Encrypt SSD before or after reinstalling Windows7

2

I format my computer's hard drive and re-install Windows every 3-6 months and it's time to do it again. A few months ago I installed Windows 7 on a brand new Intel 520 SSD. At the time, I didn't set any hard drive password. Now, I want to encrypt my hard drive. If my assumption is correct, all I need to do is go to the BIOS settings when the computer boots and set an admin password and user password for the hard drive. Is this correct?

Also, should I set the hard drive passwords before or after I formatting the drive and re-install Window?

frenchie

Posted 2012-06-05T12:52:39.817

Reputation: 301

Answers

3

The Intel 520 always encrypts the data. The only difference between using the hard drive password or not is whether the encryption key itself is encrypted. So applying the hard drive password afterwards will cause the SSD to encrypt they encryption key used to encrypt your data, and so making you data inaccessible without the password. There is no need the reformat and reinstall.

Mr Alpha

Posted 2012-06-05T12:52:39.817

Reputation: 6 391

ok, thanks for the password answer. As for reformatting and reinstalling, it's just something I do often to keep my computer running smooth. – frenchie – 2012-06-05T13:41:19.970

2

Acording to this reference:

It is not a very well known fact, but all hard disks have a very strong hardware password capability build in. This password is usually stored both in a chip on the HD controller (the printed circuit board on the hard disk) and on the hard disk itself in a special hidden sector.

Setting this password will make the hard disk completely unusable to anyone that doesn’t know it. And not only on your computer, but on any computer.

A lot of newer laptops will set the HD password together with the BIOS password, completely locking all the hardware.

The hard disk manufacturers are unable to unlock a password protected hard disk, as there aren’t any “secret” master passwords build into the firmware. Even swapping the controller of the password-protected hard disk with exactly the same controller from an unprotected HD will not remove the protection on most disks, as the password (together with most of the firmware) is also stored on the hard disk itself.

The only way of retrieving any files from a password protected hard disk without knowing the password is to send it to a data recovery company for unlocking, but not all data recovery companies could or would unlock a password protected HD.

In this time of rising identity theft, protecting your personal data by locking your hard disk with a password is indeed a good idea. The downside is that when the HD eventually malfunctions it will be harder or even impossible to retrieve any files from it. So, the first rule of using a computer applies here in full strength – “Your data is only as good as your latest backup”!

This means that BIOS HDD password is not a encryption of your HDD(SSD on your case), but only a "lock". All your data inside your SSD will be protected due to the fact that the SSD reading is locked by the BIOS password, but the data by itself is not exactly encrypted. Assuming this, I can see no difference from inserting a BIOS password before or after Windows installation, both cases will work and both will lock SSD reading, but to make things easier I would set this BIOS password lock only after Windows installation. I mean, Windows installation will restart the machine some times to complete installation and everytime you must insert the BIOS password, this is the only reason to set it after.

There is also another reference here on SU about HDD BIOS password.

Diogo

Posted 2012-06-05T12:52:39.817

Reputation: 28 202

The Intel 520 has hardware encryption built in, which means it works differently from how general hard drives behave with passwords, thus making your reference not quite correct. – Mr Alpha – 2012-06-05T13:33:24.387

1

Can you provide a reference that tell that this device always encrypt data??? I only find that it is a feature but it doesnt say it is always enabled by default. ref

– Diogo – 2012-06-05T13:40:37.043

Asked: 2012-06-05T12:52:39.817

Viewed: 1 307 times

Active: 2012-12-27T21:45:58.787