Hi,
I fail to see what full disk encryption brings to the table, having the option to simply put an ATA password on the drive. It seems to me that such technologies make it even easier for hackers to use ransomware against you. Or make your data more prone to catastrophic loss / corruption if your system begins to fail / has a bug.
All in all, the most likely negative scenario is that you do something wrong yourself and you're locked out of your own data. Besides, I think the chances of finding someone capable of circumventng disk encryption are far higher than of finding someone capable of breaking into an ATA password protected drive. If for anything, because the former can be done remotely, and the second only physically.
Or am I missing something?
Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
Disk drive encrytion - bad idea?
Disk drive encrytion - bad idea?
X301: SU9600 | 8GB | 1TB | WXGA+
X1C5: 7600U | 16GB | 1TB | FHD
X1C9: 1145G7 | 16GB | 1TB | WUXGA | WWAN
X1Y8: 1365U | 32GB | 1TB | WUXGA
P14s G1 AMD: 4750U | 32GB | 1TB | PG FHD Touch
T14 G2: 1145G7 | 32GB | 1TB | FHD
X1C5: 7600U | 16GB | 1TB | FHD
X1C9: 1145G7 | 16GB | 1TB | WUXGA | WWAN
X1Y8: 1365U | 32GB | 1TB | WUXGA
P14s G1 AMD: 4750U | 32GB | 1TB | PG FHD Touch
T14 G2: 1145G7 | 32GB | 1TB | FHD
Re: Disk drive encrytion - bad idea?
In practice, on modern SSD's, they are the exact same thing.
You have to trust the hardware on some level, which has proven to be problematic. Hence the rise of secondary authentication measures like TPM, which distributes trust among components made by different manufacturers.
The attack vector comes in when you add remote management. McAfee, Symantec, and Bitlocker allow this.
But for that kind of infrastructure, you are talking a large corporation willing to pay for such services, and they assume the risk not in terms of data, but in terms of the insurance payout from the vendor when the data is lost.
For a personal user, normal FDE given by the OS is sufficient enough. The benefit of not using the ATA encryption is that, one can remove the drive, use dd or one of the pretty front ends (Clonezilla, etc) to mirror the drive to another one sector by sector and it the other drive will work with the same password. A nice out of band backup system.
You have to trust the hardware on some level, which has proven to be problematic. Hence the rise of secondary authentication measures like TPM, which distributes trust among components made by different manufacturers.
The attack vector comes in when you add remote management. McAfee, Symantec, and Bitlocker allow this.
But for that kind of infrastructure, you are talking a large corporation willing to pay for such services, and they assume the risk not in terms of data, but in terms of the insurance payout from the vendor when the data is lost.
For a personal user, normal FDE given by the OS is sufficient enough. The benefit of not using the ATA encryption is that, one can remove the drive, use dd or one of the pretty front ends (Clonezilla, etc) to mirror the drive to another one sector by sector and it the other drive will work with the same password. A nice out of band backup system.
unix_joe
Me: ThinkPad Z13 - Debian Stable KDE
Wife: ThinkPad Z16 - Pop!_OS
Kids: ThinkPad X280 - Debian Stable Gnome
TV: ThinkPad P14s - Debian Stable
Me: ThinkPad Z13 - Debian Stable KDE
Wife: ThinkPad Z16 - Pop!_OS
Kids: ThinkPad X280 - Debian Stable Gnome
TV: ThinkPad P14s - Debian Stable
Re: Disk drive encrytion - bad idea?
> I fail to see what full disk encryption brings to the table, having the option to simply put an ATA password on the drive.
Not all computers have a way of entering ATA password. If your computer quits working you may be unable to read the drive in another computer.
Full disk encryption that is done in software doesn't have this issue.
FDE does not protect you from malware or ransomware. for this you need backups.
Not all computers have a way of entering ATA password. If your computer quits working you may be unable to read the drive in another computer.
Full disk encryption that is done in software doesn't have this issue.
FDE does not protect you from malware or ransomware. for this you need backups.
-
- Similar Topics
- Replies
- Views
- Last post
-
-
Possible bad reads from T530 using pico
by ame » Sat Nov 11, 2023 10:15 pm » in ThinkPad T430-T490 / T530-T590 Series - 0 Replies
- 2175 Views
-
Last post by ame
Sat Nov 11, 2023 10:15 pm
-
-
-
How bad was the Thunderbolt Firmware Problem
by euless » Wed Feb 07, 2024 4:19 am » in ThinkPad T430-T490 / T530-T590 Series - 3 Replies
- 826 Views
-
Last post by TPFanatic
Sun Feb 11, 2024 6:20 am
-
-
-
X131e Bad CMOS Battery - Unresponsive
by PinkFloydEffect » Sat Feb 17, 2024 1:29 am » in ThinkPad X100e/X120e/X130e/X140e Series - 2 Replies
- 1013 Views
-
Last post by PinkFloydEffect
Sat Feb 17, 2024 2:28 pm
-
-
-
X1 Carbon 11 gen External Hard Drive Random Disconneciton
by narrownico » Thu Oct 19, 2023 11:39 am » in ThinkPad X1 / X1-Carbon / X1-Extreme and later Series - 5 Replies
- 3855 Views
-
Last post by DenverBrian
Wed Dec 20, 2023 1:44 pm
-
Who is online
Users browsing this forum: No registered users and 14 guests