1 Reply Latest reply on May 7, 2012 2:00 AM by phil_l

240GB SSD Series 520 - Questions on the "Hardware Encryption" feature, thanks.

joejac May 6, 2012 9:13 PM

Hello,

I purchased a 240GB SSD Series 520, the vendor installed the SSD in my new ASUS with Core i7. I was planning to encrypt the SSD with this procedure in order to install my Linux Operative System:
http://pclosmag.com/html/Issues/201108/page19.html

But I saw in the specifications that the this SSD has "Hardware Encryption" please see under "Advanced Technologies" section:
http://ark.intel.com/products/66250/Intel-SSD-520-Series-(240GB-2_5in-SATA-6Gbs-25nm-MLC)?wapkw=240gb+ssd

So my questions are:

1.- How the hardware encryption is activated and works?

2.- Should I not to do the Linux software encryption?

If I do not do the software encryption because the Hardware encryption is enough, if in the future I move the SSD to other new computer,
3.- How the new computer will read the data in the SSD, if it has "Hardware Encryption"?

4.- How can I recover my data from the SSD in case of a problem with the current machine?.

The information on this product is very limited and I have not find any related data for this point.

I am stuck with my Linux and files installation until I get the correct answers, I need this information as soon as possible .

I installed the Intel® Solid-State Drive Toolbox and I have not seen any information on this subject there.

Thank you and best regards
joejac

1. Re: 240GB SSD Series 520 - Questions on the "Hardware Encryption" feature, thanks.

phil_l May 7, 2012 2:00 AM (in response to joejac)

Hi

The hardware encryption is enabled all the time, so all data written to the NAND chips is encrypted. By default though this offers you no security as the SSD can be stolen and used in any computer as it will decrypt the data for anyone.

To use the hardware encryption to secure your data, you need to add a key that only you know to lock the decryption to only you. For a boot drive you can only do this via the motherboards BIOS. Very few desktop boards support adding a password to the hard-drive though. Look in your BIOS for a Hard-drive password option.

Sometimes it has been said enabling the User/Supervisor passwords in the BIOS has also set the User/Master password on the SSD so you could try those. To confirm your SSD is then password protected, in the Intel Drive Toolbox under Drive Details look for the Word 128 and see if it has Security Enabled = 1. If not then it isn't protected.

You can still use software protection of course however this will have an impact on write speeds, takes a slight hit from your CPU to do the encryption, and affects wear-levelling. This is because the Intel 520 compresses data so it doesn't have to write as much, so writes are quicker, and because you are usng less NAND memory more is left free for wear-levelling. If you send encrypted data to the SSD, it will be compressed still, however encrypted data due to being encrypted just isn't compressable, so your write speeds drop and the drives gets some extra wear and tear because no space is saved.

The SSD can still use compression when it does the encryption because it works in this order: Data-->Compressed-->Encrypted, whereas in software you are going Data-->Encryption-->SDD attempts compression of already encrypted data, but can't really compress it much due to the encryption-->Encrypted again.

Regards

Phil
Like Show 0 Likes(0)

Actions