04-11-2008 04:39 PM - edited 04-15-2008 10:38 AM
04-15-2008 10:41 AM - last edited on 04-16-2008 06:25 AM by AlanM
"Every Momentus FDE.2 drive always saves AES-level encrypted data to the physical media. Each drive has a unique encryption key which means no two drives save the same data patterns given the same data. When a FDE.2 drive is new, out of the box, the password controls are disabled. In this scenario, the drive can receive the Windows OS and user applications (including the Seagate Secure password applications) and boot just like an ordinary drive. As said before, no two FDE drives are saving the same bit patterns to the physical media. Once the system is fully built, the next phase is to active the password controls using specific third-party software (like that from Secude or Wave Systems). Once the Seagate Secure passwords are activated, then the user data sectors are inaccessible by firmware restriction until the password challenge is met. After the passwords are accepted then the drive boots and runs like an ordinary drive (albeit saving AES encrypted data to the physical media).And the following response from Wave (one of Seagate's software partners):
It is entirely possible to use software encryption in addition to hardware FDE. Many people may still want to encrypt folders or files as special cases. With software encryption the data on the drive can be erased by booting to a CD and running data erasure software. With Seagate's FDE Seagate Secure technology, the data sectors are simply unavailable until after the password challenge.
Here are a couple of additional documents that may have new information for you:
DriveTrust™ Technology: A Technical Overview
Seagate First Hard Drive Maker to Win NIST Certification for Encrypting Hard Drive
"The actual data is always stored on the platters encrypted. The drive contains a security controller that always writes the data to the platters encrypted and decrypts the data as it comes off the platters and is sent to the computer.
The protection from unauthorized access occurs when you use Wave software to turn on the drives built in access control (also called Drive Trust) features, at which point the drive will not allow access unless a valid password is presented at pre-boot.
It's also important to note that these drives are always encrypting, right from the factory, and can never store data in an unencrypted fashion. What this also means is that any type of operation against the drive; formatting, partitioning, image restores and data recovery will
always be encrypted automatically and transparently to the user. You
never spend any time "encrypting" the data, it happens always. This is unlike software FDE where the data has to be encrypted initially (which can take hours) and the operations I described above can require additional hours for encryption or decryption of data."
I think it's also important to note that the encryption key is stored within the drive controller itself, and not on the platters alongside the data.
(Edited long URL into hyperlink)
09-15-2008 08:38 AM