|
Posted by Barry Watzman on February 3, 2007, 4:32 pm
Please log in for more thread options Re: "The whole-disk encryption is performed in hardware."
We are not talking about encryption at all. IDE drive passwords are not
encryption. The way that this works is that on startup, the drive will
one and only one command over the IDE port ... the password command.
Until that command is issued, with the correct password, the drive will
simply not respond to ANY other valid IDE commands, including the
"identify drive" command. Thus, until the password command is issued
and the drive activates itself, it's not even seen by the bios. The
system will act as if there is simply no drive installed at all. It has
nothing to do with encryption or keys.
I think that we are talking about two different things.
Vanguard wrote:
>> Re: "The other half of the hash (to decode) was back in the original
>> laptop. Preventing someone from getting at it, especially by stealing
>> the drive, is just what that security is for; i.e., unless the drive
>> is in the original laptop that hashed up the drive's contents AND you
>> know the password, you will never get at the decoded contents of the
>> drive."
>>
>> I don't think that's correct. This isn't windows,
>
> I don't care what OS is on the drive, encrypted or not. The whole-disk
> encryption is performed in hardware. Half of that support is on the
> hard drive, the other half is back in the mobo. If the drive wanders
> off from the mobo that hashed up the drive, that drive cannot be
> decoded. It is very similar to e-mail encryption: the source (owner of
> the certificate or the mobo) has the "private" portion and the target
> (recipient or hard drive) has the "public" portion. Without both,
> there's no decryption, and the source controls that.
>
>> this is an IDE
>
> Yep, as I said, this hardware encryption was first provided in ATA-3
> specification. It is NOT solely implemented on the hard drive alone.
> Unfortunately it costs to get copies of the ATA specs from
> http://www.t13.org/ and I really don't need them.
>
>> Otherwise, as has happened here, if the computer motherboard dies,
>> then the drive is lost, and that is beyond secure, it is "data
>> endangering".
>
> Yep, that is what happens. And that is why you MUST do data backups
> since they won't depend on the private key for the encryption that the
> mobo has. The backups can either be open in that anyone could restore
> from them or you would password-protect them, but that password
> protection is entirely within the backup file so you could use another
> computer running the same backup program to restore your data because
> the password was only used to encode the file (i.e., there is no
> separation of private and public keys, there is just the one key used to
> encode the file).
>
| 
XML Sitemap