Encryption Concerns

I have read via posts on various sites that for the Passport drives drive encryption is always on. Unfortunately there is no explicit confirmation from WD, in fact the wording in their manual implies otherwise. But I expect it must be as I have set password protection written files and then removed password protection and the files written when passworded are readable. It appears no appreciable IO takes place or time passes when the password is removed (i.e. highly unlikely files are being decrypted, too complicated anyway).

My question then is what AES key is being used for the always on encryption? Without a key there can be no encryption thats the whole point of the enchilada. I would guess that the key is baked into the chip that does the encryption which means WD knows that key! Surprise Surprise! LOL. I would also expect that due to the recent revelations regarding the NSA that these keys are readily available to them or other connected parties.

If anyone would like to chime in and disabuse me of this paranoia, please be so kind.

The drives that come with Smartware are hardware encrypted by a circuit board. There is no way to turn it on and off or bypass it. If you want an unencrypted drive get an Elements it’s a simple plug and play drive.

Joe

Hi,

I’m trying to get a fuller understanding of the security of encryption used on these hard drives. My understanding from this discussion is that the hardware chip will always store all data writted to the drive encrypted with a fixed AES key and that turning encryption on and off via the included software on the virstual CD simply tells the drive whether or not it should require a password when the drive is mounted in order to permit access to the drive. Is this correct? If so, I have a few further questions.

  1. Is the AES encryption key specific to the drive or common to all/many/some drives (i.e. does every drive a have a unique, different AES key)?

  2. What are the security measures in place to protect against access to a locked drive being gained without the password? For example, is the password verification done on the drive hardware or on the host machine by the unlocking software? I recall an issue with several USB flash drives a while ago, where the included unlocking software simply passed a fixed “unlock code” to the drive after confirming the password was correct. Someone deduced this fixed password by monitoring the data sent to the drive by the unlock program. It turned out that this “unlock code” was the same for all drives and an unlock utility was written that could then unlock any drive.

A software attack such as the one described above is the main practical security concern for my threat model. However, I’d also like more information on the security measures in place on the drive hardware to ensure the security of the data on the drive. If the password is checked on the drive hardware, how does this password checking routine signal to the data transfer routine that access to the drive data should be permitted? How difficult would it be to trick the drive into enabling data access if I had the right expertise and tools and access to the drive circuit board? How is the AES key stored on the device? How difficult would it be to read the AES key from the hardware if I had the right expertise and equipment? For example, can I desolder a memory chip and find the key by reading it with appropriate hardware?

Thanks in advance,

Martin

-The drives that come with Smartware are hardware encrypted by a circuit board. There is no way to turn it on and off or bypass it. If you want an unencrypted drive get an Elements it’s a simple plug and play drive.

-oe

Thats not true. HW encryption could be switched on/off with 2 bytes only . Bypassing also is possible via terminal connection.