On Tue, 14 Apr 2009, Scott S wrote:
> Daniel, > > The use of Seagate FDE drives is very simple: > > First of all, there is no special driver that needs to be installed at > any level to use an FDE drive. An FDE drive operates like a normal drive > from the getgo. It is just that it is always encrypting the data that > gets saved on the drive, totally transparent to you or to the OS. And it > is only when you set the password on the drive that you are taking advange > of encryption security. And you don't need anything to do that either (more > on this later). You can count on vendors to ignore the best features of their products in advertising. > > Second, there is no key generation you need to worry about. The > drive doesn't use your password to generate a key. The > drive has a secret encryption key unrelated to your password, and the > drive is the only one that has access to it. > > Third, when you set the password and authenticate to the drive at the > start of the computer, in essence, what you are doing is providing > permission to the drive to use its secret encryption key to read and > write the data. Once this happens, the FDE drive is a normal drive to the > OS and applications. > > Four, so how do you set the password on the FDE drive? There are two > ways. The simple, cheap, and quick way is via the drive lock in the BIOS > (not to be confused with the system BIOS password). For this you don't > need anything else, just go into the BIOS and look for it under the hard > drive or SATA section to set it. Once set, the password gets save on the How do I tell (before purchase) if a motherboard has this BIOS feature? The boards I buy (mostly Gigabyte) don't seem to support this. > drive so that if you were to connect the drive to a diffent computer, it > will still ask for the password. The drive lock password is ideal for > single users and don't need anything fancy. The second way is via a 3rd > party client software that you will have to purchase. Besides being more > user friendly, the client software provide enhance features like password > synchronization with OS, remote password reset, and multiple account > access. For a company these features are must. > Can you suggest a particular brand? Or is there a keyword I can use for searching for this software? Any Linux compatible? If a salesdroid is reading this, I would take your call! Thank you, and I will certainly be giving this a trial soon. Daniel Feenberg feenberg isat nber dotte org 617-588-0343 > One last thing, it was stated at the beginning that "there is no key > generation". This doens't mean that the key can not be generated. It can > be, and it is a feature. A generation of a new key happens when you want > to do a cryptographical erase of the entire drive (also called > secure wipe). However, you will still not know what the new keys is. > > Scott > _______________________________________________ FDE mailing list FDE@www.xml-dev.com http://www.xml-dev.com/mailman/listinfo/fde