Even AES 128bit is strong enough for end user/home use, if you set a strong ATA password, no need to worry about data safety, unless your SSD used in government or military
Yes data is always encrypted as 128bit AES and it will be now, however it is only secure if you supply a complicated enough password first. Without a password the data is always decrypted for anyone so your data isn't secure.
It's a bit like a lock on your door. Yes the lock is always in use and there, but unless you use a key to lock the door, anyone can come through it.
You will need to check your BIOS for options to enable a Hard Drive password. The password setting needs to be supported by the computers BIOS so you can unlock the drive when turning the computer on, once unlocked the computer can than read the drive to boot into your operating system. Once a password is set, if someone takes your computer, even if they removed the drive and put it into another computer, the drive is effectively dead until someone supplies the correct password.
A word of warning, if you want to move the drive to another computer to use it, clear the password first, then reset the password on the new computer to secure it again.
Most laptops support setting a Hard drive password, most desktop computers do not.
I'm putting together a blog post on vxlabs.com listing drives that do and don't do *usable* AES encryption, that is encryption where the AES keys are themselves also encrypted with a user password.
All of the Intel documentation on the 520 states that the security is based on the AES encryption together with the ATA password, but I have not been able to find any official documentation confirming the following details:
- The ATA password is used to encrypt the AES keys.
- The ATA password itself is stored as an irreversible hash.
This has been confirmed for the 320, but I'd like to see explicit proof for the 520 as well. It's a new drive with a new controller, so it's not guaranteed that Intel has followed the same path.