Is there a completely secure encryption method?

Nowadays people use many data security methods and products.

Passwords are the most common security method, but to a determined thief, they actually offer little security. Data encryption protects data by scrambling and replacing codes. The effectiveness of this method of security depends on the effectiveness of the encryption algorithm, and how the encryption is handled. The higher the number of bits in an encryption key, the harder it is to discover the encryption key using so-called "brute force" computing techniques. Since encrypted data can be successfully decrypted using an encryption key, protecting this key has become a critical issue in data security.

There are several products on the market that implement data encryption by running encryption software on the host system. This software encrypts data on the host system processor and stores the encrypted data on a storage device. A number of companies make such products, including BitLocker (for Windows Vista), FileVault (for MacOS X), and dm-crypt (for Linux).

Software-based encryption

Such software-based encryption packages may protect data from casual attempts to recover it, but it has long been known that such data encryption can be broken with the right tools.

For example, encrypted data may be stored in multiple locations on a storage device, but some portions of the encrypted files may be in unencrypted areas of the storage device.

Earlier this year, Princeton University researchers pointed out that in host-based encryption, the encryption key is located in the host's DRAM (dynamic random access memory), and if someone can extract the data in the DRAM before it disappears, then the key will be restored and data security will be lost. After the host is shut down, the DRAM is cooled down immediately, and then the contents are cloned to another storage device to recover data from the DRAM.

Software-based encryption may be easy to detect and penetrate. For example, turning off the power of a desktop or laptop or putting them into hibernation when away from them can eliminate DRAM recovery methods, but we need more technology to ensure that fragmented files that need to be encrypted can be fully protected.

Hardware-based encryption

Hardware-based encryption is more difficult to access and penetrate. One approach promoted by the Trusted Computing Group (TCG) is to place encryption keys on a storage device, and the storage device also contains a special chip capable of encryption/decryption.

This device does not expose the key to the host system, so techniques such as reading the key from DRAM will not work. Also, all user data on the hard drive can be encrypted. Seagate, Hitachi and Fujitsu also now offer notebook hard drives with onboard encryption.

Disk drives that include full drive encryption can provide computer users with greater peace of mind. Furthermore, if the keys in the storage device are deleted on these products, the data in the device cannot be reconstructed or reconstructed by the "brute force" techniques discussed earlier due to the lack of key information. Therefore, TCG-enabled disk drives can provide fast "safe deletion".