WD Black SN750 1TB no hardware-based encryption

[don dolarson]

Hi!

Can someone explain to me what exactly does that means? Will the lack of support for hardware-based encryption impact me if I'm using the TPM functionality of my Ryzen processor and my hard drives are BitLocker encrypted, especially performance-wise? I'm looking at this drive since it's on a nice discount now, 30 bucks more expensive than the Crucial MX500 1TB and 30 bucks cheaper than the Samsung 860 EVO 1TB.

 

[ebivan]

Get the crucial, it supports hardware encryption (OPAL SED) as far a I know bitlocker can profit from that. Or you could use sedutil, which is open source, also supported by OPAL SED and os agnostic so you dont have to deal with bitlocker

 

[W1zzard]

If you use Bitlocker, no need for SSD hardware encryption. You could stop using Bitlocker and use OPAL (Google), giving you a bit more performance, theoretically

 

[don dolarson]

I've ordered the WD drive before your answer since there was no info about when the discount will be ended, and from reading its reviews, it outperforms MX500 (I know there won't be any real-world big gains by using an NVMe instead of SATA SSD, at least for my use scenario), and I thought 30$ more for it was worth paying extra. I can still return it for free and take the Crucial SSD.

I'll read about the OPAL since it's something new for me. However, won't the WD lack of hardware-based encryption slow down this drive when TPM from my Ryzen is activated and a part of this drive (150GB partition of it) will be secured with BitLocker? That's the main point of this question.

 

[don dolarson]

??

 

[ebivan]

I dont know much about bitlocker, bit i guess like most crypto these days, it can make use of the hardware AES (like Intel AES-NI) build into every modern CPU. So it propably wont really impact performance.

 

[don dolarson]

That's what I need to know before I tear off the sticker and test this drive myself, because if I do so, I believe then I can't leave it back and get my money back
BitLocker itself is software-based encryption but paired with TPM of my Ryzen CPU, I believe it uses hardware-encryption? I don't even know if this WD drive support AES. There's no information about it, or I just can't found anything about it.

 

[ebivan]

The hardware encryption module (AES-NI) sits in your CPU, this can be used by various encryption software like Veracrypt, LUKS or SSH to encrypt and decrypt data in realtime (but it only works with AES ciphers), so that it has not performance impact.

As I said, I dont know if bitlocker uses these extensions or not. Generally I would not use proprietary encryption software.

If you require encryption (I guess you do, otherwise you would not ask here) I strongly recommend that you read up on it and get a little more understanding about it. Because if you don't know what you do, there is a risk of not implementing encryption correctly and therefore not securing your data correctly.

First you will need to determine what level of security you need. If you want to hide your porn collection from your parents or protect personal data on a laptop in case of theft, Bitlocker will be fine. If you want to protect company secrets, SED OPAL with sedutil is probably enough. If you are a political activist or a journalist and need to protect your sources from authorities, LUKS or Veracrypt with at least two combined ciphers with some form of plausible deniability in case someone forces you to give up your password might be enough.
In any case using a strong password is mandatory, this cant be stressed enough.

 

[don dolarson]

The encryption is just in case somebody chooses to rob my house and takes the PC with them. I don't want them to get access to any single file on my PC, and simply Windows password is too easy to break if they choose to do that... I don't give a care about the rest. I don't need any advanced stuff to hide anything from the CIA agents. BitLocker is simple, and I don't need to spend weeks reading about different techniques and software and put my time into learning and understanding them, while I don't want to lose too much of the performance of this system drive while the simple and more than enough BitLocker is activated. I can then just send it back, take the Crucial MX500, and skip this, but this WD NVMe drive is a better choice, however. The question is only the performance and the lack of hardware-based encryption while BitLocker going to be activated together with the TPM chip of my Ryzen CPU.

 

[R-T-B]

If you use Bitlocker, no need for SSD hardware encryption. You could stop using Bitlocker and use OPAL (Google), giving you a bit more performance, theoretically

Bitlocker also has a hardware mode, but I'd use opal over bitlocker any day of the week.

so that it has not performance impact.

It still has quite a performance impact, but far less than a software only cipher. But at the speeds an NVMe SSD go at, it can still be hefty.

I know a bit about this given my business deals in government documents we are contracted to handle and I use OPAL encrypted MSED ssds on my workstation as well as others. Feel free to ask. MSED is the utility I'd advise using.

 

[tabascosauz]

No, your Ryzen CPU doesn't provide "hardware" encryption. The fTPM is exactly that, a firmware TPM implementation driven by the integrated Platform Security Processor (closed source and suspected to be as vulnerable as Intel ME). It doesn't hold a candle to an actual physical TPM setup.

I have a TPM in my XPS 13, and it shipped from the factory with Bitlocker enabled on its PM981 drive. I ditched Bitlocker after I upgraded in capacity to the SN750. And I don't think the SN750 is Opal compliant either, while I know for a fact that the PM981 and other Samsung drives like the 970 EVO are.

Bitlocker isn't really top notch, and you're only making it worse by relying on a software TPM. Sounds like you've got other areas unrelated to your computer you need to be beefing up if you're that worried about them breaking into your house and stealing your computer of all things.

 

[don dolarson]

Guys, please stop recommending and pushing unnecessary stuff to me, which will eat a lot of my time for reading and learning about. I'm not interested to know what's better or what's worse, and I don't want anything else than BitLocker, end. I believe it's good and more than enough for me, and the question was very straightforward, will the WD drive slow down within that kind of use, because of the lack of hardware-based encryption, and I should send it back and take the Crucial one or not. What's the problem.

 

[IceShroom]

Currial MX500 has firmware problem. Better stick with what you have.

 

[R-T-B]

will the WD drive slow down within that kind of use, because of the lack of hardware-based encryption

Yes, as will any bitlocker based drive unless you take measures to enable hardware encryption. Software encryption (bitlockers default) always has a penalty.

If you want a reliable nvme hardware encryption drive I use the Mushkin Pilot-E line.