On 31 Oct 2006 13:52:01 -0000, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
http://www.seagate.com/cda/newsinfo/newsroom/releases/article/0,,2732,00.html
When someone gets a chance to play with one of these, please post.
I have not played with one, but here I am, posting away.
An open and self-contained crypto infrastructure on a hard drive that is
"useless" until the
BIOS recognizes it with a password key. Reminds me a little of the "locks" some
manufactures have that can be enabled in the BIOS for some drives. Although, it
is easy
to just call up the manufacture and get the back-door key for locked drives
(done many
times with basic data recovery jobs or just hook up to another computer and
not boot
from it), according to Seagate, there is no "back-door" access here. If the key
is lost,
stolen, or just not available for investigations/recoveries, there will be no
way to
access/read the FDE (Full-Disk Encryption) drive.
This has actually been around for awhile now, as I recall reading
about this last year, and the press release is dated June 2005. The
feature is invoked when you use a BIOS ATA password, and there are two
passwords, a Master and User, configurable for these drives.
There is also functionality for storage/backup of encryption keys on
another device. See fde.seagatestorage.com for a technical brief,
which covers what I have mentioned and more.
Also, it has a "wiping" technique that supposedly can "wipe" a drive in less
then a
second and be "secure". I would like to know more about this. If anyone has any
information, please post. Thanks.
I did not find details on this. However, the technical paper I
reference above mentions that when you encrypt one of these drives,
there is no initialization process, and if you change your passwords,
there is no decrytion/encryption process. The drive also states there
is no DMA on this drive.
This is pure speculation, but I would guess the password gives you
access to the drive, which has some sort of address translation table
that gets encrypted, and has some built-in routine for wiping this
table, rather than the entire disk. Since there is no DMA, this table
could track where your data is and return zeros for any other
location. That doesn't seem right to me, though. Seems like that's a
lot of complexity for a hard drive firmware. Hopefully someone that
knows more about Seagate drive encryption will post.
