Dave, Considering that it takes about a millionth of a second to generate an AES key, I don't think that you can tell much from the fact that it came up instantaneously after you entered your password.
The fact that it came up instantly without formatting means that it had a FAT32 filesystem on it. My guess is that the system has per-device session key and that the key is then encrypted with your password. But that's just a guess. There are lots of ways to build such a system. On Nov 14, 2008, at 3:13 PM, Dave Jevans wrote: > My Black Armor came up pretty much instantaneously after I entered my > password, and didn't require formatting. This leads me to believe it > is pre-formatted at the factory. That requires the AES key to be > generated in the factory rather than when the user first initialized > the device. Is this the case? > > > At 11:03 PM +0100 11/14/08, H M wrote: >> Implementation of security to an external retail drive. >> >> The 25 character SID is created during production for every FDE >> drive. It is simply used to verify the possession of the drive. >> On a new drive this SID is used as the Master Password to start >> security management, e.g. create user password, recovery password >> Once user sets a password this SID can only be used to secure erase >> a drive when the user password was lost. >> This is special to the Black Armor implementation as the probability >> that users will forget their passwords is too high. If the user >> password is lost there is no way to get back data stored on the >> drive. >> In order for Seagate to not get back these drives just for the >> locked status, the SID can be used to secure erase the drive and >> make it reuseable. >> After Secure erase all user data is gone and the drive starts on >> next power up as a virgin drive. The management SW on the locked >> drive is located in a secure, write protected area of the drive. >> Therefore this drive can be connected to any computer and there has >> no software to run on this computer which could detect a locked >> (protected) drive. >> User has to partition and format the drive after secure erase as >> there is no useful data on it any more >> >> On a notebook drive the implementation is different. Once a password >> is set the SID is no password any longer. On a secure erase as well >> the data in the locked drive mode would be cleared and the drive >> reset to unlocked state. >> >> In order to run secure erase you need a valid password for the >> drive. On Black Amor SID is for reuseability purpose. >> >> The AES key that is randomly generated on every secure erase, never >> leaves the drive and is unknown to Seagate. The drive encrypts >> always all data written to the media and decrypts it during read. >> The access to data means you can provide a valid password when >> powering up the drive. >> >> >> HM >> >> _______________________________________________ >> FDE mailing list >> FDE@www.xml-dev.com >> http://www.xml-dev.com/mailman/listinfo/fde > > _______________________________________________ > FDE mailing list > FDE@www.xml-dev.com > http://www.xml-dev.com/mailman/listinfo/fde > _______________________________________________ FDE mailing list FDE@www.xml-dev.com http://www.xml-dev.com/mailman/listinfo/fde
