«

2006 Security Breaches Matrix reveals that a large number of the data
leaks were caused due to stolen laptops, which can be easily mitigated
by using full disk encryption on the laptop. So why not encrypt the
whole drive? Cost and performance impact are the usual arguments. Tests
show that access time for files increases by 56%-85% after full disk
encryption. And the cost of FDE software usually ranges from $0-$300
depending on how good of a software and support you wanna get. So is it
NOT worth it?

Data from tests (performance impact) of the FDE products (PGP,
Compusec, Pointsec and Utimaco):
http://www.xml-dev.com/blog/index.ph...ewtopic&id=250

2006 Security Breaches Matrix:
http://www.efortresses.com/refdocs/2...hes-Matrix.pdf

On 12 Oct 2006 19:56:04 -0700, "Saqib Ali" <>
wrote:

<snip>

For most purposes the use of a disk password would be
give adequate protection, no overhead on legitimate use
and no additional cost. IBM laptops have had it for a
long time.

--
Jim Watt
http://www.gibnet.com

Jim Watt wrote:

> For most purposes the use of a disk password would be
> give adequate protection, no overhead on legitimate use
> and no additional cost.

adequate == none? Just moves the plates to another electronic board and
you've got full access. Even I'm competent enough to do that.

Sebastian Gottschalk wrote:
>
> Jim Watt wrote:
>
> > For most purposes the use of a disk password would be
> > give adequate protection, no overhead on legitimate use
> > and no additional cost.
>
> adequate == none? Just moves the plates to another electronic board and
> you've got full access. Even I'm competent enough to do that.

Wrong.

A hard drive password will protect data, even if the drive is moved
to another "home."

Notan

Sebastian Gottschalk wrote:
> adequate == none? Just moves the plates to another electronic board and
> you've got full access. Even I'm competent enough to do that.

After Full Disk Encryption, I DON'T think you can simply move the
platters to different board and you get full access. I think you are
talking about ATA Drive Lock


saqib
http://www.full-disk-encryption.net

Saqib Ali wrote:

> Sebastian Gottschalk wrote:
>> adequate == none? Just moves the plates to another electronic board and
>> you've got full access. Even I'm competent enough to do that.
>
> After Full Disk Encryption, I DON'T think you can simply move the
> platters to different board and you get full access. I think you are
> talking about ATA Drive Lock

Exactly that's what the IBM password lock thing is about.

> > After Full Disk Encryption, I DON'T think you can simply move the
> > platters to different board and you get full access. I think you are
> > talking about ATA Drive Lock
>
> Exactly that's what the IBM password lock thing is about.

oops sorry. I didn't realize the original poster was talking about ATA
Drive lock.

I thought they were talking about Utimaco which is a FDE solution and
ships for free with IBM/Lenovo laptops.

saqib
http://www.full-disk-encryption.net

On Fri, 13 Oct 2006 12:01:09 +0200, Sebastian Gottschalk
<> wrote:

>Jim Watt wrote:
>
>> For most purposes the use of a disk password would be
>> give adequate protection, no overhead on legitimate use
>> and no additional cost.
>
>adequate == none? Just moves the plates to another electronic board and
>you've got full access. Even I'm competent enough to do that.

But you are incapable of removing malware without flattening
the system ...

However, these days drive electronics are not interchangable
and its the control board you would need to change, rather
than opening the enclosure and whipping out the platters
(to give them the correct name)

There are better ways around it, but not for the average
or even above average laptop thief.
--
Jim Watt
http://www.gibnet.com

> > After Full Disk Encryption, I DON'T think you can simply move the
> > platters to different board and you get full access. I think you are
> > talking about ATA Drive Lock
>
> Exactly that's what the IBM password lock thing is about.

However I will add that Seagate's FDE.2 drives encrypt everything by
default before "placing it on the platter" So the mere act of enabling
ATA Drive Lock on a Seagate FDE.2 drive does the trick. Even if you
take out the platters and place it in a different enclosure you won't
be able to access the data.
See:
http://www.seagate.com/docs/pdf/mark...400_fde_bb.pdf

Also Seagate has plugged all the known ATA Drive Lock hacks (as far as
I know).

saqib
http://www.full-disk-encryption.net

Saqib Ali wrote:

>>> After Full Disk Encryption, I DON'T think you can simply move the
>>> platters to different board and you get full access. I think you are
>>> talking about ATA Drive Lock
>>
>> Exactly that's what the IBM password lock thing is about.
>
> However I will add that Seagate's FDE.2 drives encrypt everything by
> default before "placing it on the platter" So the mere act of enabling
> ATA Drive Lock on a Seagate FDE.2 drive does the trick. Even if you
> take out the platters and place it in a different enclosure you won't
> be able to access the data.
> See:
> http://www.seagate.com/docs/pdf/mark...400_fde_bb.pdf

Reading that, it seems to suck:
- can interfere with TPM
- of course it can't be snoop-proof as claimed
- proprietary scheme
- most likely it's ECB and has no MAC
- stupid talking about buzzwords like "intellectual property"

> Also Seagate has plugged all the known ATA Drive Lock hacks (as far as
> I know).

So what? You also always read, change and write back the firmware.