, as long as you change a policy setting before you start. The only crack I'm aware of is the cold boot method, which is going to effect others besides bitlocker, like truecrypt (and what microsofts own cofee toolkit for police uses). That's why you don't leave a bitlocked laptop running when you aren't around, you shutdown and power off.

    All things said, if someone really needed to hide something, the truecrypt hidden volume method would be better.
     
  13. eightoclock

    eightoclock n00b

    Messages:
    8
    Joined:
    Jul 17, 2009
    bitlocker is only 128bit aes encryption. NSA wants at least 192 minimum for top secret.:D
     
  14. lordsegan

    lordsegan Gawd

    Messages:
    624
    Joined:
    Jun 16, 2004
  15. Muugokszhiion

    Muugokszhiion n00b

    Messages:
    33
    Joined:
    Jul 22, 2005
  16. DejaWiz

    DejaWiz Oracle of Unfortunate Truths

    Messages:
    19,056
    Joined:
    Apr 15, 2005
    Have you thought about purchasing a Windows 7 upgrade from Microsoft through the web so you can get BitLocker? I think Enterprise and Ultimate include it.
     
  17. Ins0mnyteq

    Ins0mnyteq Gawd

    Messages:
    992
    Joined:
    Nov 11, 2013
    We use bitlocker for SED machines and trucrypt for the users who wont pay to upgrade to Win7 ultimate or Win8 pro. I work in the healthcare field and these options are good for what you Have and complies with Hippa standards. its not the best but the other software's are expensive and unnecessary in the health care environment, 99% of the time.

    I agree that FDE can cause problems down the road, and unless you frequently risk loosing your laptop having encrypted hidden containers in the OS is the better way to go, IMO of course.
     
  18. lordsegan

    lordsegan Gawd

    Messages:
    624
    Joined:
    Jun 16, 2004
  19. dave99

    dave99 2[H]4U

    Messages:
    2,129
    Joined:
    Jan 20, 2011
  20. dave99

    dave99 2[H]4U

    Messages:
    2,129
    Joined:
    Jan 20, 2011
    I only use bitlocker on my small travel laptop (with usb auth key that is carried with me), not on my main work laptop that's either with me or at home. truecrypt doesn't work for me, as I use dropbox & boxcryptor to keep things like vpn & ssh keys and rdp manager in sync between the machines. It's pretty slick.

    Next work laptop ideally will work with the bitlocker / edrive / self encrypted drives thing so there is no performance penalty.
     
  21. Muugokszhiion

    Muugokszhiion n00b

    Messages:
    33
    Joined:
    Jul 22, 2005
    Thank you all for your help thus far answering my questions :)

    Great, I'll look into that. Do you know anything about annual fees, or if that's just a one-time purchase? Since it seems kind of corporate I don't know what to expect in terms of annual "tech support" fees or whatever.

    Well that is a good endorsement, since it's directly relevant to my field. Is Bitlocker 100% free with Windows 8, i.e. no hidden fees or subscriptions? Is it very secure when used properly? I've heard very passionate conflicting information about Bitlocker's integrity and security strength... e.g. some people think it's "easy to break" and even may have "backdoors" but I don't know if that's paranoia or what. Any thoughts from experienced users on this?

    The problem with hidden contains is that they can cause data leaks. For example, your data or at least file names can be cached in the Microsoft Outlook/Word temp files or elsewhere in the OS; whereas if you're using FDE, that's already protected. Part of my reason for using FDE is to make data leaks a non-issue.

    Thanks again for all the help. If I'm good at backing up my data consistently and producing Rescue Disks, is this a concern? I use Comodo, which has worked for me in the past, but haven't tried it on a SED like this yet. Is there a difference? I wouldn't ever need to use forensics or anything to recover data from my drive since it's all backed up. In fact, that type of recovery is precisely what I'm trying to prevent.
     
  22. dave99

    dave99 2[H]4U

    Messages:
    2,129
    Joined:
    Jan 20, 2011
    bitlocker is free on Win 7/8 pro and up, no recurring fee. It appears to be basically as secure as other products, assuming you follow the best practices. If you are wanting to hide legit but confidential files, it's good enough to cover your liability if someone steals your laptop. Common thieves aren't going to bother cracking encryption, they'll just try to wipe it and resell it. If it's illegal data, then criminals will simply beat you until you give up the password, or the feds will just lean on you and make your life hell until you give up the password.
     
  23. eightoclock

    eightoclock n00b

    Messages:
    8
    Joined:
    Jul 17, 2009
  24. Ins0mnyteq

    Ins0mnyteq Gawd

    Messages:
    992
    Joined:
    Nov 11, 2013
    sounds pretty slick for sure.
     
  25. lordsegan

    lordsegan Gawd

    Messages:
    624
    Joined:
    Jun 16, 2004
    The link I posted is a one time payment.
     
  26. Ins0mnyteq

    Ins0mnyteq Gawd

    Messages:
    992
    Joined:
    Nov 11, 2013
    BItlocker is free with no recurring fees. I concur with Dave99, that its as secure as any other Free encryption. ive not had any issues. And as long as you are diligent in backups and safely storing your encryption keys & Rescue disks you should be ok, with FDE, im just a worrier =) as for using Comodo ive never used it. I use Symantec SSR even on workstations, imo its the best solution, but its very expensive in an end user environment, as long as comodo is producing system images then it should be ok. I doubt that it being an SSD or SED would affect it, but i would do a little research on it to be sure.
     
  27. Muugokszhiion

    Muugokszhiion n00b

    Messages:
    33
    Joined:
    Jul 22, 2005
    Thank you all for the responses. I think I will go with Bitlocker on Windows 8.1 for my SSD machines and TrueCrypt on my HDD machines.
     
  28. /dev/null

    /dev/null [H]ardForum Junkie

    Messages:
    14,201
    Joined:
    Mar 31, 2001
    shouldn't the self-encryption stuff be done via the bios in your laptop? This is an option on pretty much all the business lenovos & I'd imagine latitudes as well.