Question Which of these SSD hard drives have Hardware Encryption or are Self Encrypting?

[very_452001]

PNY XLR8 CS3030 M.2 NVMe:
https://smile.amazon.co.uk/gp/product/B07MW3NQKW/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

or

Samsung 850 EVO:
https://smile.amazon.co.uk/gp/product/B00P73B1E4/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1


Lastly this is not a hard drive but a small USB Flash Drive that is the Kingston DTIG4/16GB Data Traveler G4:
https://smile.amazon.co.uk/gp/product/B00G9WHMCW/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

Finally if the PNY ssd hard drive above does support hardware encryption and if I enable it then will my Windows 10 work fine like before or do I have to reinstall windows?

 

[fzabkar]

Encryption is enabled by default. It is transparent to the OS, so you don't need to change anything.

https://gzhls.at/blob/ldb/1/4/2/b/b08e8549b1c7304215010c8011d46f8a98dd.pdf

Regardless of which form factor it is, the 850 EVO Series provides the same data encryption feature as the 840 EVO Series does. The Self-Encrypting Drive (SED) security technology will help keep your data safe at all times. The device is equipped with an AES 256- bit hardware-based encryption engine to ensure that your personal files remain secure. A hardware-based encryption engine secures your data without performance degradation that you may experience with a software based encryption. Furthermore, the 850 EVO M.2 is compliant with advanced security management solutions (TCG Opal and IEEE 1667). Magician will guide you on ”How to use security features”. Moreover, you can erase or initialize the data with the crypto erase service with PSID.

https://www.pny.com/file library/company/support/product brochures/solid state drives/xlr8-ssd-cs3030-sell-sheet.pdf

Encryption -- AES256

 

[very_452001]

Encryption is enabled by default. It is transparent to the OS, so you don't need to change anything.

https://gzhls.at/blob/ldb/1/4/2/b/b08e8549b1c7304215010c8011d46f8a98dd.pdf



https://www.pny.com/file library/company/support/product brochures/solid state drives/xlr8-ssd-cs3030-sell-sheet.pdf

Okay do you mean encryption is enabled by default on both of those drives?

If it is enabled by default then why is it that with the Samsung 2.5" SSD drive I can take it to any other computer/laptop and yet still read and access the data on it without a password prompt or something?

How do I verify & check that the PNY SSD M.2 drive has encryption enabled? If it is enabled by default then I don't require require Windows Bitlocker correct? So if this drive has enabled it by default then that means if I take this drive out of the system and connect it to any other computer/laptop then I should not be able to access/read the data on it correct? Lastly if this drive has enabled hardware decryption by default then will just a windows password be sufficient to protect my data?

 

[fzabkar]

Every sector is encrypted by the drive when it is written. This happens transparently, without any action on the user's part. When the same sector is read, it is automatically decrypted by the drive, without the user being aware of it. Therefore, as far as the user is concerned, the data are not visibly encrypted, and the drive can be transported between computers. So one would still need to use Bitlocker for such drives.

The reason it is done this way is that a complete erasure of the drive can be achieved by simply throwing away all copies of the encryption key and generating a new key. This instantly renders all the data inaccessible. The alternative would involve writing zeros to every sector on the drive. That would consume one P/E cycle.

http://www.hddoracle.com/viewtopic.php?f=3&t=1974&p=12048#p12048

 

[very_452001]

Every sector is encrypted by the drive when it is written. This happens transparently, without any action on the user's part. When the same sector is read, it is automatically decrypted by the drive, without the user being aware of it. Therefore, as far as the user is concerned, the data are not visibly encrypted, and the drive can be transported between computers. So one would still need to use Bitlocker for such drives.

The reason it is done this way is that a complete erasure of the drive can be achieved by simply throwing away all copies of the encryption key and generating a new key. This instantly renders all the data inaccessible. The alternative would involve writing zeros to every sector on the drive. That would consume one P/E cycle.

http://www.hddoracle.com/viewtopic.php?f=3&t=1974&p=12048#p12048

Okay so the hardware encryption built into the drive itself is useless and still requires dependence on software encryption like Bitlocker you mean?

I though hardware encryption is independent and doesn't require software encryption that can cause performance slow down (overheads)?

So you saying I still require software encryption to get the hardware encryption chip in the drive to work?

Bitlocker is windows software encryption. Will using the manufacturer own software encryption like using Samsung's software for the samsung ssd drive will be better than Bitlocker?

 

[fzabkar]

Hardware encryption is done on the fly. There is no performance degradation. Hardware encryption does not require any external action -- your OS is not aware of its existence. The advantage of hardware encryption is that when you set a password on the drive, the drive encrypts the security key rather than the data. The original key is then discarded. This means that an attacker who can access the sectors at the firmware level will see encrypted gibberish in the data sectors. Also, if the attacker can access the encrypted security key, he will once again see gibberish.

The bottom line is that, at the software level, the drive does not appear to be encrypted. In other words, just forget about hardware encryption and continue to use the drive as if it were a regular, non-encrypted drive.

 

[very_452001]

Hardware encryption is done on the fly. There is no performance degradation. Hardware encryption does not require any external action -- your OS is not aware of its existence. The advantage of hardware encryption is that when you set a password on the drive, the drive encrypts the security key rather than the data. The original key is then discarded. This means that an attacker who can access the sectors at the firmware level will see encrypted gibberish in the data sectors. Also, if the attacker can access the encrypted security key, he will once again see gibberish.

The bottom line is that, at the software level, the drive does not appear to be encrypted. In other words, just forget about hardware encryption and continue to use the drive as if it were a regular, non-encrypted drive.

Will there be compatibility issues when using software encryption with hardware encrypted drives?

Lastly can encryption, whether its hardware or software encryption, be updated or patched for example software update for Bitlocker program or firmware update for encryption chip inside drive to patch up vulnerabilities like windows update for example to keep up to date to make computer more secure? If it can be updated then does that imply that past encryption is outdated and is vulnerable?

Finally I wouldn't mind using software encryption but wont that cause performance degrade? I like to take full advantage of the hardware encryption built in drive, how do you set password (encrypt security key) on the drive?

What's the point of Hardware encryption built in drives when you say the OS don't recognise it or the OS don't have drivers for it to enable it 😕?

 

[fzabkar]

I'm sorry, I don't know how to explain it any differently.