Archived from groups: comp.sys.laptops (
More info?)
The hard drive password is implemented in a fairly straightforward
manner. There is a command to send a password to the hard drive, and
the hard drive simply won't work until this command is executed with the
proper password (which is stored in the hard drive). Normally, the hard
drive password is the same as the laptop password, and both are unlocked
at once.
It was done to protect very sensitive data, but to protect it from
access by "garden variety" entities. As a practical matter, you can't
protect anything from intelligence agencies if they want to get at it,
they have the technology and the resources to do so. But most laptop
thefts and losses are rather mundane, and the new "owner" of the laptop
is generally only interested in it's hardware value. Hard drive
passwords work quite well for that purpose, and they have not, in fact,
been broken on any significant scale. It wasn't intended to block
access by law enforcement or national security agencies, but it's FAR
more difficult to break than the more widely used passwords for the
laptops themselves.
Note, most laptops don't support this feature and don't even offer to
set a hard drive password. The most significant exception is IBM
Thinkpad laptops, which generally do support it.
Klenow wrote:
> Is the magnetic media inside the drive somehow specifically paired with the
> hardware of the drive? If not, then couldn't the media be removed from the
> drive and placed into a drive that can read it, thus bypassing the password?
> If we're talking about national security, it sounds like government agencies
> should easily be able to do this...even corporations. Wouldn't it make more
> sense to strongly encrypt the data itself?
>
> The drive password idea sounds like it could foil the low level criminal
> (e.g. keeping credit card numbers somewhat safe) but could easily be
> overcome by the average espionage agency or even local police force
> electronic forensic division. It doesn't sound like a very good strategy
> for military applications.
>
> Just wondering.
>
>
> "Barry Watzman" <WatzmanNOSPAM@neo.rr.com> wrote in message
> news:411038DE.3030805@neo.rr.com...
>
>>Your point gets into the philosophy of why this feature was implemented.
>> The view is that the drive is expendable, and that the data on the
>>drive (which SHOULD, of course, be backed up) is also expendable. What
>>was deemed to be not expendable was the SECURITY of the data. [I
>>believe that this feature was originally created for the military and
>>national security applications]. Again, the philosophy behind the
>>feature is a presumption that the laptop is lost / stolen, that the
>>legitimate owner has a backup, and that what is to be given first
>>priority is the security of the data -- that is, keeping it out of the
>>hands of anyone other than the rightful owner.
>>
>>
>>Jon A. Solworth wrote:
>>
>>
>>>Barry Watzman wrote:
>>>
>>>
>>>>For all major-brand laptops, the manufacturer, through it's service
>>>>centers, will clear the passwords of laptops for a fee and if you
>>>>provide proof that you are the rightful owner. The fee and the
>>>>standard of proof both vary. As far as I know, the manufactuers that
>>>>support hard drive passwords will not clear them under ANY
>>>>circumstances -- you are expected to replace the hard drive in those
>>>>situations.
>>>
>>>
>>>I'm a bit surprised to hear the latter. You would expect unrecoverable
>>>data to be a big problem. On the other hand, ownership of disk drives
>>>is not typically tracked, so it may be hard to establish to whom to
>>>provide the password.
>>
>
>
>