hardware crypto on ThinkPads -- What happens after many password attempts?
There was an article a while back saying that after 20 or so password attempts, hardware FDE drives will throw away the key -- in effect doing an instant wipe.
The article did not mention what brands/models of drives that do this, and the documentation is lousy in this respect. Anyone have insight on the behaviour of Hitachi and Seagate drives, as far as how many attempts are tolerated and what action the drive takes? Is this dependent on the BIOS, or the drive? |
The encryption key is generated by the encryption chip on the drive. It is however dependant on setting the hard drive password (and preferably Master drive password as well) in the BIOS. The ecryption key on the drive can only be regenerated (effectively making the contents inaccessible) though the drive password (if the master isn't set), or through the master password if set.
As far as I know you can enter the password as many times as you like. Nor is there any mention I've seen of such a feature on Lenovo's website or support documents of such behaviour. The best way would be to send and e-mail to Lenovo support and ask them directly. |
I appreciate the reply, but after more thought, I'm doubting that the BIOS is what controls the limit of password attempts. If it did, then an adversary could use their own BIOS (or software TPM) to allow for infinite rapid attempts. If there's a limit, it would have to be imposed by the drive manufacturer.
OTOH, I read here that "If the user's Hard drive password has been forgotten...the hard drive must be replaced". Yikes! So not only is the data lost, but the hardware is bricked and drive cannot even be reformatted and reused. Great feature for the company selling the drives. What strikes me as odd is that Lenovo is making that statement, not the maker of the hard drive. How can Lenovo brick the hard drive? It would seem only the drive itself could block the use of the instant wipe feature. Otherwise someone could simply install the drive in a non-Lenovo machine, use instant wipe to throw away the key, and then re-install the drive back into the Thinkpad. What am I missing? |
You can read "the hard drive has to be replaced" as: "if you forget the password, don't expect to access the hard drive again, ever". Which prevents malicious users to circumvent the hard disk's encryption in any way. If you don't know the password, game is over. Imagine that if Lenovo or anyone else would make the drive accessible in any way and data comes in the hands of someone who isn't the owner. If the real owner sues Lenovo or breaks publicity, Lenovo would be in deep trouble. It is much simpler not to touch an encrypted hard drive. It is the user's responsability not to loose the password, and if they do loose it, they have been warned.
jlinkels |
Quote:
If the idea is that adversaries cannot wipe the drive as a DoS attack, it doesn't matter because the adversary has physical access to the drive anyway (they can destroy it). If the idea is that a thief is getting something that's unusable, they're generally stealing the whole laptop anyway, which still has value without the drive. |
I've found that the Thinkpad BIOS is incapable of doing an instant wipe of Hitachi FDE drives (but it can do an instant wipe on Seagate FDE drives). In fact, there is (apparently) no instant wipe feature whatsoever for Hitachi drives, even when you have the password.
Since Lenovo is using Hitachi for their stock drives, their warning makes sense. I wonder if Hitachi has omitted instant wipe deliberately, as a way to sell more drives to those who lose their passwords. |
Quote:
jlinkels |
Quote:
BTW, my original question still stands. It's still not clear which hard drives "self destruct" after too many password attempts. The IronKey usb sticks will erase after 10 attempts, and I'm beginning to wonder if that's the only drive that does this. |
If you have no Master password set then indeed, if you forget the drive password you're out of luck. If you have the master password set, that password can be used to regain access or reset the encryption key even if the regular drive password has been forgotten. Lenovo have a utility on their site that can be sued to reset the drive keys, effectively "wiping" the drive.
|
Quote:
1) Secure Data Disposal 2) Atmel TPM (Trusted Platform Module) device driver for Windows |
All times are GMT -5. The time now is 04:37 PM. |