Hardware vs. Software Encryption | Ontrack Blog

Encryption is an incredibly important tool for keeping your data safe. When your files are encrypted, they are completely unreadable without the correct encryption key.  If someone steals your encrypted files, they won’t be able to do anything with them.

There are two types of encryption: hardware and software.  Both offer different advantages. So, what are these methods and why do they matter?

Software Encryption

As the name implies, software encryption uses software tools to encrypt your data. Some examples of these tools include the BitLocker drive encryption feature of Microsoft® Windows® and the 1Password password manager. Both use encryption tools to protect information on your PC, smartphone, or tablet.

Software encryption typically relies on a password; give the right password, and your files will be decrypted, otherwise they remain locked. With encryption enabled, it is passed through a special algorithm that scrambles your data as it is written to disk. The same software then unscrambles data as it is read from the disk for an authenticated user.

Pros

Software encryption is typically quite cheap to implement, making it very popular with developers. In addition, software-based encryption routines do not require any additional hardware.

Cons

Software encryption is only as secure as the rest of your computer or smartphone. If a hacker can crack your password, the encryption is immediately undone.

Software encryption tools also share the processing resources of your computer, which can cause the entire machine to slow down as data is encrypted/decrypted. You will also find that opening and closing encrypted files is much slower than normal because the process is relatively resource intensive, particularly for higher levels of encryption.

Hardware encryption At the heart of hardware encryption is a separate processor dedicated to the task of authentication and encryption. Hardware encryption is increasingly common on mobile devices. The TouchID fingerprint scanner on Apple® iPhones® is a good example.

The technology still relies on a special key to encrypt and decrypt data, but this is randomly generated by the encryption processor. Often times, hardware encryption devices replace traditional passwords with biometric logons (like fingerprints) or a PIN number that is entered on an attached keypad.

Pros

Hardware encryption is safer than software encryption because the encryption process is separate from the rest of the machine. This makes it much harder to intercept or break.

The use of a dedicated processor also relieves the burden on the rest of your device, making the encryption and decryption process much faster.

Cons

Typically, hardware-based encrypted storage is much more expensive than a software tool. For instance, BitLocker is included for free with all new versions of Microsoft Windows, but an encrypted USB thumb drive is quite expensive, especially when compared to an unencrypted alternative.

If the hardware decryption processor fails, it becomes extremely hard to access your information.

The Data Recovery Challenge

Encrypted data is a challenge to recover. Even by recovering the raw sectors from a failed drive, it is still encrypted, which means it is still unreadable. Some software encryption systems, like BitLocker, have built-in recovery mechanisms, but you must set up your recovery options in advance.

Hardware encrypted devices don’t typically have these additional recovery options. Many have a design to prevent decryption in the event of a component failure, stopping hackers from disassembling them.

The fastest and most effective way to deal with data loss on an encrypted device is to ensure you have a complete backup stored somewhere safe. For your PC, this may mean copying data to another encrypted device. For other devices, like your smartphone, backing up to the Cloud provides a quick and simple economy copy that you can restore from. As an added bonus, most Cloud services now encrypt their users’ data too. Apple® utilizes Cloud storage, but if you don't set it up before a failure of your device, you can take advantage of Apple recovery offered by many data recovery businesses.

What to do if You Have a Problem

In the event that you don’t have a current backup, you will need to seek professional assistance. Our engineers can provide advice and guidance, but depending on the complexity of the encryption algorithm used, they may not be able to guarantee successful recovery. From here, you send in the entire computer as there may be hardware components not within the hard drive itself, but that are critical to decrypting the data.

If you are having problems with an encrypted device, and would like to discuss your options, please get in touch with one of our experts.