From a birdeye view, nothing. And that’s not what the designation attempts to address. It’s not even about how fast the hardware is, as encryption doesn’t require lots of processing power and key delivery systems are relatively simple devices.
It’s about control. Encryption in general is robust and nobody directly tries to break the algorithm. Most breaches are done by bypassing the encryption entirely. By adding a hardware component, it makes it very difficult to do so. It also creates a one-way bridge for key delivery - once you put keys into the device you cannot remove it. The only option is to delete it. Most of the devices are also hardened - they emit no signals, resist interference, and have various preventions that will dump keys and software in the event the device is tampered with. Add to the fact that because it’s physical in nature and not some boogeyman subsystem buried deep in a server, you can point to it, tell someone to guard it, and put it in a vault. Most also have an accessible wipe button, which makes it easy to prioritize what gets destroyed if the need calls for it. There are many more things, but I think I made my point.
It’s still hard for the consumer market to have a physical component for encryption. Even for those that do, it’s still not robust enough. You can get legitimate military-grade encryption, with all its bells and whistles, but it’s incredibly expensive and requires specific requirements by the NSA. But afaik, there is no cheap alternative, and most of what you see being advertised is just marketing gibberish.
From a birdeye view, nothing. And that’s not what the designation attempts to address. It’s not even about how fast the hardware is, as encryption doesn’t require lots of processing power and key delivery systems are relatively simple devices.
It’s about control. Encryption in general is robust and nobody directly tries to break the algorithm. Most breaches are done by bypassing the encryption entirely. By adding a hardware component, it makes it very difficult to do so. It also creates a one-way bridge for key delivery - once you put keys into the device you cannot remove it. The only option is to delete it. Most of the devices are also hardened - they emit no signals, resist interference, and have various preventions that will dump keys and software in the event the device is tampered with. Add to the fact that because it’s physical in nature and not some boogeyman subsystem buried deep in a server, you can point to it, tell someone to guard it, and put it in a vault. Most also have an accessible wipe button, which makes it easy to prioritize what gets destroyed if the need calls for it. There are many more things, but I think I made my point.
It’s still hard for the consumer market to have a physical component for encryption. Even for those that do, it’s still not robust enough. You can get legitimate military-grade encryption, with all its bells and whistles, but it’s incredibly expensive and requires specific requirements by the NSA. But afaik, there is no cheap alternative, and most of what you see being advertised is just marketing gibberish.