On 7/28/20 7:04 PM, load...@gmail.com wrote:
Could you please tell me which Samsung models has*Hardware* encryption? I
mean without any software which needs to be installed.
I stand to be corrected but this is not unique to Samsung. SSDs,
although I think some don't have this enabled out of the factory, by
default encrypt the data before it gets written to the chips. This is
not the sort of encryption that will stop someone else from looking at
your data if they get your drive because the drive does not know who has
it. Who ever has an SSD can plug it in and ask it to read the data on
itself and the drive willfully decrypts itself and presents its data.
Unlike LUKS for example where the user has to provide the decryption
key, which in essence is a second layer of encryption. However, you can
securely erase any SSDs data by simply creating a new encryption key for
the drive to use to encrypt the data before it gets written to the
chips. Any other form of destroying data on an SSD, like DBAN for
example, is a complete waste of time and you are actually destroying the
drive instead of your data.
Partition Magic can be used to create a new DEK (Drive Encryption Key)
on an SSD, but PM is not free anymore. You can still download the last
free version that was available before it became a paid product which
was in 2013. It still works I have used it, but you have other options
as well. Most manufacturers provide tools, but these are mostly windowz
based, that will perform a secure erase on your SSD, which effectively
creates a new DEK. I have not had much success with Samsung's tools. Or
any other manufacturers tools to be honest.
My best advice is to use the hdparm utility which in reality is what PM
uses. If I want to wipe a drive securely I usually use Tiny Core linux
because (1) it is really small and quick to download and put on a USB
stick and it boots in a flash and (2) it ships with the hdparm utility
out of the box.
This is the most useful instructions that I have found on the web for
hdparm, https://grok.lsu.edu/Article.aspx?articleid=16716
Do not rely on your SSDs hardware encryption for security however,
https://www.howtogeek.com/fyi/you-cant-trust-bitlocker-to-encrypt-your-ssd-on-windows-10/.
That said, deleting the DEK and creating a new one is still 100% safe as
the key has been deleted making the 'data' on the disk squigly goop. The
blank password in this case is not a problem.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/c38f1f8e-a834-63ce-f702-41d7ba4c4c8e%40ak47.co.za.
