Tom Brennan wrote:
>As a side note, I bought a couple Western Digital "Passport" drives that 
>connect via USB to my PC (for mailing data).  I copied data to the drive 
>and oops, I forgot to encrypt before mailing.  So I ran through the 
>encryption process which suprised me because it only took a second for a 
>terabyte of data.  I guess that gives me a clue as to how the thing 
>operates.  Maybe data is *always* encrypted on the device even if you 
>don't specify encryption, and when you do specify it, only the key is 
>encrypted with the password you choose.

Interesting. Or they don't encrypt it at all ☺

This article: 
http://www.zdnet.com/article/the-self-encrypting-drive-you-may-already-own/ 
seems to support what you suggest ("By default the encryption is turned on, but 
there is no password unless you put one in using WD Security software"): I 
can't make that sentence make sense any other way.

This article: 
http://security.stackexchange.com/questions/44730/how-secure-is-wd-mypassport-lock
 also agrees:

"
Since the user password can be changed (page 28) without implying a complete 
re-encryption of the disk (it would take some non-negligible time, e.g. one 
hour), one can surmise that the drive data is encrypted with a drive-specific 
key K, which never changes, and that key is stored somewhere on the disk 
(possibly in some EEPROM) encrypted with a password-derived key. When the disk 
is unlocked, K is decrypted with the password, and kept in some RAM on the disk 
(disks have RAM, several megabytes, if only for caching). This is lost when the 
power is cut. When the user changes his password, K is decrypted with the old 
password and re-encrypted with the new. When the password is removed, it is 
actually replaced with a convention password (i.e. the data is always encrypted 
with K).
"

The "convention password" (which makes me think of SHARE) presumably just means 
"default password".

...phsiii (this is drifting, but at least it's interesting drift!)

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to