kudemo.blogg.se - Set password on wd my passport for mac

SET PASSWORD ON WD MY PASSPORT FOR MAC FULL
SET PASSWORD ON WD MY PASSPORT FOR MAC SOFTWARE
SET PASSWORD ON WD MY PASSPORT FOR MAC PASSWORD
SET PASSWORD ON WD MY PASSPORT FOR MAC PC
SET PASSWORD ON WD MY PASSPORT FOR MAC SERIES

SET PASSWORD ON WD MY PASSPORT FOR MAC FULL

This post to the Full Disclosure Mailing List holds the details:įrom my amateur reading of it, the paper ( ) supports most of Tom's inferences and can probably explain zed_the_shredder's observations (while not exactly supporting the conclusion).

SET PASSWORD ON WD MY PASSPORT FOR MAC SERIES

Got HW crypto? On the (in)security of a Self-Encrypting Drive series It is now late 2015 and researchers have shone a spotlight on the Western Digital My Passport and My Book series in a paper titled:

SET PASSWORD ON WD MY PASSPORT FOR MAC SOFTWARE

TrueCrypt).Īlso, note that the software used to unlock the drive does not appear to have a Linux version, so this may reduce interoperability. You cannot build a reasonable security strategy on unknowns, so a cautious should prefer a software-based solution where the involved algorithms are known and are applied properly (e.g.

SET PASSWORD ON WD MY PASSPORT FOR MAC PASSWORD

If the manufacturer just used ECB (a really bad idea in this case), you would not know it.Ĭonclusion: the locking feature may be good, but there is a high probability that at least parts of the system are weak (probably the password derivation feature, and the encryption mode). Good hard disk encryption needs some specific encryption modes (the arguments against extra storage for a MAC and against the presence of a hardware RNG also apply here: encryption is probably not CBC with a random IV). But nothing guarantees that AES was used properly.Using another encryption algorithm would just be more expensive for them, so chances are that they abstain (there, economics induce the vendors into doing the right thing). I shall soon have to resort to threats they just don't want to learn.Įncryption itself is probably based on AES, because there now are disks with flaunted AES-based encryption, so disk manufacturers have the dedicated chips and know-how.

SET PASSWORD ON WD MY PASSPORT FOR MAC PC

The hashing process cannot include many iterations because they would have to be computed by the CPU embedded in the drive, which is not nearly as efficient for number crunching as a basic PC (again, economics).ĭespite repeated pedagogical efforts, nobody in the industry seems to be able to do password hashing properly. Economics being what they are, chances are that there is no random salt. Strong derivation would use a random salt, which then requires a source of randomness, and there is no reason otherwise to have a dedicated chip for randomness on the drive. The derivation from the password to the key which encrypts K is probably weak, because: Adding a MAC would likely increase development costs or decrease performance or both since they don't boast about it, chances are that there is no MAC.

I assume this because a MAC requires some extra space (just a few bytes) which would destroy the nice powers-of-two sizes of individual sectors. The encryption with K does not include checked integrity (i.e. This is about the amount of what can be deduced from the information. When the password is removed, it is actually replaced with a convention password (i.e. When the user changes his password, K is decrypted with the old password and re-encrypted with the new.

When the disk is unlocked, K is decrypted with the password, and kept in some RAM on the disk (disks have RAM, several megabytes, if only for caching). one hour), one can surmise that the drive data is encrypted with a drive-specific key K, which never changes, and that key is stored somewhere on the disk (possibly in some EEPROM) encrypted with a password-derived key. Since the user password can be changed (page 28) without implying a complete re-encryption of the disk (it would take some non-negligible time, e.g.

The encryption uses a key which is derived more or less directly from the user password.

The screenshot page 26 shows a warning to the effect that WD themselves won't be able to recover the data when a password is lost, so it is probable that: This reinforces the idea that everything occurs on the drive. , we also see that a locked drive can still be used on a machine where the WD software is not installed, provided that you still use the software for a one-time unlock operation (this application is shown by the hard drive to the computer as a virtual CD-ROM emulated by the USB firmware on the drive). This hints at a security feature done on the drive itself, not in software on the host computer.

All we can do is infer.įrom the documentation, we see that the password must be re-entered in a number of conditions (drive unplugged, computer shut down, computer put to sleep.) which boil down to: the drive was not powered at some time. What isn't documented, is not documented.