LinkBack URL
About LinkBacksPasswords aren't stored in BIOS', there is no standard mechanism to do this. Passwords can be stored in a TPM if your system has one (most laptops do, most DIY desktops don't).
Passwords aren't stored in BIOS', there is no standard mechanism to do this. Passwords can be stored in a TPM if your system has one (most laptops do, most DIY desktops don't).
There is, the ATA protocol security commands.Originally Posted by Dashers
Dashers (01-09-2016)
well it's arrived and it is indeed a Toshiba NVME SSD.
Oh well, software bitlocker only then.
Sent from my SM-G920F
Capitalization is the difference between helping your Uncle Jack
off a horse and helping your uncle jack off a horse.
What are the advantages of running bitlocker using eDrive verses regular software bitlocker, on say a modern laptop CPU with AES-NI?
Look on google, enough people have benchmarked and eDrive has no overhead.
Capitalization is the difference between helping your Uncle Jack
off a horse and helping your uncle jack off a horse.
Have you done a risk assessment?
Likelihood of loss, against impact of data loss against cost of mitigation.
Are you a likely target because of the data that you might be thought to have on the laptop? If you are,my hen you do need to employing some strong methods, but your employer will probably already have some approved method in place.
If you are traveling by car, the risk of theft is low, public transport slightly higher, public transport late at night, higher still, and so on. but the strength -and therefore cost - of the counter security measures are probably lower.
But again, if the value of the data is higher, and the impact of compromise (and I'm only talking about the privacy aspects as if the data is that important, it will be validated and backed up anyway) then that might justify greater protection.
You might consider whether keeping the data on an encrypted USB stick might be an alternative solution. If the laptop gets stolen, the USB stick may not - obviously keep it separate from the laptop. Or you could use an SD card or other form of portable storage.
Do you need to take the laptop to work? Could you use encrypted portable storage to move data from your laptop to work and back again? (If the material is sensitive, you might still want disk encryption at home to protect data in slack space, but again, few casual thieves would have the skill or patience to extract and analyse that.
I can't answer those questions as they depend on your particular situation, but sitting down for thirty minutes or so and actually analysing what you need to do often brings some clarity and ensures you get the most appropriate measures, and gives peace of mind that you have covered as many of the eventualities as you can, and taken appropriate measures within the resources you have available.
Data security is not just about the implementation of technical measures.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
I'm having trouble finding those benchmarks, except those which compare no encryption to hardware encryption showing virtually no performance penalty.
But what are the advantages of having an eDrive encrypted drive compared to software? There's no overhead sure, what else is there? For example, does eDrive have an effect on improved battery life or reduced SSD wear?
I ask because I'm considering upgrading the measly 128GB SSD in my laptop and I wonder if it's worth spending a bit extra for something that is compatible with eDrive encryption.
The simple logic is that the when the drive is performing the encryption, it is doing it at the lowest level possible.
The drive itself does the work, so it is likely to go at the internal speed of the drive. That is potentially faster than the bus speed.
Where drives "cheat" and use compression to get fast write speeds, this will be of most benefit as encrypted data is largely unable to be compressed.
Software encryption will be applied at a driver level, far above the actual hardware in computing terms.
It will rely on CPU power, AES-NI are still just instructions in the CPU, memory speed and the speed data can be moved from memory to the drive.
Did some digging. OCZ drivers, ssd utility, and CLOUT all now support the XG3 (as of July 2016) - see here: https://ocz.com/eu/download/
And they will run on win7,8 and 10. Don't think that helps with hardware encryption, but the rest of the toolkit you might want vs Samsung Magician is now there.
GoNz0 (02-09-2016)
True. I'm travelling by public transport mostly, and visiting locations where I don't always get to keep me bag with me 100% of the time. I couldn't give a stuff about most of the files, so long as they're backed-up. But licence codes, financial data, personal correspondence. Those I would want to protect. Ditto some of our photographs, but only for copyright reasons - not that the images themselves are sensitive.
It sounds like just using a true-crypt vault might suffice for my needs. The one query i have with that is how does it get backed-up? I.e. if the files are encrypted in a vault, presumably the back-up won't see them to copy them? Or if it could see them would back them up in an encrypted form?
Could I use truecrypt as a means of backing up to BDR/MDisc with encryption by mounting the volume onto the write drive rather than a HDD?
doesn't sound like the best method TBH - prob more hassle than it's worth.
http://www.howtogeek.com/186881/hard...re-your-files/
Very true:
A Truecrypt vault in a file with an internal directory structure, so it is mounted like a disk, with a drive letter but as it is a file, it is backed up like any other file.
Have a browse through this getting stated guide.
http://www.herts.ac.uk/__data/assets...uide-v7-1a.pdf
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
ik9000 (04-09-2016)
Thanks, that makes sense. The encrypted file can be backed-up. Key thing is to retain the key to decrypt it. I was wondering whether there was some sort of locally stored hash that was also needed to go with it, such that if the encrypted file alone was burned to disc, it couldn't then be opened on another machine even with the password, but this seems to not be the case. Which is good.
Googling sounds like VeraCrypt is a more up-to-date version of truecrypt (which I can't find readily in v7.1, only the hamstrung 7.2 reader-only variant is on sourceforge for example).
You can find the Truecrypt downloads here
https://truecrypt.ch/downloads/
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
ik9000 (04-09-2016)
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote