Software Vs Hardware Based Encryption – DIY in 5 Ep 156

Опубликовано 1 октября 2021, 20:30

There are two main types of encryption - software encryption and hardware encryption.

Software-based Encryption.
This uses a variety of software programs to encrypt data on a specific volume. When a drive is encrypted, the user will create a passphrase that will unlock a key giving access to the unencrypted data on that device. No key, and you shall not pass. Software encryption acts as the middleman, encrypting data as it’s written to the drive then decrypting it using the same key before it’s presented to the program on the device. The benefits of software encryption are that it’s cost-effective and readily available in modern operating systems. However, since the processor is doing all the encryption and decryption work, the entire system will slow down a bit and, if a hacker is able to get hands on that user-passcode or the encryption key itself since it’s stored in the computer memory, they will be able to access that data.

Hardware-based Encryption
Encryption used by self-encrypting drives or SEDs, is a bit more comprehensive. SEDs use an onboard encryption chip that will encrypt before data is written and decrypt before it reads directly from the drive. This type of encryption sits between the OS installed on the drive and the system BIOS and when the drive is first encrypted, the encryption key is generated and stored on the drive. When the system is first booted, a custom BIOS is loaded that will ask for the user passphrase. Once that passphrase is entered, the drive is decrypted and access to the OS and data is granted. The benefits of this type of encryption are that the CPU is not involved at all, so you won’t see a performance dip, and in most cases the encryption key is stored in the SSD onboard memory which makes it a bit harder to find and thus, less vulnerable to low-level attacks.

AES Encryption
Many encryption options currently use AES - or Advance Encryption Standard. AES is a block cipher, so data is divided into 128-bit blocks before encrypting it with the 256-bit key. AES 256-bit encryption is an international standard recognized by the US government among others and it’s the strongest encryption standard available making it basically undecipherable. Think of it this way, the numbers after AES represent the number of key bits in each encryption and decryption block. For each added bit, the number of possible keys doubles, meaning 256-bit encryption is equal to two to the 256th power. Then, each key bit has a different number of rounds - the process of turning plain text into cipher text. For 256-bits, there are 14 rounds. The chance of an attacker coming up with the correct sequence of 2 to the power of 256 (2^256) bits being scrambled 14 times is very low.

To sum it all up now that we’ve been there and back again, while software-based encryption does have its advantages, it can affect performance and often is not as comprehensive as a more robust hardware-based encryption alternative. Depending on your needs, you may be surprised by what is involved in securing your data. Not all encryption is the same but understanding the differences will play a key part in how effective and efficient your security is.