Hi Scott,
As the Security ID serves as a default password to unlock the FDE drive inside
the Black Armor, am I correct to assume that such unlock action releases the
true AES 128-bit key to allow the operation of the FDE drive? If that's the
case, do users require to partition and format the FDE drive after the default
password entry? What happens to the AES key if user establishes a new password?
Can user get to generate the AES key or it is a default value stored protected
by the Security ID at default and later at new password entry?
When you said the Security ID is also needed when the Black Armor hard drive
needs to be cryptographically erased, exactly what do you mean by
"cryptographically erase?" Is it an action that erases the true AES key or is
it an action that erases the previously established user's password?
You also said: After the erase, the default password again becomes the Security
ID. Does this mean the FDE drive permanently stores the Security ID?
Thank you,
Robert Wann
----- Original Message -----
From: "Scott S" <[EMAIL PROTECTED]>
To: <fde@www.xml-dev.com>
Sent: Thursday, November 13, 2008 3:27 AM
Subject: Re: [FDE] What is the Security ID on a Seagate Maxtor Black Armor
drive?
> Hi Dave,
>
> Security ID serves two functions:
>
> 1) It is the default password of the Black Armor. Like the way a user needs
> the old password to change to a new password, the Security ID serves as the
> old password.
>
> 2) The Security ID is also needed when the Black Armor hard drive needs to be
> cryptographically erased (because the user wants to, or because the user
> forgot the password). After the erase, the default password again becomes the
> Security ID.
>
> One of the decision point of developing Black Armor was, what to do when the
> user forgets the password. Should the drive become totally useless?
>
> The arguement for making it into a "brick" if the password is not known is
> that is reduces the "steal value" of the device.
>
> For the Black Armor, if the password is not known, it can be reused. But
> first the data needs to be wipeout.
>
> Scott
>
>
> On Tue, 11 Nov 2008, Dave Jevans wrote:
>
>>
>> I just setup a Seagate/Maxtor Black Armor hardware encrypted drive.
>>
>> When you setup the device, and before you choose your password, you
>> have to enter in a 25 character "Security ID" which looks like a
>> software license key, and is printed on the back of the drive's case.
>>
>> Why would you have to do this? Since it's printed on the outside of
>> the case, why doesn't the device already know this serial number
>> internally, and why would it care?
>>
>> Initially my skeptical mind figured this is actually the AES key, or
>> a back-door encryption key.
>>
>> But with more thought, I figured that perhaps it's because the device
>> is manufactured in China, and it's a clone prevention technique?
>> Maybe the sticker is added to the device when they are packaged in
>> the US, and the security ID number is needed to activate the
>> encryption? This prevents a Chinese factory from creating clone
>> devices using their controller?
>>
>> Anyone from Seagate on this list that can comment?
>>
>> _______________________________________________
>> FDE mailing list
>> FDE@www.xml-dev.com
>> http://www.xml-dev.com/mailman/listinfo/fde
>>
>
>
> _______________________________________________
> FDE mailing list
> FDE@www.xml-dev.com
> http://www.xml-dev.com/mailman/listinfo/fde
>
_______________________________________________
FDE mailing list
FDE@www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde
