I find very noticeable performance hits when using VeraCrypt or BitLocker. Benchmarks bare that out.
Each to their own. Rather than trying to talk me out of it, maybe we could keep this thread to solutions.
Thing is - the solution is to use software encryption cause that is the only way you can move your drive to another system without a problem.
All the rest depends on whether the manufacturer will support it or not. And so far, none have done that continuously through time. IMHO, the TCG Opal v2 self encrypting drives will work with the FW16 devices. But as said before:
The self encrypting drives as hardware encryption give a āsenseā of security only. They give the ālegalā means to say: My drive was encrypted (Very important for corporations). That it is hackable now or in the future with the old manufacturer not providing a fix - they donĀ“t care.
As an open source guy, I prefer to have a reliable system I understand and can migrate rather than some marketing stuff coming with corporate promises
While it is definitely measurable, especially on faster drives, is it really noticeable?
At the end of the day, the most important thing is: what am I protecting from who and how much performance do I need to squeeze out of my setup? Encryption is cheap on hardware with specialized support for it, but the cost is not zero. The common layperson would probably never notice, but this is the Framework community, and blanket statements like āYou do not need that. Just use this.ā has a lot less currency here. Itās the crypto equivalent of āYou do not need ECC RAM. Full stop.ā
Jorg, as has been explained, with sedutil you can move the drive to a different computer.
This, as with all encryption technology, requires you to be able to access the system and drive first. Iām talking about disaster recovery where the key may be in the TPM of the broken computer.
Backup is the response to all of that.
No, you can use another OS to unlock the drive with sedutil, or boot the generic minimal Linux distro that they provide from USB/CD.
Nothing is machine or OS dependent.
The TPM is not used at all.
If that is the case, then the encryption is not worth the name.
You donāt seem to understand this, so perhaps you should withdraw.
In the interest of preventing the spread of misinformation, just like software encryption you enter a password that is hashed into a key. That key decrypts another key which is used for the data.
Itās basically as good as your password, in most circumstances. Just like software encryption.
Well, I wouldnāt say that. I had to recover quite some peopleās data and sometimes couldnāt because they used the deviceās TPM as a secure store and the hardware broke.
But ok. Iāll withdraw from that discussion as I donāt understand the implications of encryption.
I meant sedutil and OPAL. Neither use the TPM.
TCG OPAL is an open standard for self encrypting drives. If the manufacturer follows the standard and implement it correctly, then it is safe to use. Samsung had no big issues implementing this standard, minor issues are fixed in latest SSD products of Samsung.
If your threat level is protecting your data after theft, TCG OPAL is fine for you and gives you the optimal performance of your SSD.
If your threat level are security agencies, you should change your mind: xkcd: Security
1 Like
They donāt even need a wrench at the border, they can just delay you until you miss your transport. Thatās why I recommend wiping devices when traveling, and restoring them on arrival if needs be.