x2 SSD RAID1 + Hardware Encryption, Real or Not?

[Viruzz]

Hi,
I want to use x2 Samsung 840 EVO in RAID1 with eDrive hardware encryption (Enabled through Bitlocker but its hardware not software encryption)
Any idea how do you do that?

Can you use Samsung Magician Software in RAID1? (To enable eDrive it has to be done on fresh windows install and the SSD has to be securely erased from "special" disc or USB, otherwise it wont be enabled in windows and Software method used instead)

Basically what im afraid of is that one HDD will be encrypted and one will wont and so the backup will be accessible by all.


Thanks

 

[Brusfantomet]

If you are not using the drives as boot drives you can use software raid 1 in windows, this will enable TRIM (i have 3 OCZ vertex 2 drives in software raid on my backup pc, and i have not noticed any slowdown on them).

I dont know about the encryption tho.

 

[Viruzz]

If you are not using the drives as boot drives you can use software raid 1 in windows, this will enable TRIM (i have 3 OCZ vertex 2 drives in software raid on my backup pc, and i have not noticed any slowdown on them).

I dont know about the encryption tho.

Hi,
I want to have them as System drive and enable encryption.

 

[Brusfantomet]

Hmm, using them as a boot drive will not make it possible to use the OS raid option.
But are you using the motherboard that you have in your system specs? if so, i think the newest raid drivers for Intel motherboards will pass on the trim command to SSDs in RAID. it will require the OS to send the command tho i think, as i do not think Samsung Magician Software will work with the RAIDed drive, as the OS sees it as something completely different, and Samsung Magician ONLY works on per-approved drives.

 

[Viruzz]

Hmm, using them as a boot drive will not make it possible to use the OS raid option.
But are you using the motherboard that you have in your system specs? if so, i think the newest raid drivers for Intel motherboards will pass on the trim command to SSDs in RAID. it will require the OS to send the command tho i think, as i do not think Samsung Magician Software will work with the RAIDed drive, as the OS sees it as something completely different, and Samsung Magician ONLY works on per-approved drives.

Nope, going to use Sabertooth X99.

Well, i can do the following:
1. Use one drive, enable edrive hardware encryption, install w10 etc
2. after im done, connect the second drive, enable software windows Bitlocker encryption and enable auto unlock on login.
3. use windows hard disk manager and add it as soft raid1

This should work for sure and software encryption is not really slowing down, i have on my current antiquated i5-4690, 5TB HDD with soft encryption and it has same write speeds as before, 6core with SSD should even faster (even thou im not sure you can go faster then 'Not feeling'

This will work for sure.

My alternative is to check for 100% if X99 chipset can pass trim on RAID, if it can do then, just use hardware RAID1, install windows and enable Software Encryption, shouldn't see any degradation in system performance because I use SSD and get boost in Read from RAID1.

What do you think? Option11 or option 2? IMHO technically option 2 sounds better and easier to deal, set bios to RAID1, install windows, Enable bitlocker.
If one drive dead, take it out, put another one.


P.S. encryption is important, I also got a TPM chip its amazing, you can encrypt files, then just give them to someone and they wont be able to open them on any other system.
Its good if you have some stuff you want hidden from everyone, so even if hackers copy them from your PC they can do anything about it.
The only way to read them is do decrypt on your PC, but to do that they need your PC booted up and it means they need to disable first protection the Full HDD encryption.

So its works together, you need both, full HDD encryption AND TPM chip

 

[R-T-B]

It's not possible with hardware RAID AFAIK. But I never really tried very hard.

I had a bitcoin wallet I kept on an edrive before cashing out. (Then bitcoin peaked again right after my cashout. It's a fickle thing... lol)

 

[Brusfantomet]

According to Anandtech any chipset from the 7-series and up support trim on RAID

from the article:

Enabling TRIM on a RAID array required more effort, but only on the part of the storage driver. The SSD's firmware and OS remain unchanged. Intel eventually added TRIM support in its RAID drivers for RAID-1 (mirrored) arrays, but RAID-0 arrays were a different story entirely. There's a danger in getting rid of data in a RAID-0 array, if a page or a block gets TRIMed on one drive that's actually necessary, the entire array can be shot. There was talk of Intel enabling TRIM support on RAID-0 arrays as early as 2009, but given the cost of SSDs back then not many users were buying multiple to throw in an array.

so option 2 seams the best

The encryption part i do not know about, and what happens if that computer/TPM module is destroyed? can you then open the file somewhere else?

Personally i have several computers, and one storage server that serves up files to all of them, how that stuff would work for me i do not know.

 

[taz420nj]

Lol@ Bitlocker and TPM.. You do realize using any closed source encryption is idiotic, right? And the TPM chip is basically the second iteration of the Clipper Chip - a hardware backdoor for law enforcement and 3 letter agencies. Aside from Bitlocker being an inferior encryption solution, would you trust Microsoft not to turn your key over to the government - or use it for their own ends? I dont. It's no secret they hash scan what you upload to OneDrive against known pirated material..

If you want rock solid encryption you need TrueCrypt.

 

[Viruzz]

Lol@ Bitlocker and TPM.. You do realize using any closed source encryption is idiotic, right? And the TPM chip is basically the second iteration of the Clipper Chip - a hardware backdoor for law enforcement and 3 letter agencies. Aside from Bitlocker being an inferior encryption solution, would you trust Microsoft not to turn your key over to the government - or use it for their own ends? I dont. It's no secret they hash scan what you upload to OneDrive against known pirated material..

If you want rock solid encryption you need TrueCrypt.

You just paranoid.
Truecript abandoned their project admitting that Bitlocker is better.
No proof that TPM chips have any backdoor, they made by different companies too.

Bitlocker is excellent encryption on windows Pro versions, only on Home version the decryption key is uploaded to MS server, on PRO version you can print it or store locally on USB (which also encrypted with Bitlocker in my case)
http://it.slashdot.org/story/14/05/28/2126249/truecrypt-website-says-to-switch-to-bitlocker

I also use eDrive on every SSD, i own only Samsung drives, eDrive basically uses internal encryption of the SSD and just saves a key which i store locally

 

[taz420nj]

You just paranoid.
Truecript abandoned their project admitting that Bitlocker is better.
No proof that TPM chips have any backdoor, they made by different companies too.

Bitlocker is excellent encryption on windows Pro versions, only on Home version the decryption key is uploaded to MS server, on PRO version you can print it or store locally on USB (which also encrypted with Bitlocker in my case)
http://it.slashdot.org/story/14/05/28/2126249/truecrypt-website-says-to-switch-to-bitlocker

I also use eDrive on every SSD, i own only Samsung drives, eDrive basically uses internal encryption of the SSD and just saves a key which i store locally

Bahahaha no. Bitlocker is inferior to TrueCrypt in every aspect. TrueCrypt was forced by alphabet agencies to abandon their project because it scares the shit out of them. There are many documented cases of the FBI not being able to prosecute people because the evidence they need is on a TC encrypted drive and they can't break it. TrueCrypt 7.1a has passed a security audit with no flaws or intentional backdoors found. The same can not be said for Bitlocker. And considering ALL TPM chips are made in China.. Yeah. Go ahead and believe your data is <snicker> secure..

 

[slyfox2151]

There is also Veracrypt.

 

[R-T-B]

You are all suggesting software encryption like it has ANYTHING to do with the HARDWARE encryption baked into his Samsung SSD.

It doesn't. You probably would be better served looking into a free OPAL based solution if you're paranoid though. Look into msed (he's now merging with some open OPAL alliance group if I recall, but his software still works) if you are booting of an MBR.

Sadly, if I recally correctly, you CANNOT do hardware RAID1 with eDrive. You'll need to do software raid of some kind no matter what route you go.

TrueCrypt 7.1a has passed a security audit with no flaws or intentional backdoors found.

Not to further discuss irrelevant software in regards to his hardware-encryption discussion, but... yeah the audit found flaws. They are just largely theoretical. They have been addressed in Veracrypt though.

Bahahaha no. Bitlocker is inferior to TrueCrypt in every aspect. TrueCrypt was forced by alphabet agencies to abandon their project because it scares the shit out of them. There are many documented cases of the FBI not being able to prosecute people because the evidence they need is on a TC encrypted drive and they can't break it. TrueCrypt 7.1a has passed a security audit with no flaws or intentional backdoors found. The same can not be said for Bitlocker. And considering ALL TPM chips are made in China.. Yeah. Go ahead and believe your data is <snicker> secure..

I'm not the biggest advocate of Bitlocker, but... I'd like to see a citation for a single thing you just posted. First off, eDrive doesn't even use bitlocker for the cryptography part, but the processor on the HDD/SSD. Second, I can find at least one case in which software bitlocker prevented standard police from accessing data because he never printed his recovery key... so I'm curious if you can manage the same. You do realize how conspiracy nutty you sound, right?