Is WD My Book encryption secure?

[colortrekninja]

Hi,

I am trying to figure out if I can trust the encryption what WD provides with their drives.

Here is what I've found so far:

• Drives with SymWave interface chips store the user key in a way that it can be recovered without knowing the password and are therefore not secure at all
• Drives with JMicron interface chips that provide built-in hardware encryption (chip ID ends in "S"?) are truly secure, i.e. if all key materials are chosen truly randomly, the only way to crack them is by brute-force (which would be infeasible for truly random passwords)
• Drives with interface chips that don't have encryption built in (e.g. JMicron without S?) rely on cryptography built into the drive itself
• There are other, usually user-mitigatable, security concerns (weak passwords, predictable factory DEKs, weak RNGs in the unlock software tools, ...) that I'm not worried about since I'm planning to build my own without such vulnerabilities

What I have not been able to find is any information on recent drives. My disks are from 2021/22 and use the JMS579 chip, for which I can't even find a datasheet (seems to be a WD exclusive, maybe?).

Which leaves me with the following questions:

• Am I correct that the JMS579 chip does not include hardware crypto functions, i.e. the encryption is handled by the actual disk? If I ask the drive for supported ciphers, it only returns "FullDiskEncryption", which seems to support this assumption.
• If so, is there any known information on how good that encryption is? Are there any known vulnerabilities or backdoors (in the actual hardware, i.e. ignoring any issues introduced by the unlock-software or weak passwords)?

Basically, I'm trying to decide whether I can truly trust the hardware encryption of these drives to keep my data safe, if I make sure that I provide it with unguessable key material (if that is even possible, e.g. can I provide a custom DEK (or at least custom entropy for it) to drives that only do FullDiskEncryption?). Would you, for example, be comfortable storing the private key to a BitCoin wallet containing millions of dollars onto this drive without feeling the need to then also make sure no-one ever gets their hands on this drive?

Thank you for your help and I love the work you're doing!

[themaddoctor]

The SymWave and JMS538S (and all the others) encrypt in ECB mode, so any identical 16-byte blocks of data are encrypted to identical 16-byte blocks. That's a big weakness. (SymWave has the option of XTS mode, but I think that decision is made at the factory.)

The JMS538S is only "safe" from easily guessing the DEK if the user changes it.

The PLX OXUF943 chip writes a backup keyblock to the disk, and does not overwrite it unless the user changes the password TWICE.

I have no knowledge of the JMS579.

To answer your actual question, I would not trust WD encryption to protect anything of value. I base this opinion on their past performance. I would, and do, use full-disk encryption through the linux utility "cryptsetup", which makes the encryption transparent to the OS while the disk is open, through a filter in the kernel, but everything on the device is encrypted. It uses CBC mode by default, not ECB, and has some choices of cipher (AES, SERPENT, Twofish, ...). I also use a KDF (key derivation function) and long passwords and salt.