Scott S scott at u.washington.edu wrote in part: (http://www.xml-dev.com/pipermail/fde/2009-April/001075.html)
<snip> > And it is only when you set the password on the drive that you > are taking advange of encryption security. And you don't need > anything to do that either (more on this later). <snip> > Third, when you set the password and authenticate to the drive > at the start of the computer, in essence, what you are doing is > providing permission to the drive to use its secret encryption > key to read and write the data. <snip> > Four, so how do you set the password on the FDE drive? There are > two ways. The simple, cheap, and quick way is via the drive lock > in the BIOS (not to be confused with the system BIOS password). > For this you don't need anything else, just go into the BIOS and > look for it under the hard drive or SATA section to set it. Once > set, the password gets save on the drive so that if you were to > connect the drive to a diffent computer, it will still ask for > the password. The drive lock password is ideal for single users > and don't need anything fancy. Please don't tell me this is true. Seagate's own commissioned study concluded that the standard ATA hard disk password was not secure. "Hard Drive Password(using ATA) Minimal protection Available on most notebooks and some desktops. Prevents the drive from retrieving data unless the correct password is provided. Does not encrypt any data. Easily defeated but requires specific skills or hiring someone with those skills. Stronger than BIOS or OS passwords but still weak protection and not suitable for data worth more than US$100." http://www.wwpi.com/summer-2007/2669-hard-drive-passwords-easily-defeated-the-truth-about-data-protection http://seagate.com/docs/pdf/whitepaper/HDpasswrd_TP580-1-0710US.pdf. All the fancy encryption on the disk isn't going to do any good if the password unlocking it is easily recovered. > The second way is via a 3rd party client software that you will > have to purchase. Besides being more user friendly, the client > software provide enhance features like password synchronization > with OS, remote password reset, and multiple account access. > For a company these features are must. Which begs the question, how do these software products protect the password? I had thought they were doing it using the TPM but now I don't think so. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ FDE mailing list FDE@www.xml-dev.com http://www.xml-dev.com/mailman/listinfo/fde
