Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> You need to trust into the UEFI implementation and the harddrive manufacturer, which you hopefully do.

Trusting hardware encryption on consumer SSD's has been proven to be a pretty disastrous idea[0], with even Bitlocker disabling hardware encryption by default.

From what I understand, a lot of encryption implementations were really really bad, with massive security vulnerabilities and issues. I suppose if you're an enterprise you have the money to test if the SSD is actually encrypting the data on the NAND, but a consumer would be none the wiser.

[0]: https://www.howtogeek.com/fyi/you-cant-trust-bitlocker-to-en...



Yes. I just didn't remember the specific models affeced:

    Crucial: MX100, MX200 und MX300
    Samsung: 840 EVO und 850 EVO
Curcial fixed it later with an firmware update. I think people got mad on Samsung because they didn't fixed it? Not affected where Intel, Micron, Samsung's own more expensive PRO-Series (interesting?) and others. We also rely on hardware based encryption on iPhones and Androids? Finally we need to trust the CPU and the random number generator, TPM, Pluton and that the keyboard or whatever is not manipulated. By the way - I don't trust Microsoft's Pluton! And interestingly Dell and Lenovo decided to turn it off by default.


> By the way - I don't trust Microsoft's Pluton!

I have to admit that I have hope for Pluton: it seems like it's going to increase the security of computing, which would obviously be beneficial to all of us. What they're talking about isn't exactly a new concept (I believe Apple call their the Secure Enclave) but it's one of those "Why didn't we have this already things?" where PC's just feel a bit behind.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: