Rich Freeman on 8 Nov 2018 06:51:04 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Fwd: Self-Encrypting Solid-State Drive Vulnerabilities


On Thu, Nov 8, 2018 at 9:37 AM K.S. Bhaskar <ksbhaskar@gmail.com> wrote:
>
> Aren't self-encrypting SSDs like putting a nice lock on your front door and hiding the key under the mat?
>

They require a key to unlock them.  The idea is to offload the
encryption computation from the main CPU.

The problem is that they're not securing the session key in a secure manner.

When you use software encryption with Bitlocker it basically works the
same way, except the session key is stored in the TPM, and so far
those have not had these kinds of problems as far as I'm aware.  The
security of TPMs is a subject of debate, but I think most large
companies are trusting them for desktops.

The concept for hard drives isn't terrible, but anytime you offload
encryption to hardware you need to trust the hardware vendor to get it
right.  Heck, the same issue exists with software encryption
(Meltdown, anyone?).  If you can spare the CPU then software
encryption is probably going to be a bit more reliable and certainly
easier to fix if a problem is found.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug