2

I am using TrueCrypt but I want to buy SSD with SED, it's Samsung 840 Evo. After firmware upgrade it "supports advanced data security features(TCG/Opal and IEEE 1667)".

If I set ATA password, would it make my SSD secure enough? I am not talking about NSA etc. I am just curious if you are able to crack it and read data from drive?

I have Lenovo Z500 - no TPM chip I guess and only 8 characters HDD Password...

ᄂ ᄀ
  • 3,875
  • 1
  • 19
  • 18
Quak
  • 121
  • 2
  • 1
    Does the ATA password actually encrypt anything? – Louis Waweru Aug 26 '14 at 12:02
  • "AES encryption is always active on an 840 or 840 Pro Series SSD. In order to benefit from the encryption feature, however, the user must enable an ATA password to limit access to the data. Failure to do so will render AES-encryption ineffective – akin to having a safe but leaving the door wide open." - http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/about/whitepaper06.html – Quak Aug 26 '14 at 12:11
  • Ah, I have one of these drives myself but didn't know that. It's confusing though--are our drives unreadable in other systems? – Louis Waweru Aug 26 '14 at 12:35
  • A quick search says ATA passwords are easily defeated--exploits that are cheaper than brute force. – Louis Waweru Aug 26 '14 at 12:46
  • 1
    Your drive is readable in other systems because it's not protected by ATA password...If I understand correctly, SED uses ATA password for protecting Encryption Key stored in disk controller (which is used for encrypt/decrypt data on disk). So if you don't set ATA password, your Encryption Key is not protected – Quak Aug 26 '14 at 14:11
  • Okay, thanks. I think I get it. By default it will decrypt on the fly – Louis Waweru Aug 26 '14 at 16:42
  • @Quak ATA passwords have nothing to do with SEDs in general. MEK is protected once you enable encryption and set the passphrase. _Some_ old SSDs might utilize ATA Security feature set such as using reusing ATA password. – ᄂ ᄀ Aug 20 '23 at 12:35

1 Answers1

0

Is it possible to bypass ATA password?

Yes. So even though the encryption is super secure, it's a bit like having an unbreakable safe to store valuables in, and hide the key in plain sight.

Commercial forensic / data recovery tool breaking an ATA password within minutes:

enter image description here

So rather than relying on ATA use a different method to manage the built-in hardware encryption.

Joep van Steen
  • 4,730
  • 1
  • 17
  • 34