Why Hardware Encryption is Not Secure

A Little History

In the past it was assumed that hardware encryption is far more secure than software encryption.  Many people, including security experts, still believe this to be true.  And in the past it was true.

But recent history has proven that hardware encryption is highly vulnerable.  The widely published recent discovered hardware encryption vulnerabilities include Spectre and Meltdown.  Both Spectre and Meltdown exploit flaws in processors.

Our good friend Steve Gibson has also outlined severe security vulnerabilities in a hardware encrypted solid state drives (SSDs).  In fact, every SSD that researchers have examined has been found to have such a severe vulnerability that there is almost no barrier to accessing encrypted data on these drives.  Steve outlined the details on his Security Now Podcast.

Backdoors and Poor Encryption Standards

Hardware companies are notorious for including back doors.  The expectation or concern is that companies and even governments include back doors at the chip level.  This is completely feasible and even likely.

It has also been reported that poor practices lead to hardware encryption vulnerabilities.  For example, encryption keys may be not held securely or may not be unique to each machine.

The Solution?

The solution is quite simple.  Ensure that you encrypted your data using reputable software encryption.  You will certainly keep your date more secure than with hardware encryption alone.  The software should be widely accepted.  Don’t use an encryption solution that is lesser known or obscure.  Strong encryption requires methodical perfection in its processes because encryption is only as strong as its weakest link.

I use VeraCrypt or AxCrypt.  Both are free, widely accepted, and secure!

 

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here