Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives
2 Likes
That’s a mess, Samsung can’t even consistently protect against basic ATA attacks or ensure safe wear leveling, the fact that the best you can get here is “probably safe” on one out of nine drives is a joke
If your drive can’t properly randomize the DEK upon sanitize commands or if it’s reusing a single key across the entire disk, you might as well hand over your data to anyone remotely interested
2 Likes
No surprise Samsung failed at encryption. It was Samsung that shipped 100 million phones with broken encryption.
4 Likes
This is five years old to be clear.
OPAL has improved a lot from what I understand.
And cryptsetup supports layering both hw+sw encryption in the latest version: https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes
6 Likes
Hi! thanks for the great news!
I’m currently using sedutil DTA boot, to unlock the disk and boot Linux. Do you know how can I use the option for Opal hardware encryption, during the installing for a distro? currently I’m on Fedora.
Thankyou!
Is this really true?if so which ones do you recommend
Following Micay on Mastodon saved me from buying new SSDs I guess 
.
Disclaimer: SSDs and storage security is not something I know a lot about.
But Samsung seems to have a decent security (according to Micay at least), and OPAL v2 seems to have improved over v1. So I would recommend newer Samsung SSDs, which is what I use too.