Because even if the main processor can do the encryption faster that the disk can write (or read), it will indeed take processor time while all operations executed on a peripheral cost nothing to the main processor.
is the Sandisk solution better on a performance point of view? Yes it is.is the VeraCrypt solution more secure than Sandisk one? Yes it is because we all know that is has been reviewed and because flaws can be expected to be quickly fixed.And chances are that the disk manufacturer does not make it public. If a flaw exists in a hardware disk implementation you can either pray of change the disk. Furthermore, if a flaw is discovered in the implementation used by VeraCrypt, you will just have to upgrade to a version fixing it. I have no clue whether they can be trusted to implement up to date security tools. I know Sandisk for being a serious company when it comes to manufacturing memory cards and SSD disks. As far as am I concerned, I would only say: it depends. I assume Veracrypt itself is probably using hardware AES acceleration techniques, is the performance from this going to be comparable?Īm afraid that there is no definitive answer here. Should I disregard the built-in encryption and stick to Veracrypt or is the built-in hardware encryption considered safe to use and I'm throwing away IO speed for no reason by not using it? The security of my data for me is #1 and I am happy to stick to Veracrypt if in fact the built-in encryption is considered less secure. I am wondering what the best practice in this case is, and what the pros and cons of each option are.
Generally, closed source enterprise level encryption tools I've seen come with certification (I think called FIPS 140-2 or something along those lines?) that those tools work as advertised, but as this is a consumer grade product I don't believe it is advertised with any certifications beyond listing that it is 256-bit AES on its datasheet. I assume this would give me much faster read/write speeds than if I used Veracrypt, but it is also of course a closed source system and I would have to trust that it works as advertised. I recently bought a new external hard drive, the SanDisk Extreme Pro, which seems to come with a built-in hardware AES engine. I've always been taught to stick to such open-source software for my disk encryption needs, since it can be verified to be doing what it claims and the open-source community can check for possible backdoors. I usually use Veracrypt (and in the past Truecrypt) to secure my external hard drive.
0 kommentar(er)
