Certain modern hard drives have built-in a hardware-based 256-bit AES encryption.
Surprisingly though, the content on these is encrypted even if no password was set. If the encryption chip quits, the cipher key is lost and hence data cannot be recovered despite the fact the storage itself is OK. Considering that in real life a failure of the encryption chip is higher probability even than the drive getting into enemy hands, the continuous encryption is likely not a very bright idea.
Why the heck did they do that in such a way? The rationale behind such a decision is a speed of a password change. If there is a policy of "no password = no encryption", once the password is set or changed, the full capacity of the disk needs to be re-encrypted, taking some hours. And this even before we start looking into other complications like multiple consequent power failures during reciphering. The same consideration exists when the password is removed.
So the engineers implement the faster option. The master encryption key which is actually used to encrypt the data is initialized during the production and flashed into controller's NVRAM. All the data on the disk is encrypted using this master key, regardless if the user sets the password. If user requests a password to be set, the master key is encrypted with that password. The contents of the drive being encrypted from the start, you cannot read data not having the master key, and the key is not accessible unless you have the correct password.
Now if the encryption module burns, the data is not accessible at all.
These drives are often used in external enclosures and laptops (anticipating a higher probability of actually losing the drive compared to an internal desktop hard drives), forming a special class of devices in addition to this list. These external drives are fairly hard to recover.
No comments:
Post a Comment