Hardware Vs. Software Encryptionby Shawn McClain
To the common person, all data that is stored on a computer drive is "encrypted" since it is just a bunch of letters and numbers. An experienced hacker, however, can use this same data to see exactly what is on the computer. To combat this vulnerability, that data can be encrypted in one of two ways, either by allowing the computer software to encrypt data as it puts it on the drive or by having dedicated encryption hardware stored on the drive itself.
How Encryption Works
All encryption methods use an encryption key, a string of generated numbers, to scramble data before it is stored on a drive. Anyone who accesses the data without the key will only see useless numbers because the only way to unscramble the data is to use the exact same key that was used to scramble it. Software-based encryption uses the computer's resources to encrypt data and perform other cryptographic operations. Software encryption often uses the user's password as the encryption key that scrambles the data. Hardware-based encryption uses a dedicated processor that is physically located on the encrypted drive instead of the computer's processor. This encryption processor also often contains a random number generator to generate an encryption key, which the user's password will unlock.
Because software encryption exists in the software of a machine, it needs to be reinstalled if the operating system is changed. Hardware-based encryption resides outside of the computer's software and will remain in place regardless of anything that happens to the computer's software.
Upgradeability and scalability
You can upgrade software-based encryption to fix bugs and enhance performance. Software encryption can also be copied to different drives or computers if there is a need to expand the security to other machines. Since hardware encryption is contained on a microchip on the storage device itself, it can be difficult or impossible to change any part of the hardware encryption. The hardware encryption covers only one drive at a time, so if there is a need to expand the security, you have to purchase additional drives with hardware encryption.
Software-based encryption uses the computer's processor to handle the data encryption. Since the processor has to handle both the normal computer operations and the data encryption, it may cause the entire system to slow down. Hardware-based encryption runs on its own hardware and has no effect on overall system performance.
Brute Force Attacks
A brute force attack, the most common attack on encrypted data, is the repeated guessing of a password or encryption key. Software-based encryption schemes will attempt to limit the number of decryption or login attempts, but because they utilize the computer's resources, hackers can access the computer's memory and reset the attempt counter, in essence giving them unlimited time to guess the password or key. Hardware based encryption does its processing on a dedicated chip that cannot be accessed by the computer, so this method of brute force attack will not work.
Dependence of Operating System Security
Software-based encryption is only as secure as the computer it is running on. If hackers can get malicious code onto the computer, they can modify or disable the encryption, allowing the disk to store unsecured data. Hardware-based encryption runs independently of the operating system so it is not exposed to these types of security flaws.
- link Sandisk: Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives
- link Missouri Office of Administration: Hardware vs. Software Encryption
- link Seagate: Hardware versus Software
- link Q3: Tape Backup Encryption
- link IronKey: Benefits of Hardware-Based Encryption
- photo_camera lock image by Dwight Davis from Fotolia.com