Encryption on Samsung 840 EV0 SSD

[texas_user]

I want to enable hardware encryption on my Samsung 840 EVO SSD, which I installled in my Dell Inspiron 15R laptop running Windows 10 Home (so no BitLocker) some months ago. I think I may have done so, but I'm confused about the terminology.

According to the SDD documentation, "Class 0 data security" (their name, apparently, for AES encryption) can be enabled by setting a "BIOS password." I have not set an Admin password or a System password.

I set the "HDD password" in the system setup menu, and now Samsung's Magician program shows "Class 0" data security as "enabled." So far, so good.

From what I've read in other threads here, this should mean that my drive is now encrypted, and that the level of security should be more than adequate to keep my data secure from any potential hard drive thief, etc., (even if not necessarily from the NSA, which I don't care about).

But I'm confused about something. I simply enabled the HDD password. There was no obvious, lengthy process of encryption of all the existing files on my disk. It seems like that would be necessary even for hardware-based encryption. So here are my questions:

1. Do you think I have in fact encrypted my disk, or not?

2. Is there practical way I can confirm this?

3. And what about the 256-bit encryption key I read about? I didn't do anything to choose one, unless it's somehow related to the HDD password. Is it generated at random? Is it something that should be invisible to me?

Thanks. Sorry if this isn't clear. I'm pretty confused.

 

[drtweak]

I did a BUNCH of research on this a while back.

1) Yes your disk is encrypted

2) When yous start up your PC (From being powered off) does it ask for a password? If you were to toss that SSD in another PC and when to disk manager it should show as unallocated and you wouldn't be able to do squat with the drive (Delete, make partitions etc)

3) The 256 bit encryption is automatic.



Info on the 840 Encryption and the method of encryption you use.

1) Eve since the 830 i think they come with on board encryption or in other words it is a SED (Self encrypting drive). That data is ALWAYS encrypted. Period. 24/7, front to back, begining to end all the time.

But why can I access my data on any PC then you say?

Think of it as a safe. You put stuff in a safe (your data) but if you never LOCK it, aka the password, anyone can get into it at anytime. Once you put a password work on it you are now setting the lock for it.

2) It is called level 0 for a reason (If you know anything about being hippa compliant, which i do because i service people who need to be hippa compliant) you need level 2. Level is 2 is when a software is encrypting the hard drive and makes it impossible to access any data.

But my drive is encrypted now so no one can access my data right?

WRONG!

level 0 is well level 0 for a reason. There is 0 protection on it. Why? Here is why.

I steal your laptop. You have a password set on the hard drive. Oh well looky here i have another PC that support this kind of hard drive password encryption (Not all do and most desktop's don't support it except for business class like the dell optiplex which is what i did all my testing on). I go into my BIOS. I set an Admin password on my BIOS. I turn off my PC, plug in your drive, turn it on, go into BIOS. But you are thinking WAIT! it ask for the hard drive password before you can even get into the BIOS! Errrr WRONG! I use MY admin password for your hard drive and I am in my BIOS. Now i go to the hard drive password, and change it using MY ADMIN PASSWORD AND THE CURRENT PASSWORD, and then either set no password or changed it. I reboot, I'm in, your files are mine.

Note though: This only works if they know to SET their OWN BIOS ADMIN password. if they do NOT have a BIOS admin password they can NOT get pass the hard drive password on boot and they CAN NOT change the encryption password.

IT IS THAT EASY.

Now because this kind of HDD password is only found in laptops and business class desktops most home built PC's won't be able to do jack shit because they don't support that kind of encyption and in that case they can even reuse your SSD for their own purpose because of the encryption (This goes for most encryption software i have used as well)


So now you are asking why even bother having encryption on the SSD?

Why? because it is an SED. There is a chip in the hard drive or SSD that does the encryption so when files are encrypted there is NO PERFOMANCE LOSS because that chip does all the encryption and NOT your CPU.

but still what is the point?

Most big time encryption programs support SED's. In other words you install their software to encrypt and manage passwords which unless they know the password they can't access it period, but rather than using the CPU to encrypt the drive, which if the drive is not a SED drive it could take hours to encrypt, where as the Software uses the SED and the second you install it, and set a password, there is no encrypting process to sit and wait because like i said earlier it is already encrypted. You just added the lock.



So hope this helps. I know i spent like 2-3 days working with a 850 Evo and a Seagate SSHD SED drive testing all this between two dell optiplex's.

 

[texas_user]

Thanks for the excellent and detailed explanation. I wish Windows personal editions included support for encryption.

In any case, this answer makes me feel somewhat better. If somebody steals my laptop, at least he or she would have to have substantial knowledge and make a substantial effort to get at the data. Probably a lot more than the average computer thief would bother with. That's something.

Thanks again.

 

[drtweak]

No Problem. Also if you have Ultimate and bitlocker, bitlock will take advanged of the 840/850 series since they are OPAL 2 compliant and it will use the SSD to encrypt and not your CPU.

But yea for basic encryption just to have it and keep dummies away it work wells.

There is one way people can remove the encryption, and re-use the SSD, but they won't be able to get any info off it if, but again they got to know what is going on in order to reuse the disk.

Also ANY HARD DRIVE that has a very long PSID that is 32 Characters on it is a Self Encrypting Drive. That is how you can tell. If a drive or SSD does NOT have a PSID on it it is not a SED drive.