A few weeks ago, my security go-to guy, Rich P., bought a new Intel 320 SSD for his netbook. With my encouragement, of course. It finally arrived this weekend, and he installed it. Rich reports not only faster speed, but also a 30-minute improvement in battery life over the WD Scorpio Black it replaced.
He told me the secure erase function, to enable AES, had a snag. But he solved it. I’m documenting it here in case you ran into the same thing he did.
Basically, if the drive isn’t direct-connected to a motherboard’s SATA port, you can’t run the Intel utility that allows a secure erase. Intel Toolbox runs, but the secure erase function was disabled whether he had it connected via USB or ESATA. But direct-connected to the motherboard, the utility worked fine, and let him set a SATA password to enable the onboard AES-128 encryption. “Enable” is a bit of a misnomer, as everything is encrypted no matter what, but until you do a secure erase and set your own password, the encryption has no teeth. It’s like having a lock but gluing the key into it. So technically the door’s locked if you turn the key, but anyone can come and turn the key to open it.
As for the built-in encryption, Rich (who has a CISSP certification) and I came up with some questions that he subsequently sent to Intel. An Intel employee named Scott responded. Based on Scott’s answers, Rich believes it’s good enough for personal and corporate encryption, though it probably still falls short of US DoD standards for some types of classified information. The CIA wouldn’t be willing to rely solely on Intel’s AES-128 to protect its darkest secrets.
Scott confirmed the ATA password is stored on the drive as a non-reversible hash, so you won’t be getting the password off the drive. And the password is used to encrypt the encryption keys on the drive, so just bypassing the password, if it were possible, would yield gibberish.
If that’s not good enough, Rich reports that running AES-512 via Cryptmod in Ubuntu Linux doesn’t slow the drive down any more than it slows down a conventional drive, contrary to some reports floating around, such as the widely quoted blog post from November 2009 at http://www.madshrimps.be/articles/article/965/. The idea that encryption slows down SSDs to the point that they’re slower than platter drives is by no means universal–it depends on the encryption software and the SSD.
Not only that, the Intel Data Migration tool migrated his encrypted Ubuntu partition from his platter drive to his SSD with no issues. Impressive.
And not surprisingly, data migration is much faster between two drives connected to SATA than when one of them is connected via USB 2.0. He knows because he migrated his data, then had to do a secure erase to enable his password, which forced him to migrate it back, secure erase, and then re-migrate to SSD. So he did it three or four times.
I don’t have an Intel 320 (at least not yet) so it’s good to get a report from someone who does.
Much of what detractors have said about SSDs in the past no longer applies to the Intel 320. One thing to remember is that SSDs are still maturing very quickly, like hard drives were in the late 1980s/early 1990s. In 1989, you had to tune the drive’s sector interleave for peak performance, park the drive before powering off the computer, and low-level format the drive when you started seeing more bad sectors than you were willing to tolerate. No wonder some people were afraid of them. By 1992 or so, IDE and SCSI drives were taking care of all of that behind the scenes. Not everything you knew about hard drives in 1989 was true in 1992. Likewise, not everything you knew about SSDs in 2008 is still true in 2011.