I have always encrypted my hdd but have never really understood what, exactly, is happening. Now I have bought a 60gb Intel 520 series SSD I see it advertises that the drive has 128bit encryption so I want to weigh up my options.
My understanding of drive encryption...
All encryption is controlled/performed by AES? and AES is integrated into the Intel ATA controller. To decrypt a drive you need the encryption key (a long string of digits and/or characters) and the key is stored on the ATA controller using TPM. To access/activate the key you need to set a password and enter the password each time you boot up.
If you don't have TPM (like me) you can store the key on a USB stick and make sure the stick is plugged into the computer when you boot up.
For a drive to be decrypted you must have the ATA controller that encrypted the drive and the encryption key (or access to it via TPM and the password).
So if the motherboard dies, the ATA controller is no longer usable and you lose your data??
If someone takes the entire computer the data is essentially protected by your password? (if you have TPM)
OR... as long as you have the key you can decrypt. If you use TPM the key is buried amongst your motherboard and not known/difficult to get.
SSD with AES
So then I bought the SSD drive which has 128bit AES. This means the drive can encrypt itself and the ATA controller is not part of the process.
And that is all I know. Is the key stored on the ATA controller using TPM and protected by a password? Can you decrypt the drive using just the encryption key because AES is on the drive. If I encrypt my SSD using the 128bit AES can I continue to use a usb stick to decrypt?
Am I correct?
I don't have TPM on my netbook so I currently insert a usb stick to decrypt. I like it like this because the thought of my hdd being essentially protected by a password leaves me worried. I forget passwords.... particularly strong ones!
I am also unsure about how encryption affects real-time protection. Encryption is an excellent way of protecting data stored on a stolen device but does it stop people from viewing data whilst you are using the computer?
I currently use BitLocker on Windows 8... is using the encryption facility on the SSD a better option? I don't like the idea of a bog standard password being able to decrypt my drive. The only way to decrypt my drive is to enter the 48 digit key or use the usb stick.
Thanks and apologies for the long post!