ssd硬盘内部架构
While many people actively choose to encrypt their data, others may be surprised to find out that their current drive is doing so automatically without input from them. Why is that? Today’s SuperUser Q&A post has the answers to a curious reader’s question.
当许多人积极选择加密数据时,其他人可能会惊讶地发现他们当前的驱动器正在自动进行加密,而没有他们的输入。 这是为什么? 今天的“超级用户问答”帖子回答了一个好奇的读者的问题。
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
今天的“问答”环节由SuperUser提供,它是Stack Exchange的一个分支,该社区是由社区驱动的Q&A网站分组。
Photo courtesy of Roo Reynolds (Flickr).
问题 (The Question)
SuperUser reader Tyler Durden wants to know why his SSD internally encrypted data without a password:
超级用户读者Tyler Durden想知道为什么他的SSD在没有密码的情况下内部加密了数据:
I recently had an SSD fail and I am attempting to recover the data. The data recovery company has told me that it is complicated because the built-in drive controller uses encryption. I assume this means that when it writes data to the memory chips, it stores it in an encrypted format on the chips. If this is true, why would an SSD do that?
我最近有一个SSD失败,正在尝试恢复数据。 数据恢复公司告诉我,这很复杂,因为内置的驱动器控制器使用加密。 我认为这意味着将数据写入内存芯片时,会将其以加密格式存储在芯片上。 如果这是真的,为什么SSD会这样做?
Why would an SSD internally encrypt data without a password?
为什么SSD会在没有密码的情况下内部加密数据?
答案 (The Answer)
SuperUser contributor DragonLord has the answer for us:
超级用户贡献者DragonLord为我们提供了答案:
Always-on encryption allows you to secure your data by setting a password without having to wipe or separately encrypt the data. It also makes it fast and easy to “erase” the entire drive.
永远在线加密允许您通过设置密码来保护数据,而不必擦除或单独加密数据。 它还使快速,轻松地“擦除”整个驱动器成为可能。
The SSD does this by storing the encryption key in plain text. When you set an ATA disk password (Samsung calls this Class 0 security), the SSD uses it to encrypt the key itself, so you will need to enter the password to unlock the drive. This secures the data on the drive without having to erase the entire contents of the drive or overwrite all data on the drive with an encrypted version.
SSD通过将加密密钥存储为纯文本来实现此目的。 设置ATA磁盘密码(三星将其称为0级安全性)时,SSD将使用它来加密密钥本身,因此您需要输入密码才能解锁驱动器。 这样可以保护驱动器上的数据,而不必擦除驱动器的全部内容或使用加密版本覆盖驱动器上的所有数据。
Having all the data encrypted on the drive also brings another perk: the ability to effectively erase it instantly. By simply changing or deleting the encryption key, all data on the drive will be rendered unreadable without having to overwrite the entire drive. Some newer Seagate hard-drives (including several newer consumer drives) implement this feature as Instant Secure Erase(1).
将所有数据加密在驱动器上还带来了另一个好处:即时有效擦除数据的能力。 通过简单地更改或删除加密密钥,驱动器上的所有数据将变得不可读,而不必覆盖整个驱动器。 某些较新的Seagate硬盘驱动器(包括几个较新的用户驱动器)将此功能实现为Instant Secure Erase (1) 。
Because modern hardware encryption engines are so fast and efficient, there is no real performance advantage to disabling it. As such, many newer SSDs (and some hard-drives) have always-on encryption. In fact, most newer WD external hard-drives have always-on hardware encryption.
由于现代硬件加密引擎是如此之快和高效,因此禁用它并没有真正的性能优势。 因此,许多较新的SSD(和某些硬盘)具有始终在线加密功能。 实际上,大多数更新的WD外部硬盘驱动器都具有始终在线的硬件加密功能。
(1) In response to some of the other comments: This may not be entirely secure considering that governments may be able to decrypt AES within the near future. It is, however, generally sufficient for most consumers and for businesses who are trying to reuse old drives.
(1)针对其他一些评论:考虑到政府可能在不久的将来解密AES,这可能并不完全安全。 但是,对于大多数消费者和试图重用旧驱动器的企业来说,这通常就足够了。
Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.
有什么补充说明吗? 在评论中听起来不错。 是否想从其他精通Stack Exchange的用户那里获得更多答案? 在此处查看完整的讨论线程。
翻译自: https://www.howtogeek.com/231791/why-would-an-ssd-internally-encrypt-data-without-a-password/
ssd硬盘内部架构