Some SSD ads announce support for "hardware encryption." If you enable BitLocker on Windows, Microsoft trusts your SSD and does nothing. But researchers have found that many SSD files are doing a terrible job, which means that BitLocker does not provide secure encryption.
Many SSD files do not properly implement encryption
Even if you enable BitLocker encryption on a system, Windows 10 Factor can not encrypt your data. Instead, Windows 10 may be dependent on your SSD to do that, and your SSD encryption can easily be broken.
This is the conclusion of a new paper by researchers at Radbound University. The reverse engineered firmwares of many solid state devices found a series of "hardware encryption" problems found in many SSDs.
The researchers tested devices from Crucial and Samsung, but we would definitely not be surprised if other manufacturers had major problems. Even if you do not have any of these specific devices, you should be concerned.
For example, the Crucial MX300 contains a blank master password as default. Yes that's right. It has a main password set to nothing, and the blank password gives access to the encryption key that encrypts your files. It's crazy.
The encrypted SSD has a master password set to "". But do not worry, customers, you can turn it off! Everything will be fine. pic.twitter.com/hSlPCMyHsi
– Matthew Green (@matthew_d_green) November 5, 2018
BitLocker Trust's SSDs, but SSDs Doing Their Jobs
This wouldn It's usually no matter – which uses hardware encryption on an SSD? Windows users would instead use BitLocker. And BitLocker encrypts the files before they are stored on SSD, right?
Error. If your computer has a solid state device that says it can handle hardware encryption, BitLocker does nothing at all. BitLocker just rely on SSD to encrypt your files, abandon all responsibilities. And as researchers have found, SSD manufacturers have some serious problems in implementing encryption correctly.
Even if you choose to encrypt your portable hard drive with BitLocker, you now trust any company that made the SSD drive on your laptop. Do you trust that the manufacturer of the device in your laptop did a good job? Do you even know what company did your laptop's internal SSD? Did your laptop manufacturer think about this before choosing a hard disk vendor?
BitLocker on Windows 7 does not support "Encryption Relief to Encrypted Hard Drives," as Microsoft's documentation says. In other words, this is a new feature in Windows 10, so Windows 7 systems will not have the same problem.
How to do BitLocker Use program encryption
If you use BitLocker encryption on an SSD, tell BitLocker that you do not use hardware-based encryption and use software-based encryption instead. But this requires group policy. Group Policy is only available on Windows 10 Professional, but it is the standard version of BitLocker.
Open a single computer, open the local group policy editor by pressing Windows + R and typing "gpedit.msc" in the Run dialog box and press Enter.
Go to the following location:
Computer Configuration Administrative Templates Windows Components BitLocker Device Encryption
Double-click "Configure Use of Hardware-Based
Select the Option "Disabled" and click "OK."
You may need to cancel the BitLocker protection and re-enable it afterwards. This forces Windows to decrypt and then encrypt the device again.
Here's how Encrypting SSD without BitLocker
Instead of relying on BitLocker, you can also use the open source VeraCrypt utility to encrypt your Windows system drive or any other device. It is based on the TrueCrypt software, as you may have heard about.
Unlike BitLocker, VeraCrypt is also available to Home 10 and Windows 7 Home users. You do not have to pay $ 100 for encryption. VeraCrypt never engages SSDs that do the encryption work. VeraCrypt always handles the encryption itself.
RELATED: How to encrypt Windows System Drive with VeraCrypt
Why is the BitLocker Trust SSD ??
When available, hardware-based encryption can be faster than software-based encryption. So if an SSD had a solid hardware-based encryption technology, SSD would result in improved performance.
Unfortunately, it seems that many SSD manufacturers can not rely on implementing this correctly. If you need encryption, it's better to use BitLocker's software-based encryption, so you do not need to trust SSD's security.
In a perfect world, hardware-accelerated encryption is definitely better. That's why Apple has a T2 security chip on its new Macs. The T2 chip uses a hardware accelerated encryption engine to quickly encrypt and decrypt data stored on Mac's internal SSD.
But your Windows computer does not use technology like this – it has an SSD from a manufacturer that probably does not spend much time thinking about security. And that's not good.