[SOLVED] Drive Encryption advice needed

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
Hello,

PNY XLR8 CS3030 M.2 NVMe:
https://smile.amazon.co.uk/gp/product/B07MW3NQKW/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

or

Samsung 850 EVO:
https://smile.amazon.co.uk/gp/product/B00P73B1E4/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1


Lastly this is not a hard drive but a small USB Flash Drive that is the Kingston DTIG4/16GB Data Traveler G4:
https://smile.amazon.co.uk/gp/product/B00G9WHMCW/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

I believe these drives have built in hardware Hardware Encryption in its firmware level or hardware chip. Am I still required to use Software Encryption like Bitlocker on these drives at a cost of degraded drive performance?

If so then will there be compatibility issues between software encryption Bitlocker and the built in Hardware encryption chip/firmware in those drives?

If I just rely on the drives hardware encryption then how do I enable it so if a thief takes the drive out of my laptop or pc the thief will just see encrypted gibberish data when the thief tries to access my data on another computer?

What it is I don't want the drive performance to degrade when using software encryption like Bitlocker when these drives already have hardware encryption built in you know what I mean.
 
Solution
  • hardware encryption is transparent to OS and user use of the drive. Even if software encryption is also in the mix.
  • "Can encryption be updated?" If a vulnerability is found in Bitlocker/Veracrypt...then it would be updated. Just like the rest of the entire software world...software vulnerabilities are discovered every day. And patches issued.
  • Software encryption? Read the documentation on BitLocker and Veracrypt.

USAFRet

Titan
Moderator
What was unclear about the responses in your previous threads on drive encryption?



What else can we clarify?
 

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
What was unclear about the responses in your previous threads on drive encryption?



What else can we clarify?

Yes there was user in one of those threads who posted and apologised as he couldn't explain/clarify. Hence I started this thread to get clarification to the questions above if that is okay.
 

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
Seems to me that he was saying - "It has already been explained, and I don't know how to explain it further."

What specific concepts are still unclear?

Yes the following:

Will there be compatibility issues when using software encryption with hardware encrypted drives?

Lastly can encryption, whether its hardware or software encryption, be updated or patched for example software update for Bitlocker program or firmware update for encryption chip inside drive to patch up vulnerabilities like windows update for example to keep up to date to make computer more secure? If it can be updated then does that imply that past encryption is outdated and is vulnerable?

Finally I wouldn't mind using software encryption but wont that cause performance degrade? I like to take full advantage of the hardware encryption built in drive, how do you set password (encrypt security key) on the drive?

What's the point of Hardware encryption built in drives when you say the OS don't recognise it or the OS don't have drivers for it to enable it ?
 

USAFRet

Titan
Moderator
  • hardware encryption is transparent to OS and user use of the drive. Even if software encryption is also in the mix.
  • "Can encryption be updated?" If a vulnerability is found in Bitlocker/Veracrypt...then it would be updated. Just like the rest of the entire software world...software vulnerabilities are discovered every day. And patches issued.
  • Software encryption? Read the documentation on BitLocker and Veracrypt.
 
Solution

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
  • hardware encryption is transparent to OS and user use of the drive. Even if software encryption is also in the mix.
  • "Can encryption be updated?" If a vulnerability is found in Bitlocker/Veracrypt...then it would be updated. Just like the rest of the entire software world...software vulnerabilities are discovered every day. And patches issued.
  • Software encryption? Read the documentation on BitLocker and Veracrypt.

Okay thanks.

If I just stick with hardware encryption then will my data still be at risk of being read/accessed if thief takes drive out of my computer and connects it to another computer with no software Bitlocker encryption on the drive? Or am I still required to use software encryption Bitlocker to keep the data on my drive safe?

If im still required to use Bitlocker software then whats the point of built in hardware encryption? I understand hardware encryption is done on the fly to OS when im using the OS but what if the thief takes my drive out of my computer, will just a windows login password be enough for a hardware encrypted on the fly drive?

What it is I dont want my drives performance to take a hit when using software encryption.

If I use official software from the drive manufacturer for example downloaded Samsung Software for Samsung drives then is this similar to Bitlocker software encryption or will this official Samsung software take advantage of its hardware encryption built into the samsung drive?
 

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
Okay those links are saying VeraCrypt is better than BitLocker because its has open source code.

If I use veracrypt, will the drive performace decrease?

I just generally want protection from anything for my drives after seeing a documentary episode on tv Discovery channel on Social media, data.
 

USAFRet

Titan
Moderator
Okay those links are saying VeraCrypt is better than BitLocker because its has open source code.

If I use veracrypt, will the drive performace decrease?

I just generally want protection from anything for my drives after seeing a documentary episode on tv Discovery channel on Social media, data.
Actually, they are saying "Don't use BitLocker in conjunction with the hardware SED"

BitLocker on its own is fine.

The manufacturers hardware encryption is substandard and full of holes.
 

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
Actually, they are saying "Don't use BitLocker in conjunction with the hardware SED"

BitLocker on its own is fine.

The manufacturers hardware encryption is substandard and full of holes.

Okay how do I use BitLocker on its own?

So all this means that my drive performance will inevitably be hit by software encryption?

Which SSD drives or USB flash drives do you know of that has good hardware encryption?
 

USAFRet

Titan
Moderator
Okay how do I use BitLocker on its own?

So all this means that my drive performance will inevitably be hit by software encryption?

Which SSD drives or USB flash drives do you know of that has good hardware encryption?

----------------------------
For the BitLocker issue, you can change the default setting and instruct the program to use software-based encryption only. This is done by accessing the Local Group Policy Editor (enter “gpedit.msc” in the Run dialog. Navigate to “Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption. Double click on “Configure use of hardware-based encryption for fixed data drives – and select “Disabled”.
-----------------------------

"drive performance hit" is totally dependent on your hardware.
It might be major, it might be completely unnoticeable.

Which SSD drives or USB flash drives do you know of that has good hardware encryption?
No idea.
I'm not in a position where I have to consider having the drive encrypted.