My Black Armor came up pretty much instantaneously after I entered my password, and didn't require formatting. This leads me to believe it is pre-formatted at the factory. That requires the AES key to be generated in the factory rather than when the user first initialized the device. Is this the case?
At 11:03 PM +0100 11/14/08, H M wrote: >Implementation of security to an external retail drive. > >The 25 character SID is created during production for every FDE >drive. It is simply used to verify the possession of the drive. >On a new drive this SID is used as the Master Password to start >security management, e.g. create user password, recovery password >Once user sets a password this SID can only be used to secure erase >a drive when the user password was lost. >This is special to the Black Armor implementation as the probability >that users will forget their passwords is too high. If the user >password is lost there is no way to get back data stored on the >drive. >In order for Seagate to not get back these drives just for the >locked status, the SID can be used to secure erase the drive and >make it reuseable. >After Secure erase all user data is gone and the drive starts on >next power up as a virgin drive. The management SW on the locked >drive is located in a secure, write protected area of the drive. >Therefore this drive can be connected to any computer and there has >no software to run on this computer which could detect a locked >(protected) drive. >User has to partition and format the drive after secure erase as >there is no useful data on it any more > >On a notebook drive the implementation is different. Once a password >is set the SID is no password any longer. On a secure erase as well >the data in the locked drive mode would be cleared and the drive >reset to unlocked state. > >In order to run secure erase you need a valid password for the >drive. On Black Amor SID is for reuseability purpose. > >The AES key that is randomly generated on every secure erase, never >leaves the drive and is unknown to Seagate. The drive encrypts >always all data written to the media and decrypts it during read. >The access to data means you can provide a valid password when >powering up the drive. > > >HM > >_______________________________________________ >FDE mailing list >FDE@www.xml-dev.com >http://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list FDE@www.xml-dev.com http://www.xml-dev.com/mailman/listinfo/fde
