Samsung SSD 840 Evo Disk-Encryption

Question

My question relates to the hardware encryption of samsungs 840 Evo SSD (maybe also other models):

The theory: Samsung specifies that their SSD encrypts each data with AES by default. So if I choose a HDD password in my bios, I can protect my whole disk (instead of encrypting e.g. my personal data folder later). If I understood it correctly, then using this hdd password, does not change the performance of the ssd, because the encryption happens anyway (with or without the hdd password). The only difference is that I have to enter my password when the BIOS starts.

This seems a pretty good security feature, because all data are protected (protecting e.g. against thiefs) and there is no perfomance gap.

Unfortunately, I do not find any information or tests confirming samsung's claim. Is it really so simple to use? Are there disadvantages?

And by the way? What is the relation to trusted computing? To be honest, I only heard bad things about this topic.

score 6 · Accepted Answer · edited Mar 17 '17 at 10:46

I have not found information like this either, and I'm not sure it's available. I recently used one of these disks with the harddrive password enabled. The AES encryption on these disks is this simple to use and performs excellently.

But there's no way to verify that it's actually working. It is black box encryption.

A while back I answered a similar question about this kind of encryption on spinning disks:

Unlock hard drive vs full-disk encryption

This is black-box encryption It's black-box because although they claim to use AES128, there's no reasonable way to verify it. And although they claim to do it properly, there's no way to inspect their implementation.

A few years ago I sent them a simple question... if all the drives ship from the factory with encryption turned on, then how do they seed their random key?

I never got an answer and I never heard anyone provide a reasonable explanation. For all we know, all the keys on all the drives are identical. Unless you have a method to bypass the drive electronics to read the raw, encrypted platters, you will never know. Even if you execute a ATA SE "secure erase" function to delete the key, you don't know how the new key is being generated.

Key generation weaknesses, a very strong point I never even thought about. Thanks. — Herbert, Dec 13 '19 at 14:58

score 3 · Answer 2 · edited Jan 07 '15 at 09:15

I've been digging around on this topic recently as a newbie, and can share what I've found so far.

First, ATA Passwords to take advantage of the EVO hardware encryption is simple. I've done it using my ASRock Extreme6 mobo and their updated 1.07B BIOS.

The drive when taken out of that machine and put on another machine is utterly unreadable, even by some basic forensic software stuff I've got. It's also fast, I saw no performance hit, though I did not do extensive testing.

I agree that the Samsung encryption is black box: no one seems to know what they did.
Downsides to it are twofold:

It is secure; so secure, that if you forget your password the data is toast. There are no software cracks or backdoors.
This encryption is based on a single controller chip in the SSD, and if that chip goes, you're again hosed. Hence keeping NONencrypted backups (locked offsite in a secure place) seems like a good idea.

Then again, these downsides are relative: you want something so secure it's uncrackable, and software glitches could make software encryption go bad as well.

It seems information in this area is still quite difficult to obtain. A couple of thoughts: On the off-chance all drives are shipped with the same key, performing a secure erase right away should force a key change (hopefully this is at least random). Also I'd like to disagree with your suggestion of keeping non-encrypted backups somewhere else. Encrypt them with a software solution :) — Leigh, Dec 16 '15 at 14:39
If you move the disk to another system, but you know the user password, but (obviously) not the encryption key, can you still decrypt it? As in, is the encryption key stored on the disk, or on the motherboard? I tried to Google this, but it's hard to figure out where it is stored for the Samsung EVO 840. — Herbert, Dec 13 '19 at 14:46

score 0 · Answer 3 · answered Sep 12 '14 at 13:21

I can confirm that the performance of hardware encrypted drives is much better than software encryption. In fact, I find software encryption hinders performance so much, it is almost unbearable to do "heavy lifting" like using virtual machines, compiling software, etc.

The design of these drives seems basically right. They're based on the password model like TrueCrypt, rather than the TPM model like BitLocker, which is fine - as long as you use a good password.

I don't have any reason to disbelieve Samsung's claims. However, I have not personally seen any direct evidence of their encryption. To check this would need some moderately serious work, as you'd need to remove the controller board from a drive and swap it for a non-encrypting one. Well, that's what you'd do for a hard drive, I don't know if that's possible for an SSD. Anyway, it's not something I will be attempting.

These kinds of drives have nothing to do with "trusted computing". BitLocker (Microsoft's disk encryption) stores the keys in the TPM, which is related to trusted computing. Opinions on this vary, and I have no inherent objection to TPMs, but for a drive that takes a BIOS password they are irrelevant.

There is a great flaw in most hardware encryption systems, and you're reasoning to give Samsung the benefit of the doubt is fundamentally wrong in information security. In theory they could work, but in general they don't because the software is closed source. Proprietary encryption implementations get hacked frequently. In all information security courses I did, the most important lessons were (1) don't code it yourself, it **will** be hacked; and (2) only trust open source implementation that can be reviewed. — Herbert, Dec 13 '19 at 14:56
@Herbert - Huge difference between don't code yourself and don't trust over of the largest tech corps. Have to wonder if your logic would extend to bit trusting Intel AES. — paj28, Dec 13 '19 at 17:39
Well, I do hope there have been black box tests on Intel AES by the community. — Herbert, Dec 23 '19 at 19:36

score 0 · Answer 4 · answered Sep 12 '14 at 22:39

0

The SSD actually encrypts all the data by default out of the box. The drive has an encryption key hard coded into the device firmware. All the data is encrypted/decrypted with this key. Even if you do not set a HDD password in Bios, the data is still encrypted on the raw disk.

The sole purpose of your bios password is to restrict access to the encryption key stored in the firmware. Only after entering the right HDD password on boot, the encryption key is retrieved and encryption/decryption starts. Setting the HDD password in bios kind of tightly couples your SSD with your bios which increases the data access security. Anyone with access to your system has to type in the HDD password first to boot up from the drive.

answered Sep 12 '14 at 22:39

Pelo

1

This answer does not seem to add anything beyond what the OP has already said. – raptortech97 Sep 13 '14 at 23:52
Does this mean the encryption key is not encrypted itself with RSA? You make it sound like the user password is sort of a polite request of the hard disk to the hacker not to retrieve get the key, unless he has the user password. That is, hackers could figure out backdoor- and paperclip-methods to make the disk think the correct password was entered, and let it still reveil the encryption key. – Herbert Dec 13 '19 at 14:49

Samsung SSD 840 Evo Disk-Encryption

4 Answers4

Linked