Hardware Based Encryption vs Software Based Encryption
Encryption is an incredibly important tool for keeping your data safe. When you encrypt your files, they become completely unreadable without the correct encryption key. If someone steals your files, they won’t be able to do anything with them.
There are two types of encryption: hardware and software. Both offer different advantages. So, what are these methods and why do they matter?
As the name implies, software encryption uses software tools to encrypt your data. Some examples of these tools include the BitLocker drive encryption feature of Microsoft Windows or the 1Password password manager. Both use encryption tools to protect information on your PC, smartphone, or tablet.
Software encryption typically relies on a password; give the right password, and your files will be decrypted, otherwise, they remain locked. With encryption enabled, it is passed through a special algorithm that scrambles your data as it is written to disk. The same software then unscrambles data as it is read from the disk for an authenticated user.
Software encryption is typically quite cheap to implement, making it very popular with developers. Software-based encryption routines do not typically require any additional software or hardware either – they just work.
Software encryption is only as secure as the rest of your computer or smartphone. If a hacker can crack your password, the encryption is immediately undone.
Software encryption tools also share the processing resources of your computer, which can cause the whole machine to slow down as data is encrypted/decrypted. You will also find that opening and closing encrypted files are much slower than normal because the process is relatively resource-intensive, particularly for higher levels of encryption.
At the heart of hardware, encryption is a separate processor dedicated to the task of authentication and encryption. Hardware encryption is increasingly common on mobile devices – the TouchID fingerprint scanner on Apple iPhones is a good example.
The technology still relies on a special key to encrypt and decrypt data, but this is randomly generated by the encryption processor. Often hardware encryption devices replace traditional passwords with biometric logins (like fingerprints) or a PIN number that is entered on an attached keypad.
Hardware encryption is considered to be safer than software encryption because the encryption process is kept separate from the rest of the machine. This makes it much harder to intercept or break.
The use of a dedicated processor also relieves the burden on the rest of your device, making the encryption/decryption process much faster.
Typically hardware-based encrypted storage is much more expensive than a software tool. BitLocker is included as free with all new versions of Microsoft Windows for instance, but an encrypted USB thumb drive is quite expensive – especially when compared to an unencrypted alternative.
If the hardware decryption processor fails, it becomes extremely hard to access your information.
The data recovery challenge
Encrypted data is extremely hard to recover. Even if the raw sectors are recovered from a failed drive, it is still encrypted – which means it is still unreadable. Some software encryption systems, like BitLocker, have built-in recovery mechanisms – but you need to have set up your recovery options in advance.
Hardware encrypted devices don’t typically have these additional recovery options. Many are designed to prevent decryption in the event of a component failure, stopping determined hackers from disassembling them.
The fastest and most effective way to deal with data loss on an encrypted device is to ensure you have a complete backup stored somewhere safe. For your PC, this may mean copying data to another encrypted device. For other devices, like your smartphone, backing up to the Cloud provides a quick and simple economy copy that you can restore from. As an added bonus, most Cloud services now encrypt their users’ data too.
What to do if you have a problem
I’m normally loathed to put in a ‘call us’ sign off to a blog post, but in the event that you don’t have a current backup, you will need to seek professional assistance. Our engineers can provide advice and guidance, but depending on the complexity of the encryption algorithm used, they may not be able to guarantee successful recovery. That said, what we would do is ask you to send in the entire laptop/computer as there may be hardware components not held within the hard drive itself but is critical to decrypting the data.
If you are having problems with an encrypted device and would like to discuss your options, please get in touch.