Seagate announces hardware FDE for laptop and desktop machines

Daniel Carosone dan at
Wed Oct 3 00:15:38 EDT 2007

On Tue, Oct 02, 2007 at 03:50:27PM +0200, Simon Josefsson wrote:
> Without access to the device (I've contacted Hitachi EMEA to find out if
> it is possible to purchase the special disks) it is difficult to infer
> how it works, but the final page of the howto seems strange:
> ...
>    NOTE: All data on the hard drive will be accessible. A secure erase
>    should be performed before disposing or redeploying the drive to
>    avoid inadvertent disclosure of data.
> One would assume that if you disable the password, the data would NOT be
> accessible.  Making it accessible should require a read+decrypt+write of
> the entire disk, which would be quite time consuming.  It may be that
> this is happening in the background, although it isn't clear.

> It sounds to me as if they are storing the AES key used for bulk
> encryption somewhere on the disk, and that it can be unlocked via the
> password.

Assumption: clearing the password stores the key encrypted with
password "" or an all-zeros key, or some other similar construct,
effectively in plain text.

> So it may be that the bulk data encryption AES key is
> randomized by the device (using what entropy?) or possibly generated in
> the factory, rather than derived from the password.

Speculation: the drive always encrypts the platters with a (fixed) AES
key, obviating the need to track which sectors are encrypted or
not. Setting the drive password simply changes the key-handling.

Implication: fixed keys may be known and data recoverable from factory
records, e.g. for law enforcement, even if this is not provided as an
end-user service.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <>

More information about the cryptography mailing list