[liberationtech] Encryption of Asus UX31A/Adata XM11 SSD
Tom Ritter
tom at ritter.vg
Sun Sep 1 09:42:59 PDT 2013
I tried this once [0,1]. My suggestions.
0) There's an app (hdparm) that lets you interact with the drive's AT
security stuff. But obviously this only helps you if it's not your
boot drive.
1) Repost this on the cryptography mailing list, it's more technical
focused that libtech.
2) See if the drive has any sort of certifications, like FIPS or
Common Criteria. FIPS certified stuff has publicly available
documentation that's very technical.
3) The drive that I was looking at predates the OPAL era [2], and I
ultimately stopped researching it because of that. OPAL is a standard
for how HD's should encrypt data. I don't know much about it, but
it's another line of inquiry for you.
4) "I did notice that my BIOS allows me to set an ATA master password
and ATA user password, both up to 32 characters."
That is probably not an ATA password. Almost all BIOSes have a BIOS
password, that comes in two flavors: 'normal' or 'user' and 'master'
or 'admin'. The user password is for starting the computer up, the
admin is for changing the bios settings. This is NOT related to any
hard drive, it is NOT secure at all, it is literally just a dead
simple plaintext-stored-in-bios-chip password to keep non-technical
people out. I really doubt this is actually an ATA password, because
in my research I don't recall there being separate ATA passwords.
5) In my experience, it's rare for BIOS to actually expose a way to
set ATA passwords. Most do not. I suspect there's a variety of
reasonable explanations for this[3], but it's my experience. I tried
at least 5 different computers for my hard drive and I think maybe
(maybe) 1 of them supported an ATA password. It might have been 0.
Hope this helps.
-tom
[0] http://lists.zooko.com/pipermail/p2p-hackers/2011-August/002978.html
[1] http://cryptome.org/0005/fulldisk-crypto.htm
[2] http://www.esecurityplanet.com/network-security/The-Pros-and-Cons-of-Opal-Compliant-Drives-3939016.htm
[3] For 95% of drives it provides no data security and is just a way
to lock people out of their drives, their's the adoption curve where
if one vendor exposes it and you set t and put it on another computer
and they don't expose it you're locked out, it's confusing for people,
it's a GUI problem when you have >1 hard drive, etc etc.
More information about the liberationtech
mailing list