16-03-2025 06:08 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
SImple question: I have a secure erased Samsung 870 EVO. Booting to my currently unencrypted Samsung 870 EVO drive, I use Samsung Magician to enable Device Encryption on this securely erased SSD. The question: what happens if I use Samsung Magician to Clone from my unencrypted 870 EVO to this securely erased, no device-encrypted-enabled SSD? It is usable? Can Windows Bitlocker use hardware encryption for it? (preferred) I can do the experiment, but I'd rather find out if someone has already tried this. The goal is to enable Samsung SSD hardware encryption with Bitlocker managing it, while not having to literally reinstall not only the OS, but every single app I've got on it.
16-03-2025 06:10 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
Dammit, mistyped the question. Corrected below:
SImple question: I have a secure erased Samsung 870 EVO. Booting to my currently unencrypted Samsung 870 EVO drive, I use Samsung Magician to enable Device Encryption on this securely erased SSD. The question: what happens if I use Samsung Magician to Clone from my unencrypted 870 EVO to this securely erased, NOW device-encrypted-enabled SSD? It the new encrypted SSD usable? Will it boot? Can Windows Bitlocker use hardware encryption for it? (preferred) I can do the experiment, but I'd rather find out if someone has already tried this. The goal is to enable Samsung SSD hardware encryption with Bitlocker managing it, while not having to literally reinstall not only the OS, but every single app I've got on it.
16-03-2025 06:11 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
!@#$!! Another typo, "IS the new encrypted SSD usable?..."
16-03-2025 06:12 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
And I am using WIndows 11 Pro.
16-03-2025 06:42 PM - last edited 16-03-2025 06:43 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
In my experience, bit locker never actually uses hardware encryption on a device, even if you tell it to. If you clone a bitlocker drive to an unencrypted drive, that second drive will now have bitlocker encryption.
TLDR, samsung encrypted drive is hardware. Meaning once it's unlocked, it can be cloned as if there was no encryption.
Bitlocker encrypted drives will clone the encryption over to the new drive.
Hardware encrypted drives kinda act like all the data isn't encrypted, as the drive handles that stuff.
Bit locker has the kinda raw data you see as encrypted, that your PC then decrypts
You wrote a lot so if you have any direct questions, just ask in a reply
16-03-2025 06:50 PM - last edited 16-03-2025 06:53 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
In the past, hardware encryption has used weak algorithms and sometimes don't generate their own keys too well. I'd hope thats no longer an issue though. Plus recovery can be hard if you the user doesn't know the key within the drive. In hardware failure or recovery, you get stuck. You don't know what goes on in that chip.
Though the main factor is to unlock the drive, you usually have to run an exe file to enter your code. Work and public computers don't allow that.
Again, as a me thing, I say software encryption is just a more versatile tool that can be recovered easier. It can be slower on some systems depending on things but I personally don't see much of a difference with bitlocker set to xts aes 256 bit mode
16-03-2025 07:11 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
Thanks for the reply. However, the question was about cloning FROM the NONENCRYPTED drive TO the device ENCRYPTED drive. Not the other way. Appreciate your thoughts on the bitlocker software encryption, though, even though it's a drag on resources
16-03-2025 07:20 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
16-03-2025 08:54 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
So, just to recap:
1. Booting from my unencrypted, win11 pro OS/data Samsung 870 EVO SSD, I secure erase and Device encrypt another Samsung 870 EVO SSD.
2. Then after encrypting the now blank and Device Encrypted SSD, I clone my current unencrypted OS/data SSD to the encrypted drive.
3. I now reboot to the encrypted drive, and after opening it, I can apply bitlocker hardware encryption, and use a USB stick instead of TPM.
Is the above right?
16-03-2025 09:03 PM - last edited 16-03-2025 09:04 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
