[ad_1]
Some SSDs announce support for "hardware encryption". If you enable BitLocker on Windows, Microsoft approves your SSD without doing anything. However, researchers have found that many SSDs are doing a terrible job, which means that BitLocker does not provide secure encryption.
Many SSDs do not implement encryption correctly
Even if you enable BitLocker encryption on a system, Windows 10 may not encrypt your data. Instead, Windows 10 can rely on your SSD to do this and the encryption of your SSD can be easily broken.
This is the conclusion of a new paper written by researchers at Radbound University. They reverse engineered many SSDs and found a variety of hardware encryption problems in many SSDs.
The researchers tested the readers of Crucial and Samsung, but we would not be surprised if other manufacturers had major problems. Even if you do not have any of these specific readers, you should be worried.
For example, the Crucial MX300 includes an empty master password by default. Yes, it's true. A master password has been set for nothing and this blank password gives access to the encryption key that encrypts your files. It's crazy.
The encrypted SSD has a master password set to "". But do not worry, customers, you can disable it! Everything will be alright. pic.twitter.com/hSlPCMyHsi
– Matthew Green (@matthew_d_green) November 5, 2018
BitLocker trusts SSDs, but SSDs do not do their job
That would not normally matter – after all, who uses hardware encryption on an SSD? Windows users would rather use BitLocker. And BitLocker encrypts the files before storing them on the SSD, right?
False. If your computer has an SSD drive indicating that it can support hardware encryption, BitLocker does nothing at all. BitLocker just trusts the SSD to encrypt your files, giving up all responsibility. And, as researchers have found, SSD drive manufacturers are having serious problems implementing encryption properly.
Even if you choose to encrypt your laptop's hard drive with BitLocker, you now trust the company that created the SSD on your laptop. Do you believe that the maker of your laptop's drive has done a good job? Do you even know which company makes the internal SSD of your laptop? Has your laptop manufacturer thought about this before choosing a hard drive vendor?
BitLocker on Windows 7 does not support "unloading encryption on encrypted hard disks," as Microsoft documentation says. In other words, this is a new feature of Windows 10; Windows 7 systems will not have the same problem.
How to make BitLocker use encryption software
If you use BitLocker encryption on an SSD, you can tell BitLocker to avoid using hardware-based encryption and instead use software-based encryption. But this requires a group strategy. Group Policy is only available on Windows 10 Professional, but the standard version of BitLocker is also.
On a single computer, open the Local Group Policy Editor by pressing Windows + R, typing "gpedit.msc" in the Run dialog box, and then pressing Enter.
Go to the following location:
Computer Configuration Administrative Templates Windows Components BitLocker Drive Encryption
Double-click the "Configure the use of hardware-based encryption for fixed data drives" option in the right pane.
Select the "Disabled" option and click "OK."
You may need to suspend the BitLocker protection and reactivate it later. This forces Windows to decrypt and then re-encrypt the drive.
How to encrypt your SSD without BitLocker
Rather than relying on BitLocker, you can also use the VeraCrypt open source tool to encrypt your Windows system drive or any other drive. It's based on TrueCrypt software, which you may have heard about.
Unlike BitLocker, VeraCrypt is also available for Windows 10 Home and Windows 7 Home users. You do not have to pay $ 100 for encryption. VeraCrypt never relies on SSDs for encryption to work: VeraCrypt always manages the encryption itself.
RELATED: How to encrypt your Windows system drive with VeraCrypt
Why does BitLocker trust SSDs?
When it is available, hardware encryption can be faster than software encryption. Therefore, if a SSD had encryption technology based on solid hardware, its use would improve performance.
Unfortunately, it seems that many SSD manufacturers can not rely on a proper implementation. If you need encryption, use BitLocker software encryption instead of having to trust the security of your SSD.
In a perfect world, hardware-accelerated encryption is definitely better. This is one of the reasons why Apple integrates a T2 security chip on its new Macs. The T2 chip uses a hardware-accelerated encryption engine to quickly encrypt and decrypt data stored on the Mac's internal SSD.
But your Windows PC does not use this technology: it has a SSD from a manufacturer that probably did not spend a lot of time thinking about security. And it's not good.
[ad_2]
Source link
