[RhoXS]

My goal is to protect access to my harddrive if my computer is stolen from my home. I use an Intel SSD soley for the speed boost it provides so I do not want to encrypt it and slow it down. I also use a secondary conventional HD for storing large amounts of data. Is there a method for making these drives unreadable if used in another computer or preventing them from being readable in my computer unless a password is used when starting it? Ideally this might be done via the hard drives firmware but I doubt this feature exists.

[thideras]

I believe encryption is the only method. I don't think you will see that much of a performance decrease, though. I didn't even notice when I encrypted my laptop's FC13 install (5400 rpm mechanical disk). Try it and find out how much of a difference it is.

[Bobnova]

Encryption is the only way.
All other methods lock it via software, which is easily avoided by slapping it in a linux box.

[DaveHCYJ]

Like the others said the only way to prevent someone from reading a file if they have physical access to the drive is to encrypt it.

However you can certainly try to mitigate the performance hit as much as possible. Rather than doing entire drive encryption you could just encrypt critical files. There isn't much of a reason to have all your OS files, or movies/mp3's encrypted.

[thideras]

Quote:

Originally Posted by DaveHCYJ

There isn't much of a reason to have all your OS files, or movies/mp3's encrypted.

I don't want someone modifying the files on my laptop. All they'd have to do is yank the entire drive and add a file/script to the system to add a backdoor. There really isn't an issue with encrypting the whole drive. During setup, it is one checkbox and two password boxes. On startup, it asks for the password. I don't see how that is any more difficult than doing individual files/folders. I actually think it would be more annoying doing it separately.

[amdking]

IF this drive is in a laptop and it supports security features, you can password protect the HDD. Its not a form of encryption, it asks for your PW on boot, if its incorrect the drive is in a security frozen lock state until the correct password is entered to the drive itself. So, therefore noone can just take it to another PC and take files off it =) Its in the secure frozen state, the only way to unfreeze it is with correct password or performing the HDD's security wipe procedure which basically zero's the entire drive and then unlocks it =)

[thideras]

Quote:

Originally Posted by amdking

IF this drive is in a laptop and it supports security features, you can password protect the HDD. Its not a form of encryption, it asks for your PW on boot, if its incorrect the drive is in a security frozen lock state until the correct password is entered to the drive itself. So, therefore noone can just take it to another PC and take files off it =) Its in the secure frozen state, the only way to unfreeze it is with correct password or performing the HDD's security wipe procedure which basically zero's the entire drive and then unlocks it =)

You could just swap the logic board on the hard drive. Wouldn't be difficult at all. It would deter someone from taking the data, but no where near impossible.

[amdking]

That doesnt really work on todays hdd's that well. Because even the same board has media specific entries in its firmware/nvram that is "learned" over the coarse of time from use with the HDD. I am not talking about SMART either.

This use to work on drives back in the 20GB days when there really werent media specific attributes located in the devices firmware or nvram.

This is one of the reasons why data recovery on todays drives where the controller board has failed is really difficult unless you have a device like the PC3000 =) where it can transfer firmware /nvram media specific stuff to a new board.

[thideras]

I swapped logic boards on 1tb WD Greens very recently and it worked fine. The board was toasted and I had to make sure that the drive still worked. It works.

[DaveHCYJ]

Quote:

Originally Posted by thideras

I don't want someone modifying the files on my laptop. All they'd have to do is yank the entire drive and add a file/script to the system to add a backdoor. There really isn't an issue with encrypting the whole drive. During setup, it is one checkbox and two password boxes. On startup, it asks for the password. I don't see how that is any more difficult than doing individual files/folders. I actually think it would be more annoying doing it separately.

I got the impression the OP was more concerned about minimizing the performance hit while still getting security. You're right, encrypting the whole drive would be far less annoying, but you take a performance hit.

It also didn't seem like he was worried about someone stealing his laptop and then kindly unstealing it after installing a backdoor

[amdking]

Well you were lucky thideras =) were the drives really old or no? Cuz if new I guess there wasnt that much learned about the specific media.

[thideras]

Quote:

Originally Posted by amdking

Well you were lucky thideras =) were the drives really old or no? Cuz if new I guess there wasnt that much learned about the specific media.

1tb drives are quite new...

[hansen]

The password information is stored on the platter, so ...

[thideras]

Quote:

Originally Posted by hansen

The password information is stored on the platter, so ...

I haven't done a lot of research on this, are you sure? That just seems insecure to me .__.

[hansen]

Well, it is secure enough so it wont be erased by chaning the board.

It is stored in an area that is only addressable by the firmware. So you cannot get to it and erase it yourself.

[amdking]

Yes I believe its stored in the service area of the platter which is not accessible except if taken apart in a clean room.