A serious SSD encryption issue in Windows 10 when using Bitlocker encryption software
Many brand-name desktop and laptop PCs come with a single SSD drive or a boot SSD drive plus a standard hard disk drive with a much higher capacity for storage. A serious issues with regard to the hardware-based encryption that SSDs use have come to light, which this article exposes.
The issue when an SSD drive is set to use its inbuilt hardware encryption and Bitlocker software encryption is employed in Windows 10 Pro, Enterprise and Education editions
SSD encryption – Research at Radbound University in Holland has found that if Windows 10 Pro, Enterprise and Education editions, which provide Bitlocker encryption software, do not use it, when employed, if it detects that an SSD drive is using its own hardware-based encryption.
Bitlocker defaults to the hardware-based encryption that the research has found to have serious implementation issues. The researchers found that state of affairs on SSD drives manufactured by Crucial and Samsung, but saw no reason why this issue would not be present on SSDs made by other manufacturers.
Bitlocker is included in certain editions of Windows Vista, Win7, Win8.1 and Win10
Microsoft BitLocker encryption software is available on the following versions of Windows:
Ultimate and Enterprise editions of Windows Vista and Windows 7
Pro and Enterprise editions of Windows 8 and 8.1
Pro, Enterprise, and Education editions of Windows 10
Windows Server 2008 and later
Note that Windows 7 does not support “offloading encryption to encrypted hard drives,” so this issue does not apply to the Ultimate and Enterprise editions of Windows Vista and Windows 7 that provide Bitlocker.
To run ‘manage-bde.exe -status’ from elevated command prompt in the advice provided in the article below, press the Windows key plus the R key to bring up the Run box.
Using the Group Policy Editor to disable hardware SSD encryption which enables software encryption
Here is another way to use the Group Policy Editor to enable software encryption:
Open the Group Policy Editor by pressing the Windows and R keys to open the Run box. Type gpedit.msc into it and press the Enter key.
Navigate to: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption
Locate and double-click to open: “Configure use of hardware-based encryption for fixed data drives”
Choose the “Disabled” option and click OK.
Under Help it says: “If you disable this policy setting, Bitlocker cannot use hardware-based encryption with operating-system drives and Bitlocker software-based encryption will be used by default when the drive is encrypted.”
Alternative SSD encryption software
Note that there is plenty of other encryption software that can be used to encrypt a drive – free and paid-for. VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. Conduct a web-search for encryption software to find it and reviews about a particular product. (E.g., VeraCrypt reviews.)
Note: “TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device. On 28 May 2014, the TrueCrypt website announced that the project was no longer maintained and recommended users to find alternative solutions.”
How encryption works
Encryption scrambles and unscrambles the data stored on a hard disk drive and an SSD drive. Only the people who can access the computer can access the data it stores. An encrypted television service works in the same way.
For example, you cannot access the subscription channels of Sky without having the equipment that Sky provides which unscrambles the encryption of the broadcast.
Your Internet connection, when a wireless router provides it using Wi-Fi, uses data encryption to keep the connection private. If your wireless connection were not made secure by encryption that has to be set in the router’s settings, anyone within range with a laptop or smartphone with a Wi-Fi adapter would be able to access and use it.
The internet address of this website is https://www.pcbuyerbeware.co.uk. The s on the end of the http (https) means that it is a secure, encrypted site that has a security certificate that applies an encryption key that allows anyone who accesses it to view its content without anyone else being able to hack into it.
Read the following article to find out in detail about how encryption works