2
1
I have an Intel 520 SSD and I'd like to encrypt it. How do I do this?
It's already formatted and has my programs already installed. I saw that there are programs like TrueCrypt that do that but I also know that my drive should do it out-of-the-box; what's the difference between both options?
frenchie
Posted 2012-03-22T19:59:21.877
Reputation: 301
3
TrueCrypt: You can view the source code (or pay someone to do it) and verify that the program is doing what it says it does, and that there are no backdoors. You also can control the type, strength, and cascade of encryption.
Your SSD firmware: ????
However, using your SSD firmware is going to give you greater performance.
On a practical level you would probably benefit more from using your SSD's firmware unless you are really paranoid.
Actually using the encryption: Based on this forum post (it covers the 320's but should apply for the 520's as well) - the encryption is automatically applied to the SSD NANDs using keys internally generated on the drive. If you pick a good ATA (BIOS HDD) password, you are OK. The only way to change that password is to issue an ATA "SECURITY ERASE" command to the drive - that forum post says in that event the SSD will regenerate its internal keys, rendering the already-encrypted data useless. Of course you are trusting Intel to make that assertion.
LawrenceC
Posted 2012-03-22T19:59:21.877
Reputation: 63 487
0
I posted elsewhere on this site regarding this topic, but because I used this thread to originally get myself educated, I wanted to provide some input and feedback. The answer provided is entirely correct: Using the ATA Password feature in the BIOS to use the hardware encryption feature of the Intel 520 SSD will be the fastest and most secure way to encrypt the disc.
Note: The Intel Toolbox software will NOT encrypt the disc for you. It will tell you if it's encrypted or not, but it does NOT provide the mechanism to create a password to lock the drive. To do that, you need a motherboard with a BIOS that supports ATA Passwords (which is separate and in addition to a BIOS password, BTW).
The problem is that Mobo makers don't advertise or mention whether they offer ATA Password encryption options. Anywhere. Mobo reviews don't mention it either. For a feature that would unlock the security potential of tens/hundreds of millions of Intel and Samsung SSDs, you'd think someone would mention it. Nope. Nada.
So here's all I can offer. I have the ASRock Extreme6. It had no such ATA Password option. I wrote to ASRock tech support in Taiwan. In a week, they gave me an updated BIOS!!! I suspect they had it all along but didn't want to release it in case noobs locked themselves out of their hard drives. Anyway, if you have an ASRock motherboard, you can get this option, just contact ARock tech support in Taiwan.
Al Winston
Posted 2012-03-22T19:59:21.877
Reputation: 51
ok, so what do I need to do to use the drive's built-in encryption capabilities? – frenchie – 2012-03-22T20:03:10.017
Did the SSD come with a CD of software - probably utilites on there that you can use. – LawrenceC – 2012-03-22T20:06:37.260
1
The SSD is encrypted out-of-the-box, so you don't need anything, but if you want to change the key, you can use the tool : http://www.intel.com/support/go/ssdtoolbox/index.htm
– Nettogrof – 2012-03-22T20:09:27.373@Nettogrof: I never have to type a password; how do I enable encryption? – frenchie – 2012-03-22T20:24:50.817
@frenchie This is a forum thread that answer your question:http://communities.intel.com/thread/20537?start=0&tstart=0
– Nettogrof – 2012-03-22T20:30:21.123If you want to prevent unauthorized people from using the drive, enable the HDD password from the BIOS. The firmware performs the encryption. If an HDD password is enabled, and an adversary tries to remove the flash from the board and dump the data directly from it, they will only see ciphertext. Of course the drive decrypts before satisfying host requests - IF the password is provided. (Wouldn't know where the password is stored though.) – LawrenceC – 2012-03-22T20:36:34.463
ok so all I need to do go to the bios and setup a hard drive password??? Does it encrypt the data already on the drive? – frenchie – 2012-03-22T20:44:47.920
@Nettogrof: the forum talks about encrypting when the computer doesnt have a bios that enable it. Does that mean that if my computer has a bios password for the hard then that's all I'd need to do? – frenchie – 2012-03-22T20:47:14.457