[bonarez]

Risk and protection with the ATA security feature set.

This subject was brought to my attention by CT - Magazine, all software mentioned are intelectual property of CT and all credit goes to them. If you live in EU you should buy their magazines!

Here's the story:
Some time ago they got a mail from a reader about a hard drive that showed up properly in the power on self test, but was strangely unavailable afterwards. after using hitachi's drive fitness test' (formarly IBM's) a message appears: "Device is password protected and can not be tested" Starting to feel uncomfortable yet? You should!
First thing someone tends to ask himself in such a case is probably "how do I get rid of it?". that turns out to be a different story. Hard disk manufacturers claim they are not able to do so. They did not build in some secret feature to disable it. However it is possible ibas claim to be able to 'unlock' it without even opening the drive. How they did it, that's a thing they won't tell us.. (there's big $$ there)

how it all began:
The idea began at www.t13.org where all the ata specifications began for that matter. The motivation came from stolen laptops, and more importantly, sensitive data stored on them. The technology has been around for years (IBM started implementing it in 3,5" drives since 1998) but up till now mostly laptop have a bios that supports this feature. Only 4 out of 16 of the tested mainboards for desktop appliance have a bios that recognizes this feature.

the facts:
It uses 32 bytes for the master password and 32 bytes for the user password. Setting the master password does not lock the drive. Only the user password locks the drive. When a drive gets locked the os keeps running without a problem. The lock becomes active after a reboot. Then most ATA commands are no longer available. It is told that poc code exists that could lock a drive without you even knowing it. Something like that could get ugly.
But you can protect yourself. The ATA specification also can set a freeze lock so it is no longer possible to lock it. But that's a job for your bios, so checking if your bios supports it is worth a few minutes of your time.
If your bios does not support it you could use CT's tools to protect yourself. Read the full story.

Bonarez

[tomas\]

This is pretty interesting i think, especially after the warez busts that took place last week.. online security such as ssl and things like blowfish are one thing, but when theyre actually at your door to take your pcs theres not much to hide anymore

[dlproof]

tomas\, on Jul 2 2005, 11:41 PM, said:

This is pretty interesting i think, especially after the warez busts that took place last week..  online security such as ssl and things like blowfish are one thing, but when theyre actually at your door to take your pcs theres not much to hide anymore

<{POST_SNAPBACK}>

Very true but by US, there's nothing that can force you (legally) to give up your encryption key. No special court order or anything except illegal pressure can be used. Unless your using a transparent encryption. :o