[SOLVED] 2TB SSD choice

[saabir2007]

Looking at the Kingston UV500 and Crucial MX500. Which would you guys go for??

 

[USAFRet]

Looking at the Kingston UV500 and Crucial MX500. Which would you guys go for??

The Crucial.

What will this be used for?

 

[saabir2007]

The Crucial.

What will this be used for?

Secondary drive for media/games. I'm mainly looking for long-term reliabity but I also plan on encrypting it and the UV500 comes with some special thing for that. If I don't understand how it works (couldn't find anything online about it), I'm going to use VeraCrypt for encryption instead.

Also the UV500 costs £170 and the MX500 will be £180.

 

[USAFRet]

Secondary drive for media/games. I'm mainly looking for long-term reliabity but I also plan on encrypting it and the UV500 comes with some special thing for that. If I don't understand how it works (couldn't find anything online about it), I'm going to use VeraCrypt for encryption instead.

Also the UV500 costs £170 and the MX500 will be £180.

Still the Crucial.
Since you'll be using Vera, ignore the Kingston encryption.

 

[fzabkar]

When hardware encryption is properly implemented, each encrypted drive ships with a unique key. Each sector is transparently encrypted and decrypted with this key during write and read operations. The key is stored in a hidden sector within a System Area reserved for the firmware. If this key is lost or intentionally deleted, the data become gibberish. This means that an encrypted drive can be securely erased in a split second simply by throwing away all copies of the original key and then generating a new key. This is how cryptoerase works and is particularly advantageous for SSDs. The alternative for ordinary HDDs and SSDs is to zero-fill every sector. In the case of SSDs, this would consume another P/E cycle, thus increasing wear and tear.

To protect one's data on an ordinary HDD or SSD requires setting a password which then needs to be stored somewhere on the drive. If this password is defeated, the non-encrypted data are immediately accessible. An encrypted HDD or SSD, OTOH, uses the password to encrypt the key, and this encrypted key then replaces the original key. Ideally the original key should be discarded. This means that the user must supply the correct password in order for the drive to be able to regenerate the original key from the encrypted one.

Therefore the advantages of a Self Encrypting Drive (SED) are :

1/ Instant cryptoerase by deleting the key
2/ The key is encrypted by the password
3/ Neither the password nor the original key are retained by the drive
4/ The correct password is required to decrypt the key

 

[TJ Hooker]

Kinda curious why a media/game storage drive would need to be encrypted.

 

[saabir2007]

Kinda curious why a media/game storage drive would need to be encrypted.

Let's just say my media has all kinds of personal things that I don't want anyone but maybe one other person to see...

 

[saabir2007]

When hardware encryption is properly implemented, each encrypted drive ships with a unique key. Each sector is transparently encrypted and decrypted with this key during write and read operations. The key is stored in a hidden sector within a System Area reserved for the firmware. If this key is lost or intentionally deleted, the data become gibberish. This means that an encrypted drive can be securely erased in a split second simply by throwing away all copies of the original key and then generating a new key. This is how cryptoerase works and is particularly advantageous for SSDs. The alternative for ordinary HDDs and SSDs is to zero-fill every sector. In the case of SSDs, this would consume another P/E cycle, thus increasing wear and tear.

To protect one's data on an ordinary HDD or SSD requires setting a password which then needs to be stored somewhere on the drive. If this password is defeated, the non-encrypted data are immediately accessible. An encrypted HDD or SSD, OTOH, uses the password to encrypt the key, and this encrypted key then replaces the original key. Ideally the original key should be discarded. This means that the user must supply the correct password in order for the drive to be able to regenerate the original key from the encrypted one.

Therefore the advantages of a Self Encrypting Drive (SED) are :

1/ Instant cryptoerase by deleting the key
2/ The key is encrypted by the password
3/ Neither the password nor the original key are retained by the drive
4/ The correct password is required to decrypt the key

I've never intentionally encrypted anything on my PC before; is it difficult to do or are there a few stages to the setup that a novice could do?
Also, I saw that its' TCG Opal 2.0 needs compatability. I have a Z170 PRO GAMING motherboard so would I be able to use it in my system? Would you recommend this over VeraCrypt, in terms of security?
I only plan on leaving/encrypting 300GB for the media, rest will be for games so there shouldn't be much wear and tear, I hope...

 

[fzabkar]

It's all a matter of trust, IMHO. I would never trust the storage manufacturers to get it right, nor would I trust the government of any country. For example, here in Australia the stupid politicians have enacted some draconian legislation in respect of encryption that renders it unfit for purpose.

Stick with Veracrypt. It's open source and can therefore be scrutinised for weaknesses.

Also, don't bother with WD's encrypted products. They are/were full of holes.

On the (in)security of a Self-Encrypting Drive series :
http://www.hddoracle.com/viewtopic.php?f=7&t=1404