| Rich Freeman on 8 Nov 2018 06:51:04 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Fwd: Self-Encrypting Solid-State Drive Vulnerabilities |
On Thu, Nov 8, 2018 at 9:37 AM K.S. Bhaskar <ksbhaskar@gmail.com> wrote: > > Aren't self-encrypting SSDs like putting a nice lock on your front door and hiding the key under the mat? > They require a key to unlock them. The idea is to offload the encryption computation from the main CPU. The problem is that they're not securing the session key in a secure manner. When you use software encryption with Bitlocker it basically works the same way, except the session key is stored in the TPM, and so far those have not had these kinds of problems as far as I'm aware. The security of TPMs is a subject of debate, but I think most large companies are trusting them for desktops. The concept for hard drives isn't terrible, but anytime you offload encryption to hardware you need to trust the hardware vendor to get it right. Heck, the same issue exists with software encryption (Meltdown, anyone?). If you can spare the CPU then software encryption is probably going to be a bit more reliable and certainly easier to fix if a problem is found. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug