# SSD with embedded hardware 256-bit AES full disk encryption



## MasterOne (Dec 21, 2012)

I am to buy a Samsung 840 Pro SSD for my Acer Aspire One 753 Netbook, and stumbled over the feature of embedded hardware 256-bit AES full disk encryption, for which not very much info seems to be available.

The idea is, that the embedded controller does all the work, resulting in full harddisk/SSD encryption completely independent of the operating system, with absolutely no performance impact, which means strong "military" grade disk encryption even on machines with low speed CPUs (like the mentioned netbook with Intel Celeron U3400 1.06 GHz CPU without hardware AES). Using this feature is only possible on computers which offer to set a "hdd password" in the BIOS, which is the encryption-key passed on to the controller of the harddisk/SSD.

Is that cool or what? Means no more fiddling around with GELI, and no wasted CPU cycles for block-level-encryption.

I am wondering if there is any downside of using such embedded hardware 256-bit AES full disk encryption compared to GELI, but I guess there is none at all. An thoughts about this topic are appreciated.

BTW At first I was considering an Intel 520 SSD, but then I discovered, that 256-bit AES encryption is broken in SandForce 2000 SSD controllers, resulting in all SSDs using that controller "only" being capable of 128-bit AES encryption.


----------



## Uniballer (Dec 21, 2012)

Personally, I would not worry about AES-256.  At least one of the reduced-round cryptanalytic attacks on AES hints that AES-256 might actually be weaker than AES-128 due to key schedule issues.  And it is still impractical to brute force a 128 bit AES key.


----------



## MasterOne (Dec 22, 2012)

Oh I do not worry at all, but it nevertheless is a good reason to stay away from drives with SF-2000 controllers.


----------



## Goette (Dec 22, 2012)

MasterOne said:
			
		

> Oh I do not worry at all, but it nevertheless is a good reason to stay away from drives with SF-2000 controllers.



You are right, almost all Sandforce controllers are troublesome.


----------



## xibo (Dec 26, 2012)

The only thing disk encryption can protect you against is compromization of data when the physical storage medium is stolen (or temporarily removed for analyzation to be brought back in a corrupted form).
People however won't bother to take out a disk from an computer box, they will steal the whole computer when they're at it, and therefore also take with them the BIOS that conains the secret. Even if the BIOS access should be restricted, taking the secret with from the BIOS' prom that is physically next to you is a lot easier then cracking the cryptography to an intruder who values the data and has the right equipment and knowledge.

GELI and his friends are still having the upper hand here, as they don't store any secrets and also allows data verification which is a *very* powerful feature to detect intrusions. After all, it's more dangerous to have an attacker modify your data without you being able to detect it then to just let the attacker have a copy of it.

Also, when data is worth being encrypted, the computational effort is the prize you will pay for it. If it isn't worth it, the data isn't worth being encrypted.


----------



## kpa (Dec 26, 2012)

I wouldn't put any value on that feature if it's done the way as described above. BIOS passwords are easily recoverable and should be considered as plaintext in security evaluations.


----------



## MasterOne (Dec 26, 2012)

The secret is NOT stored in the BIOS, the BIOS only passes the entered passphrase to the SSD controller, the mechanism pretty much works like with GELI, but on a hardware level.


----------



## Nukama (Jan 4, 2013)

SED are funny:

http://www1.cs.fau.de/sed
29C3 german talk


----------



## MasterOne (Jan 4, 2013)

Nukama said:
			
		

> SED are funny:
> http://www1.cs.fau.de/sed
> 29C3 german talk


Interesting but





> In this sense, hardware-based full disk encryption (FDE) is as insecure as software-based FDE


Which is as good as it gets. Of course there are always angles of attack, but the advantage is the none-involvement of the OS, which makes it OS-independent and takes away the necessary CPU load. So as I see it, SED is advantageous over OS-level encryption.


----------



## morbit (Sep 4, 2016)

Had you any luck with it? It looks awful under Windows http://arstechnica.com/civis/viewtopic.php?f=11&t=1312261 

And... 

http://www.tomshardware.co.uk/answers/id-2813442/encryption-samsung-840-ev0-ssd.html



> I steal your laptop. You have a password set on the hard drive. Oh well looky here i have another PC that support this kind of hard drive password encryption (Not all do and most desktop's don't support it except for business class like the dell optiplex which is what i did all my testing on). I go into my BIOS. I set an Admin password on my BIOS. I turn off my PC, plug in your drive, turn it on, go into BIOS. But you are thinking WAIT! it ask for the hard drive password before you can even get into the BIOS! Errrr WRONG! I use MY admin password for your hard drive and I am in my BIOS. Now i go to the hard drive password, and change it using MY ADMIN PASSWORD AND THE CURRENT PASSWORD, and then either set no password or changed it. I reboot, I'm in, your files are mine.


----------

