BTW the link you posted doesn't confirm your words. You somehow assumed that BIOS mode and Enterprise mode depend on drives but they only depend on special software.
If you re-read your posts you may notice that all your statements based on assumptions. Now make one more assumption - assume that all you previous assumptions are wrong and re-read your posts again

I will help you a little and re-phrase your first post

1. You saying. I bought a drive and I want a real protection but as far as I see I can only enable ATA password and master password is written on the drive, so where is a protection.
The answer is: Change Master password (is this so extraordinarily complicated?)
2. You saying how come it's government approved security if Master password is written on the drive
The answer is: Government is not an "I know it all" user and they use Trusted features

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.

To change master password on the drive which connected to a laptop with security freeze feature in BIOS you need external power supply. Connect SATA cable from a laptop to a drive and apply power from external power supply on the drive only.
Boot from CD with Victoria
Re-power the drive only with external power supply
Change the password

You also can use Maximum security level and user ATA password which wouldn't allow accessing data with Master password

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.

Doomer, you say:


And also:



It seems you think so little of ATA Password security with FDE drives that you insist one should buy an entire laptop with FDE drive at many times the cost of a bare FDE drive if one wants "real protection".

However, for my purpose (a single user and his personal laptop) I do not see any difference in security strength between:

1. installing a bare FDE drive such as mine and setting both ATA passwords
and
2. paying 10 or 20 times more for a new laptop with bundled "Seagate Secure" (or other software-assisted FDE) password security.

Could you enlighten us by describing the ways in which "Seagate Secure" (or other software-assisted FDE) password security is better than ATA password security for a single user and their laptop?

tinkerdude

Tinkerdude,

Have a look around the IPS/NSA website for more info. This is an interesting document that I used for a previous project.

http://csrc.nist.gov/groups/STM/cmvp/do ... sp1299.pdf

There is no (techie) documents AFAIK for the notebook FDE drives because it is not FIPS approved yet ;o)

_________________
All went well until I plugged the drive in.

more ref:-

[1]. IETF RFC 2119, 1997, “Key words for use in RFCs to Indicate Requirement Levels”
[2]. Trusted Computing Group (TCG), “TCG Storage Architecture Core Specification”, Version 1.0, Revision 1.0
[3]. NIST, FIPS-197, 2001, “Advanced Encryption Standard (AES)”
[4]. [INCITS T10/1731-D], “Information technology - SCSI Primary Commands - 4 (SPC-4)“
[5]. [ANSI INCITS 452-2008], “Information technology - AT Attachment 8 - ATA/ATAPI Command Set (ATA8-
ACS)“
[6]. Trusted Computing Group (TCG), “TCG Storage Storage Interface Interactions Specification“, Version 1.0,
Revision 1.0

_________________
All went well until I plugged the drive in.

Hi Doomer,



Yes, I thought so as well, but not so. I have here 7200 FDE.1 - loose drive - no encryption at all.

tinkerdude,



If I understand your question correctly, there are quite a few members here who could easily disable or modify any ATA password you may set with your drive. Protection using ATA password is very weak.

The crypt is on the media HOT-SWAP and see what happens

_________________
All went well until I plugged the drive in.

And how you confirmed that there is no encryption?

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.

I cannot enlighten you because it would be TMI for a forum but somebody already did

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.

Hi Doomer,

Got it (after reading some) - 7200 FDE.1 is encrypted and fully accessible.

has anyone opened a password protected Seagate FDE :O) ? COS im interested heheeeee

_________________
All went well until I plugged the drive in.

Really? Too much information for HDD Gurus? I'm sorry, but that is hard to accept.

If you're referring to the list of references cited by "guru", that is an interesting list of background references, none of which appear to directly address my question to you.

By making the unconvincing statement that the answer is too complicated to provide even a single sentence of explanation and deflecting the question by pointing to inapplicable background references, you provide the appearance that you cannot back up the claim you are making.

You claim that for "real protection", I should buy an entire new laptop bundled with FDE drive and proprietary security software.

But I do not see the benefit of this over ATA password security with an FDE drive for someone in my position - a single user, one drive and a personal laptop.

My question, more specifically now, is:

Can you describe any way at all in which "Seagate Secure" (or other software-assisted FDE) password security is more secure than FDE-based ATA password security for my situation (a single user, one Seagate ST9320329AS drive and a personal laptop)?

Well, you have to deal with it


It is not too complicated. This information is not to be released on public that was my point



I can but I won't
You take it as or do not take it

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.

I agree that's the case for non-FDE drives. But techniques such as...

* take two identical virgin drives, set an ATA password on one, directly read platters on both drives and compare to discover password and its location

... do not apply to FDE drives, since ostensibly everything on the platters is AES-128 encrypted. And actually, I've read that the passwords aren't even stored on the platters, but rather in the drive electronics (encrypted and physically inaccessible).

Does anyone have any evidence of a successful ATA password crack on an FDE drive?

I can but I won't
You take it as or do not take it[/quote]

Mr. Doomer,

You are quickly losing credibility here. You can't even say even a single thing to back up your claim? How do you expect anyone to believe you?

I don't expect anyone to believe me
Why do you think I would care to convince you?
My point was to show readers of this forum that you wrong, so they wouldn't spread your faulty assumptions all around the Net
That would be it

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.

As a side note, some people here have NDAs etc. to deal with.

_________________
You don't have to backup all of your files, just the ones you want to keep.

It's hard to see how an NDA would apply here.

Mr. Doomer is claiming that ATA Password security on Seagate FDE drives is flawed somehow and does not afford "real protection" in my case and that I (and, by extension, others) should spend 10 or 20 times as much money (or more) to buy an entirely new laptop with bundled drive and proprietary security software if I want "real protection".

Seagate, on the other hand, doesn't seem to make any distinction in the inherent security of ATA Password mode versus Seagate Secure/DriveTrust mode for an individual end user, but rather describes the latter as a security management solution that offers extra features which are more appropriate and scale much better for enterprises.

I wonder if Mr. Doomer's income is somehow tied to how many people pay for the more expensive enterprise-level security solution - for instance, if Mr. Doomer works for Seagate or an affiliate. But somehow I doubt the secretive Mr. Doomer would reveal his occupation or employer, let alone his identity.

I have to say it's also remarkable that Mr. Doomer insists on directly contradicting Seagate documentation with no evidence or even the most trivial attempt at elaboration.

For example:

Seagate: "Seagate Secure and traditional ATA password modes are mutually exclusive. One cannot activate both types of passwords at the same time."
(http://seagate.custkb.com/seagate/crm/s ... NewLang=en)

Mr. Doomer: "I have personally seen FDE drives with ATA password and FDE user password enabled at the same time"

Now, who should be believed? Long-published public Seagate documentation or an anonymous, dismissive, condescending, pedantic nitpicker who comes off like he has such an anemic ego that he strains daily to prove how much of an alpha geek he is (and in the process confusing and misinforming people with his pompous, totally unsubstantiated claims).

Makes you wonder who the real "Mr. Know It All" is.

AFAIK

The ATA Master and User password are kept in a seperate negative LBA/Cylinder area on the drive (So usual lab attack methods to get at this is possible)

The "Trusted" passwords are kept (crypted)within the drive trust security module (Which apparently no one can get at)

One worrying thing about warranty returns that I did find from the manual :-

"Important: When returning a drive for warranty support, if possible, you should provide the valid ATA Master password, or return the drive in the Security Erased state with the User Data Area accessible"

"

If not they cannot process your warranty claim. I wonder how many people will provide their passwords ?

_________________
All went well until I plugged the drive in.