Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Laptop hard-drive passwords - what happens when they become locked out?

  • 13-05-2008 4:00pm
    #1
    Tom Dunne
    Registered Users, Registered Users 2 Posts: 23,212 ✭✭✭✭


    As per the title.

    With all the laptop thefts, I was proposing putting HD passwords on all the laptops at work, but from what I am reading, they have to be sent back to the manufacturer to be unlocked, should the user enter the password incorrectly a number of times.

    Anyone got any more detail on this? What is involved and what the turnaround time is? As far as I can remember, all our laptops are Dell.


Comments

  • #2
    Capt'n Midnight
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,596 Mod ✭✭✭✭Capt'n Midnight


    HDD's are cheap so not much point sending back to manu and it may be possible to reset the pw by erasing the drive (but not 100% sure )

    if you forget the BIOS password then yes it's a problem and the manu may be able to help you with a master one, but this doesn't always work and you are looking at a mother board replacement. (yes you can reset the eeprom at the risk of frying the board but you might loose things like the UUID and stuff )

    my understanding of it is
    they store the password on the platter itself so you can't read the password back by sniffing a chip
    I don't believe they lock out so you could launch a dictionary attack
    if you take the drive to a data recovery firm they will be able to recover the data if they remove the platter
    I had thought the security erase option didn't need a password, so you could reuse a locked drive by wiping it but this suggest different

    some machines don't allow you to se t passwords but hand ove the system bios password to the drive - you set the password on another PC

    one option is to use the same pw for the system and the HDD which makes it a little harder. only problem with this is that a dictionary attack on the HDD might reveal the BIOS password, but end users would really hate two different passwords.

    there is a trade off between security and conveninence - you can set some systems to bypass on warm boot or on standby. standby/resume normally needs the OS password anyway so not that much of an issue.

    when I get time I'll look at truecrypt as it can now do full partition encryption



    http://linux.die.net/man/8/hdparm
    ATA Security Feature Set

    These switches are DANGEROUS to experiment with,

    and might not work with every
    kernel. USE AT YOUR OWN RISK.
    --security-help
    Display terse usage info for all of the --security-* flags.
    --security-freeze
    Freeze the drive's security settings. The drive does not accept any security commands until next power-on reset. Use this function in combination with --security-unlock to protect drive from any attempt to set a new password. Can be used standalone, too.
    --security-unlock PWD
    Unlock the drive, using password PWD. Password is given as an ASCII string and is padded with NULs to reach 32 bytes. The applicable drive password is selected with the --user-master switch. THIS FEATURE IS EXPERIMENTAL AND NOT WELL TESTED. USE AT YOUR OWN RISK.
    --security-set-pass PWD
    Lock the drive, using password PWD (Set Password) (DANGEROUS). Password is given as an ASCII string and is padded with NULs to reach 32 bytes. The applicable drive password is selected with the --user-master switch and the applicable security mode with the --security-mode switch. THIS FEATURE IS EXPERIMENTAL AND NOT WELL TESTED. USE AT YOUR OWN RISK.
    --security-disable PWD
    Disable drive locking, using password PWD. Password is given as an ASCII string and is padded with NULs to reach 32 bytes. The applicable drive password is selected with the --user-master switch. THIS FEATURE IS EXPERIMENTAL AND NOT WELL TESTED. USE AT YOUR OWN RISK.
    --security-erase PWD
    Erase (locked) drive, using password PWD (DANGEROUS). Password is given as an ASCII string and is padded with NULs to reach 32 bytes. The applicable drive password is selected with the --user-master switch. THIS FEATURE IS EXPERIMENTAL AND NOT WELL TESTED. USE AT YOUR OWN RISK.
    --security-erase-enhanced PWD
    Enhanced erase (locked) drive, using password PWD (DANGEROUS). Password is given as an ASCII string and is padded with NULs to reach 32 bytes. The applicable drive password is selected with the --user-master switch. THIS FEATURE IS EXPERIMENTAL AND NOT WELL TESTED. USE AT YOUR OWN RISK.
    --user-master USER
    Specifies which password (user/master) to select. Defaults to master. Only useful in combination with --security-unlock, --security-set-pass, --security-disable, --security-erase or --security-erase-enhanced. u user password
    m master password

    THIS FEATURE IS EXPERIMENTAL AND NOT WELL TESTED. USE AT YOUR OWN RISK.
    --security-mode MODE
    Specifies which security mode (high/maximum) to set. Defaults to high. Only useful in combination with --security-set-pass. h high security
    m maximum security

    THIS FEATURE IS EXPERIMENTAL AND NOT WELL TESTED. USE AT YOUR OWN RISK.


Advertisement