Tom Brennan wrote: >As a side note, I bought a couple Western Digital "Passport" drives that >connect via USB to my PC (for mailing data). I copied data to the drive >and oops, I forgot to encrypt before mailing. So I ran through the >encryption process which suprised me because it only took a second for a >terabyte of data. I guess that gives me a clue as to how the thing >operates. Maybe data is *always* encrypted on the device even if you >don't specify encryption, and when you do specify it, only the key is >encrypted with the password you choose.
Interesting. Or they don't encrypt it at all ☺ This article: http://www.zdnet.com/article/the-self-encrypting-drive-you-may-already-own/ seems to support what you suggest ("By default the encryption is turned on, but there is no password unless you put one in using WD Security software"): I can't make that sentence make sense any other way. This article: http://security.stackexchange.com/questions/44730/how-secure-is-wd-mypassport-lock also agrees: " Since the user password can be changed (page 28) without implying a complete re-encryption of the disk (it would take some non-negligible time, e.g. one hour), one can surmise that the drive data is encrypted with a drive-specific key K, which never changes, and that key is stored somewhere on the disk (possibly in some EEPROM) encrypted with a password-derived key. When the disk is unlocked, K is decrypted with the password, and kept in some RAM on the disk (disks have RAM, several megabytes, if only for caching). This is lost when the power is cut. When the user changes his password, K is decrypted with the old password and re-encrypted with the new. When the password is removed, it is actually replaced with a convention password (i.e. the data is always encrypted with K). " The "convention password" (which makes me think of SHARE) presumably just means "default password". ...phsiii (this is drifting, but at least it's interesting drift!) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
