• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Bulk Data Encryption

N

netsider

Limp Gawd
Joined
Oct 12, 2004
Messages
466
I was browsing HD's on newegg.com and saw that some drives have a feature called BDE, or "Bulk Data Encryption" (namely drives by HGST). I know I can use Bitlocker or Truecrypt instead, but was just curious.

From reading here, it sounds like it works like Bitlocker does on a system/boot partition, where if encryption is configured a password is required upon booting to it. However, my question is: Does anybody know how the password for these particular line of drives would/could be entered if it wasn't used as a primary/system disk, but as a secondary non-bootable drive that doesn't contain an OS (like you can with Bitlocker, where you're prompted for the password in the OS to unlock the drive)?

Thanks, I'd appreciate any answers (especially first hand experience with HGST drives using "BDE") :cool:
 
There's a system called ATA password which was used for a lot of older hard drives. Originally it was a spin up lock mechanism, but I believe it was extended to be used with encryption. My guess is that these are still using ATA password and that you'll be prompted either during bios boot or when your OS tries to mount the drive.
 
Darakian said:
There's a system called ATA password which was used for a lot of older hard drives. Originally it was a spin up lock mechanism, but I believe it was extended to be used with encryption. My guess is that these are still using ATA password and that you'll be prompted either during bios boot or when your OS tries to mount the drive.
Click to expand...

That's my guess too, but was just hoping to know for sure by hearing from somebody who has used this. I'm assuming not many people utilize this "BDE" feature, since Bitlocker/Truecrypt is pretty much the standard for PC encryption at the moment.

If it's a feature of the drive (I know the BIOS also needs to support it, as a prerequisite), could it *not* be capable of being unlocked through the OS, and only work for system drives at boot time? :confused:
 
netsider said:
That's my guess too, but was just hoping to know for sure by hearing from somebody who has used this. I'm assuming not many people utilize this "BDE" feature, since Bitlocker/Truecrypt is pretty much the standard for PC encryption at the moment.

If it's a feature of the drive (I know the BIOS also needs to support it, as a prerequisite), could it *not* be capable of being unlocked through the OS, and only work for system drives at boot time? :confused:
Click to expand...

Dunno. I've got a bias against hard drives doing my encryption as they can be broken into. At this point I don't think truecrypt is a good idea for two reasons
1) The abandonment of the project is a bit freaky (weak reason I know)
2) There are better alternatives on every platform
 
Veracrypt replaced trucrypt. Truecrtpy is broken in many ways (keys dont work there is a hole and a couple other things)
 
Darakian said:
Dunno. I've got a bias against hard drives doing my encryption as they can be broken into.
Click to expand...

That's not much of an argument there. A well designed drive won't cough up it's password ever.
Heck, i've heard about some that encrypt everything all the time on the way to disk/flash. The ATA secure erase ends up being stupid fast because it just scrambles the key, thus rendering everything effectively unreadable. The ATA password in those drives just sets the internal key to something custom instead of it's default random one.
 
FnordMan said:
That's not much of an argument there. A well designed drive won't cough up it's password ever.
Heck, i've heard about some that encrypt everything all the time on the way to disk/flash. The ATA secure erase ends up being stupid fast because it just scrambles the key, thus rendering everything effectively unreadable. The ATA password in those drives just sets the internal key to something custom instead of it's default random one.
Click to expand...

Considering the recent reports and pass reports on how much energy the US government has put into making vulnerabilities in everything...i wouldn't trust a closed encryption system from a company that can easily be influenced. It was just reported that one of the major groups that is suspected to be either the NSA or works for them were able to get malware or whatever into the hardrive BIOS so it had control of the system before even the MB bios has control or something

Googling...


http://www.reuters.com/article/2015/02/17/us-usa-cyberspying-idUSKBN0LK1QV20150217

my level of trust in anything is ZERO. I am slowly adapting to a tiered system of security with multiple computers so that certain sensitive stuff is on certain systems.

Medical records, taxes, and other documents are on a computer that never touches the internet period.
regular computer is regular computer
Tails OS computer that never touches my main network
network broken up into several groups for various levels of security.

I am maybe 25% complete. It'll take a year or two to passively reach ideal goals but once done i won't have to redo anything
 
You must log in or register to reply here.
Back
Top