Hi, so I'm kind of confused on something. Is security at the hardware level still a thing? I've been told VeraCrypt is secure to use, but doesn't that require that the drives support encryption like 256 bit AES? I mean like what's the difference between software level encryption vs hardware level encryption? To me it sounds like hardware encryption is still a thing but I could be wrong.
2 Likes
Hardware level is always stronger than software TBH for the most part especially when you have a unique crypto engine running on the hardware
Basically
Software encryption programs are more prevalent than hardware solutions
today. As they can be used to protect all devices within an
organization, these solutions can be cost effective as well as easy to
use, upgrade and update. Software encryption is readily available for
all major operating systems and can protect data at rest, in transit,
and stored on different devices. Software-based encryption often
includes additional security features that complement encryption, which
cannot come directly from the hardware.
On contrast
Hardware-based encryption uses a device’s on-board security to perform
encryption and decryption. It is self-contained and does not require the
help of any additional software. Therefore, it is essentially free from
the possibility of contamination, malicious code infection, or
vulnerability.
2 Likes
Basically Self-encrypted drives are an excellent option for high-security
environments. With SED, the encryption is on the drive media where the
disk encryption key used to encrypt and decrypt is securely
stored. The key relies on a drive controller to automatically encrypt
all data to the drive and decrypt it as it leaves the drive. Nothing,
from the encryption keys to the authentication of the user, is exposed
in the memory or processor of the host computer, making the system less
vulnerable to attacks aimed at the encryption key.