SSDs self encryption is compromised

Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives

2 Likes

That’s a mess, Samsung can’t even consistently protect against basic ATA attacks or ensure safe wear leveling, the fact that the best you can get here is “probably safe” on one out of nine drives is a joke

If your drive can’t properly randomize the DEK upon sanitize commands or if it’s reusing a single key across the entire disk, you might as well hand over your data to anyone remotely interested

2 Likes

No surprise Samsung failed at encryption. It was Samsung that shipped 100 million phones with broken encryption.

4 Likes

This is five years old to be clear.

OPAL has improved a lot from what I understand.

And cryptsetup supports layering both hw+sw encryption in the latest version: https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes

5 Likes

Hi! thanks for the great news!
I’m currently using sedutil DTA boot, to unlock the disk and boot Linux. Do you know how can I use the option for Opal hardware encryption, during the installing for a distro? currently I’m on Fedora.
Thankyou!