Solidigm

idata · ‎07-03-2012

Hi there,

I've some doubts about how encryption works on the Intel 520. Is the AES-128 encryption always enabled even if I don't use a SATA password? In case I use a SATA password, would the encryption on the drive be really encrypted like using truecrypt and AES? Can I really trust this encryption?

Regards,

plee21 · ‎07-07-2012

Hi

Yes data is always encrypted as 128bit AES and it will be now, however it is only secure if you supply a complicated enough password first. Without a password the data is always decrypted for anyone so your data isn't secure.

It's a bit like a lock on your door. Yes the lock is always in use and there, but unless you use a key to lock the door, anyone can come through it.

You will need to check your BIOS for options to enable a Hard Drive password. The password setting needs to be supported by the computers BIOS so you can unlock the drive when turning the computer on, once unlocked the computer can than read the drive to boot into your operating system. Once a password is set, if someone takes your computer, even if they removed the drive and put it into another computer, the drive is effectively dead until someone supplies the correct password.

A word of warning, if you want to move the drive to another computer to use it, clear the password first, then reset the password on the new computer to secure it again.

Most laptops support setting a Hard drive password, most desktop computers do not.

Regards

Phil

View solution in original post

Johnny_Y_Intel · ‎07-04-2012

Even AES 128bit is strong enough for end user/home use, if you set a strong ATA password, no need to worry about data safety, unless your SSD used in government or military

plee21 · ‎07-07-2012

Hi

Yes data is always encrypted as 128bit AES and it will be now, however it is only secure if you supply a complicated enough password first. Without a password the data is always decrypted for anyone so your data isn't secure.

It's a bit like a lock on your door. Yes the lock is always in use and there, but unless you use a key to lock the door, anyone can come through it.

You will need to check your BIOS for options to enable a Hard Drive password. The password setting needs to be supported by the computers BIOS so you can unlock the drive when turning the computer on, once unlocked the computer can than read the drive to boot into your operating system. Once a password is set, if someone takes your computer, even if they removed the drive and put it into another computer, the drive is effectively dead until someone supplies the correct password.

A word of warning, if you want to move the drive to another computer to use it, clear the password first, then reset the password on the new computer to secure it again.

Most laptops support setting a Hard drive password, most desktop computers do not.

Regards

Phil

idata · ‎12-01-2012

I'm putting together a blog post on vxlabs.com listing drives that do and don't do *usable* AES encryption, that is encryption where the AES keys are themselves also encrypted with a user password.

All of the Intel documentation on the 520 states that the security is based on the AES encryption together with the ATA password, but I have not been able to find any official documentation confirming the following details:

The ATA password is used to encrypt the AES keys.
The ATA password itself is stored as an irreversible hash.

This has been confirmed for the 320, but I'd like to see explicit proof for the 520 as well. It's a new drive with a new controller, so it's not guaranteed that Intel has followed the same path.

Solidigm

Intel 520 and SATA password, how to be sure that it is being encrypted?