There is always something interesting happening in InfoSec. Today I was reading about encryption on certain SSDs, and how truly terrible it is. The basic take-home: for a lot of SSDs, while the application layer gives you an opportunity to set an encryption key, that key isn't used to encrypt the data, or even to generate the key that is used to encrypt the data on your disk.

The link to the story on The Register is below

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)

The key is set on the disk, and if you can bypass the file system and get direct access to the disk, using debugging ports, you can read all the data on the disk. I guess it's technically "encrypted at rest" but now that you know about this, you can't really claim compliance.

Microsoft's BitLocker honours the disk encryption method, so it's effectively compromised as well.

Something like VeraCrypt might be a lot better choice. For those that don't know about it, it's the resurrection of TrueCrypt.

Tuesday, 6 November 2018

Encryption on SSDs

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)