Thinkpads Forum

Hello,

I have bought an SSD OCZ agility 3 hdd and one Intel SSd else.

I would like to make my computer now as safe as possible now, so i would like to ask you for two things:

durability and performance of encrypted SSD

How to encrypt - from which should I start. I need stability and performance but the most important for me is confidence - to make disks unreadable for other persons.

I have any Intel AT tehnologies in my Lenovo.

Only last question - what is the idea of the drive encrypting ? Disk pulled from the computer is blocked? What in the original compuetr? Without plugging it and when we broke OS We will have access to files?


thank for helping

Two types of drive encryption:
1) Software encryption, like TrueCrypt, and
2) "Always-on" hardware encryption, performed automatically and transparently by the drive's electronics whenever data is written to the drive.

It is best to use a drive with built-in always-on hardware encryption. The data written to such a drive is always automatically encrypted, and also automatically decrypted upon read, by the drive's electronics ... HOWEVER, if the user sets a hard drive password on the drive (via the BIOS), then the drive will NOT automatically decrypt the data if that password is not provided by the user when the drive is powered up.

Note that the hard drive password, if set by the user, will be stored in the drive's electronics, not in the BIOS, so the drive will operate in any machine which is able to pass on to it the password the user provides at power up. In other words, you can remove the encrypted drive from one machine, place the drive in a different machine, provide the password, and the drive will decrypt the data.

[It does not matter for this discussion, but also note that the key used to encrypt the data on the drive is different from the password the user sets. Changing the encryption key (not the drive's password) will have the same effect as instantly erasing everything on the drive.]

Your Intel SSD drive may have built-in hardware full drive encryption, depending on which model/version you have.

All software-based encryption schemes are inferior, in one or more ways, to hardware full drive encryption.

EOMtp wrote: All software-based encryption schemes are inferior, in one or more ways, to hardware full drive encryption.

I strongly disagree with that statement. Whether hardware or software encryption is better depends on entirely your needs.

Do you, for example, need to use multiple encrypted containers or assign multiple different passwords to an encrypted drive? Then hardware solutions are inferior for that, since none of the ones on the market support that.

Do you want to pick your own encryption/authentication algorithms? Good luck finding a hardware solution that allows as much choice as Truecrypt or LUKS.

How about backing up the encryption keys? Some hardware solutions support it, some don't.

And cloning the drive without decrypting it first? If you use a hardware solution, forget it.

So no, hardware solutions are not always superior and are for some uses quite inferior.

Personally I'd recommend a software approach, as you retain the flexibility of choosing whatever drive you'd like, and being able to better manage your keys and encryption configuration -- plus, with modern CPUs the performance penalty is so small as to be imperceptible for typical desktop tasks.