Wikipedia:Reference desk/Archives/Science/2021 July 2

= July 2 =

Copying from a hardware-encrypted SSD
I'm considering buying an external SSD, which unlike HDDs almost always include hardware AES 256 encryption even on cheap models. But I've had HDDs go bad before, and sometimes I was able to salvage some of the files by copying recoverable files to a good drive. Is that doable with an external SSD if I use hardware encryption on the files? I start to get confused when private and public keys are mentioned. 161.185.160.74 (talk) 21:01, 2 July 2021 (UTC)
 * IME hardware encryption on an external data drive is a sign of a poor/overpriced product. Unless you're talking about products that literally give you a key/dongle or some other form of password entry that is used to decrypt the drive (unlikely since you mention these are cheap models), this kind of encryption is completely useless. What the companies are referring to is that, if you take the drive out of its casing, the data will be safely encrypted. Why would a thief bother to remove an external drive's casing? Well you got me there... On the other hand, if the USB/Thunderbolt/whatever controller chip fails, there goes your private key. Luckily, some companies use the same encryption keys on all disks with the same chip. That means that data recovery companies can just hook up another chip of the same model and decrypt your data (and so can the theoretical thief). Why are these things more prevalent on external SSDs - the manufacturers probably judged that people paying 4-5x the HDD price for a piece of hardware built to use half a dozen PCI lanes in parallel, but connecting it to the machine's only Universal Serial Bus, are more likely to be tricked by tack-on features. Elephas X. Maximus (talk) 22:39, 2 July 2021 (UTC)


 * (ec) Please note that the Wikipedia Reference desk has a separate section Reference desk/Computing for questions on computing, information technology, electronics, software, and hardware. AES 256 is a symmetric-key algorithm, so there should be no mention of public keys. Provided you have the (one) secret key and know the exact version of the cipher used for encryption, you should in principle be able to decrypt recovered encrypted files. --Lambiam 22:47, 2 July 2021 (UTC)


 * One cautionary side note: Don't store your data on a lone drive. Every one of your data files should be on at least two separate drives. ←Baseball Bugs What's up, Doc? carrots→ 23:21, 2 July 2021 (UTC)


 * According to our IT people the average user file on our system is stored in 8 different places. Of course that doesn't mean they can rebuild a broken PC. Greglocock (talk) 03:53, 3 July 2021 (UTC)

Encryption will likely make recovery harder, and data recovery from SSD's is often not so possible (HDD's develop bad sectors, but SSD tend to fail totally). Usually there are two levels of encryption available: 1) encrypt with a key stored inside the drive, so that the drive's "secure erase" operation only has to wipe the key in order to make the entire drive contents inaccessible; 2) encrypt with a key sent over the SATA (or USB) interface, such as a password. But if the drive fails, there's not really any way to send the password to it. As Bugs says, have more than one backup. Saying is: two is one, and one is none. 2601:648:8202:350:0:0:0:78DC (talk) 00:36, 3 July 2021 (UTC)