Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingFull disk encryption, hardware only
kingdragonfly

11196 posts

Uber Geek

Subscriber

#207606 4-Jan-2017 18:53
Send private message

This post is about full disk encryption using hardware (also called FDE, SED) for consumer-level users (non-Enterprise)
- no software needed
- any operating system OK
- doesn't use the PC's CPU
- using SATA drive(s)

I realize that most modern SSD have full disk encryption built-in, but disabled. I'm only aware of one common consumer-purchasable motherboard that supports the "ATA Password" feature that enables encryption: the ASRock Extreme6 Z97.

However even after purchasing the correct motherboard, Asrock only gives you the correct BIOS by emailing their tech department and asking for the unpublished version.

https://arstechnica.com/civis/viewtopic.php?f=11&t=1265649

So an easier alternative is purchasing an Addonics single cipherchain. (They do ship worldwide.)

http://www.shopaddonics.com/Products.aspx?code=CCK&key=cat

There are two models: one is US $75, and the other is US $89.

Quick answer: buy the more expensive CBC version.

Long answer. Both the $75 and $89 versions are pretty simple hardware based device.

Both models use a supplied hardware key (looks like a USB key). Both models need the key to be plugged in the first time you want to use the disk.

The board has a power connection, a place to plug the key, and two SATA ports: one in, one out.

With the key in place, all SATA traffic passing through is encrypted.

With the Cipherchain between your motherboard and drive, you format the drive and any operating system (Windows/Linux/Mac) is none the wiser. There's no drivers or software anywhere.

The drive will continue to be encrypted until it powers down.

Once it's running, the hard drive is encrypted even when the key is removed.

You get two duplicate keys. Make sure you don't lose the copy.

It sounds so good so far, but there's a problem.

The cheaper $75 model uses a Enova x-wall mx-256, and the more expensive $89 uses the later "C" version (using CBC).

The cheaper version can be broken. Adobe used ECB this method when millions of passwords were stolen.

Addonics information on ECB is misleading, saying it's almost unbreakable. But as Adobe's can attest in 2013 about their stolen passwords, ECB should not be used anywhere.

https://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/

The more expensive US $89 version uses CBC, which is secure.

http://crypto.stackexchange.com/questions/225/should-i-use-ecb-or-cbc-encryption-mode-for-my-block-cipher

Also the cheaper version only goes to 3 GBps (SATA II), while the more expensive one goes to 6 GBps (SATA III)

So spend the extra US $6, and get the later version.

Note: I'm not associated with Addonics in any way. I paid for all my products.



Create new topic
kingdragonfly

11196 posts

Uber Geek

Subscriber

  #1716379 7-Feb-2017 10:05
Send private message

For those wanting to use the built-in disk encryption built into many new solid state drives, SSD.

"ATA password" is usually called "HDD password" or "HDD security" in BIOS. The feature is called "ATA Security Mode Feature Set" / ATASX

It appears the Asrock Z170 Pro4S supports this if you do the following:

1. Enter the BIOS setup.

2. In BIOS main screen, please press[Ctrl]+[Shift]+[F3].

3. Afterward, press[F10] to save the setting and exit.

4. Reboot the system then enter the BIOS setup again, you can see the HDD security Configuration in Security tab.


There's software that can be bought that'll break SSD hard-drive passwords (but not Addonics)

http://www.atola.com/products/insight/password-removal.html


Here's a statement from Hitachi:

"We know that the data recovery companies can get around the password protection. This doesn't mean that we are able to help you gain access as well.

As this is a Security Feature designed to prevent Unauthorized access to the drive, Hitacho will be unable to assist you further with this request"



kingdragonfly

11196 posts

Uber Geek

Subscriber

  #1899512 12-Nov-2017 10:06
Send private message

Just an update. It looks like there is at least four different companies selling software to break the built-in encryption on just about every SSD.

This is NOT Microsoft's controversial BitLocker.

https://theintercept.com/2015/06/04/microsoft-disk-encryption/

This is the hard disk manufacturer's built-in hardware based hard drive encryption, sometimes called "ATA password" or "Security set password".

"BIOS password" is actually a separate feature, but sometimes also enables the hard disk built-in encryption, particularly on laptops.

So if you purchased just about any laptop, thinking the built-in HDD encryption will keep you secure, you're wrong.

This includes IBM Lenovo, Samsung, Dell Precision and Latitude, Toshiba, zBook, AlienWare

A casual thief can even try the open-source "Ultimate Boot CD", before moving on the many easily purchased commercial forensic products.

http://ubcd.sourceforge.net/download.html

So if you're looking for agency proof encryption, look elsewhere.

http://atola.com/products/insight/supported-drives.html
http://www.hddunlock.com/
http://blog.acelaboratory.com/step-by-step-guide-how-to-unlock-a-password-on-the-hdd-via-simplified-interface-of-pc-3000.html
http://www.majorgeeks.com/files/details/victoria_for_windows.html

If you just want an encrypted drive / volume, you should consider Veracrypt, a spin off of TrueCrypt.

It has less performance than hard disk manufacturer's built-in hardware based hard drive encryption, but infinitely more secure. Note it's not an enterprise product, so it's not centrally administered.

https://www.esecurityplanet.com/open-source-security/veracrypt-a-worthy-truecrypt-alternative.html

ANglEAUT
2324 posts

Uber Geek

Trusted
Lifetime subscriber

  #1899593 12-Nov-2017 14:02
Send private message

kingdragonfly: ...

If you just want an encrypted drive / volume, you should consider Veracrypt, a spin off of TrueCrypt.

It has less performance than hard disk manufacturer's built-in hardware based hard drive encryption, but infinitely more secure. Note it's not an enterprise product, so it's not centrally administered.

https://www.esecurityplanet.com/open-source-security/veracrypt-a-worthy-truecrypt-alternative.html

 

Have to agree about VeraCrypt. It also is backwards compatible with TrueCrypt volumes.




Please keep this GZ community vibrant by contributing in a constructive & respectful manner.



kingdragonfly

11196 posts

Uber Geek

Subscriber

  #1927241 31-Dec-2017 09:14
Send private message

Just a final note on adding "two form authentication" to Veracrypt full disk encryption (or anything really)
* quick
* easy
* cheap
* guaranteed to work with anything that has a keyboard

"Two form authentication:"

* "something you know" is your password
* "something you have" is a Yubikey plugged into your USB port.



The YubiKey acts as a USB keyboard, with literally one button that types a bunch of characters when you press the button on it.

From Yubikey:

"Note: We recommend you use the YubiKey in static password mode for only part of your password.

To do this, manually enter a simple and easy-to-remember first part of your password, then use the YubiKey to enter a strong second part of your password. For example, you can set your password to:

Sunny33rcltrcihbkkiulnveuenervidliliifv

where 'Sunny33' is manually entered and 'rcltrcihbkkiulnveuenervidliliifv' is stored in, and entered, by the YubiKey."

Available on Amazon for about $20 and up.

https://www.amazon.com/FIDO-U2F-Security-Key-co-creator/dp/B00NLKA0D8/ref=sr_1_1

Though the following is informational only, not actually needed to understand to use, here's an explanation YubiKey's modehex

https://www.yubico.com/wp-content/uploads/2015/11/Yubico_WhitePaper_Static_Password_Function.pdf

I realize there's much more sophisticated use of multi-form authentication, and Yubikey.

However I think this is the only form currently that Veracrypt supports currently.

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright