1

I have a Samsung SSD 850 with an HDD password set. It seems from articles such as this and this that the data is fully encrypted, and requires the password to view. Is there any requirement or advantage to having Bitlocker as well?

Community
  • 1
wezten
  • 113
  • 4

2 Answers2

5

There's no practical way to inspect the Samsung disk's implementation of AES-256. The same is true of the Bitlocker algorithm, but the software implementation has a few advantages:

  • Microsoft can issue patches if vulnerabilities are discovered
  • Runtime entropy sources are more varied than whatever entropy source is used to encrypt the Samsung disk (remember that these disks ship encrypted, the password merely scrambling the keys. If you can find information about how the disk is initialized and entropy is generated, I would love to hear it.)
  • In software you can inspect the raw disk image to ensure the content is being encrypted.

There was a similar question on this a few years ago:

Is hardware based disk encryption more secure that software based?

This said, I actively use this kind of disk-level encryption, but I'm only considering a threat model where a break-in to my apartment causes somebody to snag my hardware... no state secrets here.

Community
  • 1
mgjk
  • 7,535
  • 2
  • 20
  • 34
1

There's no particular need to do so. Looking at your model's specifications, it uses AES-256 bit encryption, which is considered unbreakable. The entire world's computing power could not solve a single key in this lifetime, and even with Moore's law, it is unreasonable to assume that we'll get to that level of computing power within this lifetime, much less the expected life expectancy of the hardware. Adding both hardware- and software-based encryption would make it "more impossible" than either solution alone, however, it's already considered impossible to break either encryption, and you can't really get "more impossible" than "impossible." All you're really going to do is slow down your device's maximum throughput since the data has to be encrypted or decrypted twice in order to be read from or written to.

phyrfox
  • 5,724
  • 20
  • 24