1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Researchers warn of severe SSD security vulnerabilities

Discussion in 'Article Discussion' started by bit-tech, 5 Nov 2018.

  1. bit-tech

    bit-tech Supreme Overlord Lover of bit-tech Administrator

    Joined:
    12 Mar 2001
    Posts:
    3,676
    Likes Received:
    138
    Read more
     
  2. Originality

    Originality What's a Dremel?

    Joined:
    10 Oct 2018
    Posts:
    1
    Likes Received:
    0
    Wow. This could be huge, especially knowing how many companies rely on the protections of Bitlocker as standard policy.

    But how big is the realistic threat? How easy is it to implement? What measures can be taken to make SSDs safer? Firmware updates, or better hardware?

    Needs more study.
     
  3. Pliqu3011

    Pliqu3011 all flowers in time bend towards the sun

    Joined:
    8 Aug 2009
    Posts:
    2,736
    Likes Received:
    257
    Tiny typo spotted: second author's surname should be "van Gastel" (with -el)
     
  4. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    The paper's pretty detailed in how the attacks work, but they all require physical access - which, given that's exactly the scenario data encryption is supposed to protect against, ain't exactly good.

    Samsung's already released firmware updates for the T3 and T5 - plus the T1, but for some reason you have to talk to support to get that one - which it claims fix the problems, but it recommends that users of its other drives give up on the hardware encryption and use software encryption (after making sure the software encryption is actually software encryption, i.e. don't use BitLocker). Crucial/Micron ain't got back to me yet.
    Hah - years of mentally correcting all the American -el suffixes in press releases to -le has me undone! Fixed now - ta!
     
  5. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,909
    Likes Received:
    591
    Presumably Bitlocker could be updated with a blacklist of drives with non-functional encryption and 'failed over' to the software implementation if one is present.
     
  6. z0mijiu0

    z0mijiu0 What's a Dremel?

    Joined:
    7 Nov 2018
    Posts:
    1
    Likes Received:
    0
    So when you say software encryption you're talking about programs like Veracrypt?

    I noticed that the program has a number of encryption methods so I was wondering about which one would be secure but not effect the read / write speeds too much (i5-7300hq cpu).
     
  7. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    Article updated with Samsung, Micron, and Microsoft statements - the latter including instructions for switching BitLocker from hardware to software encryption (which you can only do via Group Policy changes, annoyingly.)
    Aye, that sort of thing.
    When in doubt, go AES: it's the same algorithm the hardware encryption uses, and modern CPUs include AES acceleration instructions. Handily, Veracrypt has a built-in benchmark - here are the results from a test on my A10-5800K desktop:

    upload_2018-11-9_9-21-31.png

    As you can see, AES is by far and away the fastest algorithm thanks to the acceleration instructions. At 1.4GB/s write and 1.9GB/s read, it's considerably faster than most SSDs - so you shouldn't see an impact, except that it will load the CPU during encryption and decryption operations. In other words, things might be a bit slower.

    The other algorithms are really only there if you don't trust the US Government-approved AES algorithm, and come with considerable performance penalties - especially when you start chaining them, which is what the brackets indicate: AES(Twofish(Serpent)) means data is encrypted first with AES, then the encrypted output encrypted again with Twofish, then the encrypted output encrypted again with Serpent. If there's a flaw or backdoor in any one of the three algorithms, your data is still secure - but you take a major performance hit.
     
  8. leexgx

    leexgx CPC hang out zone (i Fix pcs i do )

    Joined:
    28 Jun 2006
    Posts:
    1,356
    Likes Received:
    8
    On samsung drives bitlocker issue should be very much less an issue as you have to go out of your way to press the ready button to enable e-drive support and reload windows and the uefi bios has to support e-drive as well and maybe have a tpn chip as well

    crucial unfortunately e-drive is enabled by Default (no way to turn it off) and so if you meet the requirements for a drive on bitlocker then it will instantly enable bitlocker which means hardware-based encryption is being used ( you can use gpedit or the bitlocker manager I'll have to check what it is again later) to force bitlocker to use software bitlocker

    if you enable bitlocker and you have that percentage progress bar then you are using software based bitlocker which for the majority people will be most ( as you need to meet at least three or four requirements to make bitlocker E-drive to work)

    If ms wanted to assur that it's secure they could make Bitlocker use software based bitlocker when been enabled as most cpus have AES hardware acceleration (make hardware optional bitlocker manager instead of preferred)
     
Tags: Add Tags

Share This Page