Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel Launches Self-Encrypting SSD

Posted by Soulskill on from the masochistic-storage-devices dept.

MojoKid writes: Intel just launched their new SSD 2500 Pro series solid state drive, the follow-up to last year's SSD 1500 Pro series, which targets corporate and small-business clients. The drive shares much of its DNA with some of Intel's consumer-class drives, but the Pro series cranks things up a few notches with support for advanced security and management features, low power states, and an extended management toolset. In terms of performance, the Intel SSD 2500 Pro isn't class-leading in light of many enthusiast-class drives but it's no slouch either. Intel differentiates the 2500 Pro series by adding support for vPro remote-management and hardware-based self-encryption. The 2500 Pro series supports TCG (Trusted Computing Group) Opal 2.0 features and is Microsoft eDrive capable as well. Intel also offers an administration tool for easy management of the drive. With the Intel administration tool, users can reset the PSID (physical presence security ID), though the contents of the drive will be wiped. Sequential reads are rated at up to 540MB/s, sequential writes at up to 480MB/s, with 45K – 80K random read / write IOps.

16 of 91 comments (clear)

  1. Re:Better than software based, lemme tell you by benjfowler · · Score: 2

    Got some benchmarks to quote to back that up? AES in hardware is very fast.

  2. Self-encryption by Little_Professor · · Score: 2

    Self-encryption? So it encrypts itself? Wow. On my laptop I have to encrypt my drive myself. Takes ages to work out all the ciphers

  3. I Have a New Technology for This by Motard · · Score: 4, Funny

    My new device is designed to accept any amount of data and any rate imaginable. Once stored, the data can *never* be retrieved, no matter what is tried. And this new technology is surprising affordable. Call now for your new StorageBrick 3K!

  4. Intel has worked with the NSA by sasparillascott · · Score: 5, Insightful

    The usual comment, if you care about your drive being able to be unencrypted when the right govt authorities decide to go snooping, it'd be best not to trust this...

    Great point of reference:

    https://plus.google.com/+Theod...

    1. Re:Intel has worked with the NSA by Charliemopps · · Score: 4, Insightful

      If I actually cared about the Government breaking into my encrypted files I'd be using a One Time Pad. It might be cumbersome, and it might flag it as actually important info, but if I really didn't want someone to have the possibility of breaking it then only a encryption method that cannot be broken with any amount of processing power will do. However, I don't have any need to worry about some trivial thing like are they looking at me today. I don't have that kind of secret to hide.

      You should always be worried about the government breaking into your encrypted files.
      There is only 1 group in this country that can legally torture you and put you to death. Only one group that actually does that very thing on a daily basis.
      Irrelevant of their current laws and practices, it's in your best interest to protect yourself from their prying eyes.
      You've no idea what you're doing today that will be illegal tomorrow. Every device I own has some degree of encryption. Will that protect me if they target me directly? Probably not, but I certainly am not going to make it easy for them if it comes to that. Decent encryption isn't that hard, and just takes a few minutes of your time.

    2. Re:Intel has worked with the NSA by eth1 · · Score: 4, Interesting

      Not to mention that even if you have "nothing to hide," what about when you piss the wrong person off, and suddenly there's child porn on your encrypted drive that obviously only you could ever have had access to.

    3. Re:Intel has worked with the NSA by Luckyo · · Score: 2

      The problem is that if you have something that government finds worth torturing over on your drive, you're boned regardless.

      Very few people have the sufficient stress and pain tolerance to be able to not divulge the password to the files for extended period of torture by best professionals in the world.

    4. Re:Intel has worked with the NSA by mark_reh · · Score: 2

      How long do you think you'll keep your pass phrase secret when one of the government sanctioned torturers tightens the screws on your thumbs?

      You can't protect your data from the government any more than all the gun "enthusiasts" in the US can protect themselves from the government with their guns. The government ALWAYS has ways and means beyond what any individual or even any group can muster.

    5. Re:Intel has worked with the NSA by niftymitch · · Score: 2

      If I actually cared about the Government breaking into my encrypted files I'd be using a One Time Pad. ....snip....

      I think this is a place where a big "Woosh" applies.

      Someone does not understand the way one-time pads work.
      Using a one-time pad is a blunder. To get your files you must also have the pad. For a disk this would be one monster pad.
      Since it is a one time pad you use it and toss it (special flushable paper) -- now the data is lost.

      One-time pads between two friends are interesting but require a physical exchange of pads.

      The Intel trick has one big value in the context of repair, redeployment and intentional abandonment of content.
      There may be many at the IRS that wish their devices all had this feature to invoke.

      The current case of the IRS is interesting... and points out a need to manage data. Preserve it, wipe it, recover it.
      When the dogs of war knock down the front door.. wiping data locally only needs a key wipe not a
      full disk wipe that might take hours or weeks (central Utah disk farm). Should management make copies
      of the keys recovery of a remotely wiped device may be possible.

      This technology has no obvious place on a device like a flight data recorder but does represent a signature
      to validate the data is on the device you expect iff logged back someplace safe.

      --
      Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
  5. "Factory" Encryption == Bullshit by CanHasDIY · · Score: 4, Insightful

    We all know, at this point, that these tech hardware companies are total butt-fuck buddies with clandestine government organizations.

    We all know, at this point, that as a result of the aforementioned butt-fuck buddies relationship, all hardware can be considered compromised before you even open the damn box.

    I don't know about you all, but I'm far more concerned that an organization with the power to take away my life and/or freedom can access my data without my permission or knowledge than infamous Russian credit card scammer "Peggy."

    That be my 2 pennies.

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
  6. Another unverifiable "encryption product"... by Kardos · · Score: 3, Insightful

    ... treat it as a regular unencrypted drive and apply proper encryption on top. Next.

  7. Re:My SSD already encrpyts its contents by 0123456 · · Score: 2

    It can loose it's own keys?

    My current Intel SSD encrypts everything and has a special command to wipe the key to 'secure delete' the contents. So I'm not sure what's new here.

  8. Re:How is this news. by Cley+Faye · · Score: 2

    TRIM don't actually zap the data, it just mark a block as unused. This is to increase performances, because on the next write in this block, there is no need to read it, update it in memory, then write it. But until something is written there, no guarantee that the content itself is erased. Custom firmware could read it, or advanced forensics could get the chips out and get data from it or something.

  9. Simple Security Is The Best Security by tech.kyle · · Score: 2

    I suggest encrypting everything multiple times with a more simple encryption algorithm. I find it gives me twice the security at virtually no performance loss whatsoever. Myself, I use ROT13 twice.

    --
    If we colonize Mars, it won't be the World Wide Web anymore. UWW?
  10. Re:My SSD already encrpyts its contents by AmiMoJo · · Score: 2

    Some older drives can use the ATA password for encryption, which is presumably what you are describing. The implementation varies. Some drives store the key in plaintext where it can easily be sniffed as it travels over the the HDD's internal bus. The biggest issue though is that in most cases only laptops support the ATA password feature, with virtually no desktop BIOS implementing it.

    This new standard defines how the key is to be stored securely and integrates much better with software like BitLocker. As well as being far more secure than the old ATA password method this allows companies to manage their keys. If the user forgets their password they don't lose access to the entire machine, IT can reset it. The password can be changed without wiping the drive. Hibernation and sleep support is much better too.

    The old Intel encryption uses the ATA password, but they have been a bit vague on the details so it isn't know how well it works or how secure it is.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  11. Encryption is easy. Decryption is hard. by Rowanyote · · Score: 2

    I have a self encrypting hard drive already.

    IBM Deskstar from last decade.

    Unfortunately no one has the key....