PC Tech/Hardware

Info on tech and hardware for PCs.
 

Comments

Permalink

Windows 10's BitLocker Encryption No Longer Trusts Your SSD (old article from 2019):
https://www.howtogeek.com/442114/windows-10s-bitlocker-encryption-no-longer-trusts-your-ssd/
 
Encrypted hard drives (2023-07-11)
https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/encrypted-hard-drive

How to enable Bitlocker HW encryption with modern SSDs on system drive (e.g. Samsung 980 Pro) (2022-11-26)
https://blog.odenthal.cc/how-to-enable-bitlocker-hw-encryption-with-modern-ssds-e-g-samsung-980-pro/

Text below from 2022-10-06:
Hello there,

If your computer has a solid-state drive that says it can handle hardware encryption, BitLocker doesn't do anything at all. BitLocker just trusts the SSD to encrypt your files, abandoning all responsibility.

According to NCSC-NL, BitLocker as bundled with Microsoft Windows relies on hardware full-disk encryption by default if the drive indicates that it can support this.

To determine whether BitLocker is using hardware-based encryption or software-based encryption:

-Run "manage-bde.exe -status" in an administrator command prompt.
-If the "Encryption Method" starts with "Hardware Encryption", then BitLocker is using the self-encrypting disk's hardware-based encryption implementation.
-If the "Encryption Method" states something other than "Hardware Encryption", such as "AES-128" or "XTS AES-256", then BitLocker is using software-based encryption.

Text below from 2023-10:
Always go with software encryption for several reasons. 
1) TPM modules do go bad. 
2) Self Encrypting Devices always use proprietary crypto, and this crypto gets broken seemingly every year. New device, new crypto, broken by the next year. 
3) Software encryption generally uses open/auditable cryptography, i.e. as secure as it can be. 
4) Even non state actors are much more savvy than anyone is giving them credit for. Yes they could crack your SED because the how too’s are very public. 5) Real performance benefits are neglibile and so are the battery savings.
 
Free software to show and activate "TCG Opal" for SSD/NVMe:
https://sedutil.com (necessary to create a bootable USB-stick to run the software..)