My Intel 320 SSD - is encryption automatic?
So, I have just received an Intel 320 series SSD. They state that once I set my ATA passsword (through the BIOS), that encryption will then be active. I see no sign of this noted in the SSD Toolkit from intel, so I'm just trying to double check that it's actually active... Can anyone confirm through their experience or another source they know about?
P.S. I am not super impressed with this encryption methodology so far. For example, my ATA password can only be 8 characters - when my usual drive encryption password with my old method (True Crypt) was 25...
Thanks all.
Solution 1:
Intel's 320 SSD are always encrypting the data. It is built into the hardware and cannot be turned off. Your ATA password is not used to encrypt the data. The SSD generates its own encryption keys, and the length of these keys do not depend on the length of the ATA password.
But, by default the encryption keys are stored unencrypted and can be read. When you set a ATA password, a hash of that password is used to encrypt the encryption keys. In that case the data is unrecoverable without the ATA password.
Solution 2:
Intel's 320 series SSDs use AES-128 encryption to make secure erase very fast, because if you generate a new encryption key, then the old data cannot be read. So, encryption is always used, regardless of your password setting.
Actually, these are two completely unrelated technologies. The ATA password's sole purpose is to prevent you from using the drive without it (say, in another computer), but the scheme is far from perfect, according to Sandforce. It is very likely that it can be removed and then the encryption is useless, because it's completely transparent.
(I found these informations in this thread.)
My advice is to use a software-based solution. TrueCrypt (in “system encryption” mode) and BitLocker doesn't lower the life expectancy of the drive, because they issue the TRIM command after deletion.