It turns out that somebody – well, lots of people, in fact – failed to implement a cryptographic standard very well. This isn’t a surprise, I’m afraid, but it’s bad news. I’ve written before about how important it is to be using disk encryption, but it turns out that the advice I gave wasn’t sufficient, or detailed enough.
Here’s a bit of background. There are two ways to do disk encryption:
- let the disk hardware (and firmware) manage it: HDD (hard disk drive), SSD (solid state drive) and hybrid (a mix of HDD and SDD technologies) manufacturers create drives which have encryption built in.
- allow your Operating System (e.g. Linux[0], OSX[1], Windows[2]) to do the job: the O/S will have a little bit of itself on the disk unencrypted, which will allow it to decrypt the rest of the disk (which is encrypted) when provided with a password or key.
You’d think, wouldn’t you, that option 1 would be the safest? It should be quick, as it’s done in hardware, and well, the companies who manufacture these disks will know that they’re doing, right?
No.
A paper (link opens a PDF file) written by some researchers in the Netherlands reveals some work that they did on several SSD drives to try to work out how good a job had been done on the encryption security. They are all supposed to have implemented a fairly complex standard from the TCG[4] called Opal, but it seems that none of them did it right. It turns out that someone with physical access to your hardware can, fairly trivially, decrypt what’s on your drive. And they can do this without the password that you use to lock it or any associated key(s). The simple lesson from this is that you shouldn’t trust hardware disk encryption.
So, software disk encryption is OK, then?
Also no.
Well, actually yes, as long as you’re not using Microsoft’s BitLocker in its default mode. It turns out that BitLocker will just use hardware encryption if the drive its using supports it. In other words, using BitLocker just uses hardware encryption unless you tell it not to do so.
What about other options? Well, you can tell BitLocker not to use hardware encryption, but only for a new installation: it won’t change on an existing disk. The best option[5] is to use a software encryption solution which is open source and audited by the wider community. LUKS is the default for most Linux distributions. One suggested by the papers’ authors for Windows is Veracrypt. Can we be certain that there are no holes or mistakes in the implementation of these solutions? No, we can’t, but the chances of security issues being found and fixed are much, much higher than for proprietary software[6].
What, then are my recommendations?
- Don’t use hardware disk encryption. It’s been shown to be flawed in many implementations.
- Don’t use proprietary software. For anything, honestly, particularly anything security-related, but specifically not for disk encryption.
- If you have to use Windows, and are using BitLocker, run with VeraCrypt on top.
1 – GNU Linux.
2 – I’m not even sure if this is the OS that Macs run anymore, to be honest.
3 – not my thing either, but I’m pretty sure this is what it’s call. Couldn’t be certain of the version, though.
4 – Trusted Computing Group.
5 – as noted by the paper’s authors, and heartily endorsed by me.
6 – I’m not aware of any problems with Macintosh-based implementations, but open source is just better – read the article linked from earlier in the sentence.
Alice, Eve and Bob - a security blog 
I think current versions of OS X are called macOS (no “classic”, no “mac OS X”, just “macOS”)
The built-in disk encryption system is File Vault. This might be my favourite thing Wikipedia has to say about it:
> When FileVault 2 is enabled while the system is running, the system creates and displays a recovery key for the computer, and optionally offers the user to store the key with Apple.
LikeLike