Everlag

For those not following the consumer SSD market closely, this is a bit of an upset. Previously, Samsung was king and basically unchallenged on price/performance for mainstream and high performance loads. Now we've got Western Digital, previously seen as a spinning rust king with an SSD side business, coming in and making an extremely competitive offering. While they're not strictly better, they're the best the market has seen from outside Korea or Intel.

If you want to quickly get the long-short of the review, check out the 'Destroyer' benchmark[0] and the price/gb chart[1]. Though I recommend reading the entire thing, anandtech reviews are a treat.

[0] https://www.anandtech.com/show/12543/the-western-digital-wd-... [1] https://www.anandtech.com/show/12543/the-western-digital-wd-...

pmorici

Samsung supports AES-256 hardware encryption on pretty much all their drives I don't see that on these WD / Sandisk products that is kind of a deal breaker for me.

fulafel

So you run without OS level FDE and trust a drive level crypto function? How does key management work, do you input the AES key at a firmware prompt on boot / wake from sleep, or is there transparent OS support for this?

ahartmetz

On laptops with an FDE disk, there's a password prompt on bootup (not wakeup from suspend to RAM - possibly configurable) before you can do anything else with the machine. Seen on Dell E models and Thinkpad T models.

fulafel

Sounds like it's pretty easy to compromise this kind of encryption if you steal a laptop that's suspended [1]. One of the easiest attacks mentioned is to just keep the drive powered and plug the sata data port into another computer.

Another risk is that you don't know if the crypto is secure. There are lots of possibilities to get things wrong [2].

It seems inevitable that the further you get from end-to-end crypto, the less secure it is.

[1] https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-... [2] https://en.wikipedia.org/wiki/Disk_encryption_theory

pmorici
None of the scenarios detailed in your 1st reference are an inherent vulnerability of SEDs it is describing vulnerabilities in the software that drives the SEDs or physical designs of the computers they are installed in. Also, reset attacks apply to software encryption as well as SED's.

Check out the sedutil project on Github it's an opensource implementation of software to manage SED's

https://github.com/Drive-Trust-Alliance/sedutil