Why Hardware Encryption is Not Secure

Hardware Encryption is not Secure

A Little History…

In the past, it was assumed that hardware encryption is far more secure than software encryption.  Many people, including security experts, still believe this to be true.  And in the past, it was true.

But recent history has proven that hardware encryption is highly vulnerable.  The widely published recently discovered hardware encryption vulnerabilities include Spectre and Meltdown.  Both Spectre and Meltdown exploit flaws in processors.

Our good friend Steve Gibson has also outlined severe security vulnerabilities in a hardware-encrypted solid-state drive (SSDs).  Every SSD that researchers have examined has been found to have such a critical vulnerability that there is almost no barrier to accessing encrypted data on these drives.  Steve outlined the details on his Security Now Podcast.

Backdoors and Poor Encryption Standards

Hardware companies are notorious for including back doors.  The expectation or concern is that companies and even governments include back doors at the chip level.  This is entirely feasible and also likely.

It has also been reported that poor practices lead to hardware encryption vulnerabilities.  For example, encryption keys may not be held securely or may not be unique to each machine.

The Solution?

The solution is quite simple.  Ensure that you encrypted your data using reputable software encryption.  You will certainly keep your data more secure than with hardware encryption alone.  The software should be widely accepted.  Don’t use an encryption solution that is lesser-known or obscure.  Strong encryption requires methodical perfection in its processes because encryption is only as secure as its weakest link.

I use VeraCrypt or AxCrypt.  Both are free, widely accepted, and secure!