[ltp] Hard disk password & linux
Matthias Posseldt
linux-thinkpad@linux-thinkpad.org
Tue, 17 May 2005 18:32:05 +0200
On Monday 16 May 2005 09:02, Martin Eslon wrote:
> Thinkpads seem to have three type of power-on passwords: power-on,
> harddisk and supervisor password.
Right.
> i'm using t21 and power-on password which leaves my data bare-naked
> if hdd is extracted and examined with another computer.
Right, because the power-on password does not in any way affect the
harddisk. It is stored in an EEPROM or similar and can be erased by
removing the battery pack and the small battery which provides power to
hold BIOS and clock settings.
> hdd password is only any good if it does realtime encryption on all
> written data and that takes some cpu power or special chip. i know
> that there are special software (eg 'cpu power' -case) that does that
> (like easyguard etc), but can anyone confirm that thinkpads have
> built in hdd-encryption system which runs from hardware (eg in/with
> ide controller) and not just some hdd-installed piece of software
> which can be formatted etc?
The harddisk password as supported by IBM Thinkpads and other notebooks
and desktop PCs uses a harddisk function which is present in the ATA
standard for IDE drives.
While it does not encrypt the data, it effectively denies access to the
data right after powering the harddisk on until the correct password is
given (not only on the computer where the harddisk was locked but on
any computer). But, according to an article in the German computer
magazine c't at least one company has the knowledge to recover files
even from password protected harddisks even without opening the
harddisk.
So, it seems that there are ways to recover data from a locked
harddrive, but it is very expensive and difficult to do. Strong
whole-disk encryption continues to be the only way to truly protect
sensitive data in the long term. But using the ATA harddisk passwords
is a further obstacle one can use to make it more difficult to retrieve
sensitive data.
Regards,
Matthias
--
There is still the danger of EU software patents!
http://swpat.ffii.org/