What is a Self-Encrypting Drive (SED)?
A self-encrypting drive, or SED, is a hard disk drive (HDD) or solid-state drive (SSD) with an encryption circuit built into it.
Encryption is an important tool when it comes to keeping your personal and private data safe. By taking the data and scrambling it, encryption renders it unreadable without an encryption key. An SED automatically encrypts data, without the need for user input, or separate encryption software. From the moment the SED is powered on, data is constantly being encrypted and decrypted, as opposed to software-based encryption solutions. Hardware-based encryption allows the user to continue with their work as normal, safe in the knowledge that their data is protected. Most of the major hard drive manufacturers such as Seagate, Toshiba and Western Digital offer SEDs, both as off-the-shelf drives and as pre-installed in a PC or laptop. What may come as a surprise is that many drives currently on the market – such as the popular Samsung 840 EVO – are actually SEDs, with the marketing instead focussing on things like speed and storage capacity.
The encryption process in SEDs is done through a built-in cryptoprocessor, which creates a random data encryption key (DEK). When data is written to the SED, it gets encrypted with the DEK, and when data is read from the SED, the DEK decrypts it. All of the encryption and decryption takes place inside the drive, rather than the computer’s memory or processor.
Hardware-based SEDs offer a number of benefits over a software encryption setup. Firstly, SED’s have a negligible effect on performance, and you most likely won’t even notice it; as mentioned above, many people probably have SEDs and don’t know. Software-based encryption tools require a dedicated program, like BitLocker, that needs to be installed and running in order to encrypt and decrypt data. Not only does this mean there’s more work involved in keeping your data safe, but having encryption software running in the background can slow down your computer. There can be a temptation to disable encryption, potentially exposing your data to cybercriminals. With SEDs, everything is taken care of.
Secondly, SEDs are incredibly secure. Because they’re independent of the operating system, and unlike with software-based encryption, the DEK never makes its way to the RAM, and therefore cannot be accessed by hackers. When a new DEK is generated, the device’s data is rendered irretrievable, a process known as a cryptographic disk erasure, or crypto-shred. This can be a useful feature if the SED needs to be discarded and the data securely wiped.
什么是自加密驱动器 (SED)?
自加密驱动器 (SED) 是内置加密电路的硬盘驱动器 (HDD) 或固态驱动器 (SSD)。
加密是保护您的个人和私人数据安全的重要工具。通过获取数据并对其进行加扰,加密使其在没有加密密钥的情况下无法读取。SED 会自动加密数据,无需用户输入或单独的加密软件。从 SED 通电的那一刻起,数据就会不断地被加密和解密,这与基于软件的加密解决方案不同。基于硬件的加密允许用户继续正常工作,因为他们知道自己的数据受到保护。大多数主要硬盘制造商(例如希捷、东芝和西部数据)都提供 SED,既可以作为现成的硬盘,也可以预装在 PC 或笔记本电脑中。
SED 中的加密过程是通过内置加密处理器完成的,该处理器会创建随机数据加密密钥 (DEK)。当数据写入 SED 时,它会使用 DEK 进行加密,而当从 SED 读取数据时,DEK 会对其进行解密。所有加密和解密都发生在驱动器内部,而不是计算机的内存或处理器内。
与软件加密设置相比,基于硬件的 SED 具有许多优势。首先,SED 对性能的影响可以忽略不计,您很可能不会注意到它;如上所述,很多人可能拥有 SED 但不知道。基于软件的加密工具需要安装并运行专用程序(例如 BitLocker)才能加密和解密数据。这不仅意味着需要做更多的工作来保证数据安全,而且在后台运行加密软件可能会降低计算机的速度。可能存在禁用加密的诱惑,这可能会将您的数据暴露给网络犯罪分子。有了 SED,一切都迎刃而解。
其次,SED 非常安全。因为它们独立于操作系统,并且与基于软件的加密不同,DEK 永远不会进入 RAM,因此黑客无法访问。当生成新的 DEK 时,设备的数据将变得不可恢复,这一过程称为加密磁盘擦除或加密粉碎。如果需要丢弃 SED 并安全擦除数据,这可能是一个有用的功能。
本文链接: 非本站原创文章欢迎转载,原创文章需保留本站地址!