[BBLISA] Looking for FDE single system windows 8

John Orthoefer jco at direwolf.com
Wed Jan 28 13:27:41 EST 2015 

In moving HW FDE (aka Self-Encrypting Drives, SEDs) between systems no issues at all.   There is a bit of a learning curve, because some older BIOS don't "ask" the drive if security is on, and just assume it is if you set a Disk PW.   For those revisions, it seems setting the PW the same as the Disk, and rebooting has seemed to work.  

SW FDE, no end of issues.  multiple days of lost time while we plug the disk into another box, and run the "Decrypter" Live Disk.  then re-encrypt.   It's really amazing, it seems to the "Only" fix they have for a lot of problems.  Decrypt it stand-alone, uninstall, re-install and re-encrypt.   For any modern disk this is like 24-36 hours.  

I am currently a firm believer in HW FDE/SED.  And don't trust any SW WinTel based solutions. 

Johno


On Jan 28, 2015, at 8:36 AM, Eric Smith <esmithphoto at gmail.com> wrote:

> John, 
> I don't want your comment to be true... sigh.  But it is.
> What problems have you had moving SATA hardware between systems (that have FDE)?  I've considered fully encrypting eSATA drives at home.
> 
> When it didn't work, were you EVER able to access them the data?  Was it just inconsistent?
> 
> I know I've had troubles using some external cases which supported eSATA & USB (I was trying eSATA.)  The maker blamed some combination of the motherboard hardware, the chipset in the case, and the SATA drivers.  I switched over to USB on the same case and it worked perfectly (if slower.)  Mixing FDE into that mix scared me enough not to try.
> 
> Eric
> 
> On Wed, Jan 28, 2015 at 1:02 AM, John Orthoefer <jco at direwolf.com> wrote:
> 
> On Jan 27, 2015, at 9:11 AM, Edward Ned Harvey (lopser) <lopser at nedharvey.com> wrote:
> >>
> >
> >  Furthermore, BIOS doesn't generally interact with a USB drive, so what if you want to recover the contents of a self-encrypted drive attached for rescue purposes via USB to some other rescue system?  In that case, there may be a solution of some kind, but there's also the distinct possibility you'd be SOL.
> >
> > If you want a BIOS-like boot password, I would suggest using TrueCrypt instead of self-encrypting drive, because at least then you'll know you can attach the drive to any system, and be able to recover it.
> 
> 
> 
> For what it's worth Seagate Disk utilities, that are Windows only but free.  Does know how to send commands via USB to an encrypted drive.  I've used them and they seem to work fine.
> 
> True crypt, and PGP FDE  I've had problems with both of them, they seem to be SUPER sensitive to the SATA hardware and driver.  I would only be comfortable using it at a site where we had 10s or 100s of identical machines.    But in my current position I have 1's and 2's of about 30 models (although they are MOSTLY Dells, I can't imagine how bad it would be if I had a collection of Makes and Models.)  This is part of the reason I've abandoned S/W FDE.
> 
> Johno
> 
> 
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.bblisa.org/pipermail/bblisa/attachments/20150128/32250d0a/attachment.html>

More information about the bblisa mailing list