SSD encryption ability vs OS encryption

[Foomate]

Sometimes when I want to buy an SSD I see that some has the "AES 256-bit hardware-based encryption". But OS like Ubuntu for example have an option to encrypt the data even for regular HDD, so I guess that you can encrypt even SSDs that don't have this AES encryption?

What would be the difference between the two?

Ty

 

[rhysiam]

I haven't played around this a lot so I can't speak to the specific implementation of the different types of "encryption", but here's the basics. Most OS encryption like Ubuntu and the basic NTFS encryption supported by Microsoft relies on software, which uses the CPU to encrypt the data. This works fine, but does incur some CPU load.

Since SSDs have complex controllers which determine where and how to store data on the physical medium, some models have included hardware based encryption capabilities, which can actually process encryption with basically no performance overhead, and no impact on CPU/system resources. In fact, I believe Samsung SSDs are actually all encrypted by default, it's just that they don't require any password/authentication process prior to accessing the data.

There's also an argument - though I don't claim to be an expert on this - that having the private keys and the entire cryptographic process take place within the drive's controller, rather than involving system CPU and memory, makes a smaller attack vector and is thus a more robust solution.

Some encryption packages which are usually software based can leverage the hardware encryption on SSDs. Windows Bitlocker, for example, can be set up to leverage hardware encryption on drives for what seems to be a fairly robust and manageable solution for security conscious Enterprises and the like.

As I say though, I haven't played around much with this stuff myself. But that's the theory.