5

As a spin-off of my question on "Advice on buying an encrypted disk" -- and in an effort to address the question "how is hardware based disk encryption better?" -- I've started a new question.

My understanding is that hardware based disk encryption is more secure because the keys are embed in the system, require physical access to get, and very specialized knowledge to extract them. Beyond that, the hardware encryption doesn’t require system resources to perform the encryption/decryption process and therefore allows for better system performance and data access speeds. That said, this is based on my understanding from years ago, and very possible this has changed, or even more likely, that my understanding is not completely right.

Community
  • 1
blunders
  • 5,072
  • 4
  • 28
  • 45

1 Answers1

7

The implementation is at least as important as the algorithm. I was trying to figure out the same thing for the Hitachi Bulk Data Encryption and ATA Security Extensions... but I never got a satisfactory answer from Hitachi.

Since all the drives ship with a factory key for AES 128, and the drives are always encrypted (you encrypt the decryption key with the ATA security extensions password), and since the drives are mass produced, how is the AES key generated, and where does the entropy come from?

Short of your own reader to get "underneath" the security extensions and read the raw platter, you never know if all the AES encryption systems are using exactly the same key, a flawed random number generator or something.

Hardware is a black box. Software gives you some control. Yes, you always need to trust the hardware to some degree, but the damage to the reputation of the manufacturer if they're caught with a hardware back door would be very severe.

You need to be able to inspect the implementation.

mgjk
  • 7,545
  • 2
  • 21
  • 34
  • 1
    +1 @mgjk: Meaning to your knowledge not a single hardware based disk encryption openly states how their system was implemented in a way that would allow 3rd parties to validate the implementation is not flawed, right, or no? If so, what information would be required to insure the implementation was not flawed? – blunders Feb 14 '12 at 03:31
  • 2
    There are a few things I want to know before using an encryption software: 1) The blockcipher algorithm(e.g. AES) 2) The mode used for encrypting the volume (e.g. XTS) 3) How the key is stored/protected. 4) How the key is generated – CodesInChaos Feb 14 '12 at 09:56
  • 1
    @blunders, see CodeInChaos. Some vendors make claims based on algorithms, then take short cuts on the implementation. Selling the tool as "AES" or "3DES" is more important to them than getting it right. Consider http://www.cryptophone.de/ as an example of how hard it is to do escrow-free hardware encryption properly. – mgjk Feb 14 '12 at 15:10
  • 6 years later: https://www.zdnet.com/article/flaws-in-self-encrypting-ssds-let-attackers-bypass-disk-encryption/ – mgjk Nov 06 '18 at 00:49