How can I know if a Self Encrypting Drive is really encrypting

2

I have a Self Encrypting Drive (claiming to have hardware built-in encryption) I would like to know if when I put a user password the drive is really encrypting something or only denying access to the contents

This thread don't solve my problem because I'm still not able to differentiate between a hard drive simply denying access or really encrypting (when I plug my hard drive into another computer, it recognize the drive but I'm not able to read the raw disk content, the access is denied)

What is strange through with hdparm on a Linux livecd when I set a X password then I write data to the drive after that I remove the password and I set another one (say Y) then I unlock the drive, I can see on the raw contents the data I written few minutes later

I need a solution to know if the drive is just locked or the data is really encrypted

Model : Seagate ST2000DM002

germanbanana

Posted 2017-09-30T19:38:39.777

Reputation: 21

1By naming the actual model you might have a better chance. – Seth – 2017-09-30T20:32:13.677

Not an answer to your question, but these kinds of locks work by having a password encrypted key. When you change the password you simply change how the way the header is encrypted. The drive can still be secure even if the password changed. It also means wiping the drive is as easy as throwing away the header, rather then then rewriting the entire disk. (LUKS works in a similar way) – davidgo – 2017-10-01T07:40:18.497

Answers

0

What happens when you plug the drive into a Linux machine, and do sudo less -f /dev/path/to/device? That should let you read the raw drive contents. Are you getting permission denied even as root?

barrycarter

Posted 2017-09-30T19:38:39.777

Reputation: 695

Asked: 2017-09-30T19:38:39.777

Viewed: 190 times

Active: 2017-10-01T02:35:53.450