Hardware- vs Software-Based Encryption
Hardware-Based Encryption
Uses a dedicated processor physically located on the encrypted drive
Processor contains a random number generator to generate an encryption key, which the user’s password will unlock
Increased performance by off-loading encryption from the host system
Safeguard keys and critical security parameters within crypto-hardware
Authentication takes place on the hardware
Cost-effective in medium and larger application environments, easily scalable
Encryption is tied to a specific device, so encryption is “always on”
Does not require any type of driver installation or software installation on the host PC
Protects against the most common attacks, such as cold boot attacks, malicious code and brute force attacks
Software-Based Encryption
Shares computers resources to encrypt data with other programs on the computer – Only as safe as your computer
Uses the user’s password as the encryption key that scrambles data
Can require software updates
Susceptible to brute force attacks, computer tries to limit the number of decryption attempts but hackers can access the computer’s memory and reset the attempt counter
Cost-effective in small application environments
Can be implemented on all types of media
