A HDD password experience which might be of value

[mgo]

I ran into this very thing today while doing some work. If there is a hdd password on the drive and that drive is put in a USB enclosure, the drive will not run. In fact, the machine will slow to a crawl while it tries to cope with the password protected USB drive.

Additionally, if one tries to use a utility like Acronis Disk Director to fix the USB drive there will an error message.

The password must be removed while it is in the main ThinkPad chassis, then the drive can be used as a USB drive.

[ATJ]

In my experience, if the HDD in the USB caddy had a password, it can't be read. I have tried this and it doesn't work. Passwords only work for the internal drive and/or one in a ultrabay.

[eecon]

I ran into this very thing today while doing some work. If there is a hdd password on the drive and that drive is put in a USB enclosure, the drive will not run. In fact, the machine will slow to a crawl while it tries to cope with the password protected USB drive.

Additionally, if one tries to use a utility like Acronis Disk Director to fix the USB drive there will an error message.

The password must be removed while it is in the main ThinkPad chassis, then the drive can be used as a USB drive.

Speaking of Acronis (True Image), do we also need to temporarily disable the HDD password when making backup images (not clones) to an external HDD?

[mgo]

I ran into this very thing today while doing some work. If there is a hdd password on the drive and that drive is put in a USB enclosure, the drive will not run. In fact, the machine will slow to a crawl while it tries to cope with the password protected USB drive.

Additionally, if one tries to use a utility like Acronis Disk Director to fix the USB drive there will an error message.

The password must be removed while it is in the main ThinkPad chassis, then the drive can be used as a USB drive.

Speaking of Acronis (True Image), do we also need to temporarily disable the HDD password when making backup images (not clones) to an external HDD?

No, Acronis will image the drive without the need to disable the HDD password. This means that if there is personal data like financial information on the image it will be visible unless you use a Acronis password to create the Acronis image.

[RealBlackStuff]

My observations from my own experience:
A Thinkpad hard disk with a HD password does not work ANYwhere without knowing the password.
You can try it in a PC using e.g. a 2.5"-3.5" adapter. It will ask for the PW. If you don't know it, NO GO.
Put it in a USB enclosure, and you are still asked for the PW.
Acronis TrueImage can NOT access the drive for imaging or other functions.

I bought a T23 off eBay and the seller had put a HD password on it which he forgot.
It's a Hitachi Travelstar 60GB, 7200rpm, model HTS726060M9AT00
I've tried everything, using all possible variations, hacker programs, you name it!
Those HD passwords are unbreakable, unless you are a forensic specialist with expensive test-equipment.

If any of you has a solution to access this HD, I'd be very happy to get your PM.

[eecon]

I wonder if the the hard drive has to be an IBM or Lenovo brand with their own factory firmware to truly benefit from a HDD PW, or will any aftermarket drive (like a Hitachi or Seagate) also be equally protected from a HDD Password?

Thanks

[RealBlackStuff]

All HD brands can be locked, but the security on Hitachi HDs is just a tad better than on others, incl. IBM or Lenovo HDs.

[XCoalMiner]

Speaking of Acronis (True Image), do we also need to temporarily disable the HDD password when making backup images (not clones) to an external HDD?

No, Acronis will image the drive without the need to disable the HDD password. This means that if there is personal data like financial information on the image it will be visible unless you use a Acronis password to create the Acronis image.

I agree with the above comments from RBS. I don't see how this could possibly work if you really do have a HD password set.

A HD with a password will not allow any reading from or writing to the HD unless the password is sent to the HD correctly. For example, the industry standards for this are here, see the "SECURITY SET PASSWORD" command.

How Hitachi implements these commands on a 7K100 drive is here, the section on security starting at 12.27.

[eecon]

No, Acronis will image the drive without the need to disable the HDD password. This means that if there is personal data like financial information on the image it will be visible unless you use a Acronis password to create the Acronis image.

I think mgo is simply referring to making an Acronis .tib image file (rather than a true clone) onto another non-PW protected external HD (the target drive) from a PW protected HDD already up and running within a ThinkPad bay (the source drive).

There is an option within Acronis to PW also protect all your .tib image files on any source HD (which is different than the HD PW on the ThinkPad HD that I was earlier talking about).

[FrankL]

a little comment.
i think that the current rules about the bios and hd password is a little oximoron. when there is a weakness instead of discussing it openly like any open commnunity i do not understand why it is prohibited. if there is something wrong people should know about it and learn how to address it instead of being an ostrich and hide its head in the sand and pretend it is safe.

ps, the solution can be easily found with google.

sincerely,
o1001010

Indeed, to me it seems very silly to pretend something is safe by ignoring the workarounds. This will mainly lead to people thinking they have safely secured their stuff! Only to find out that when the laptop or drive gets stolen, all data on the drive is accessible to people who can do whatever they want with it (identity theft anyone?!).

This whole fingerprint stuff is equally unreliable (only a marginably better option for people who are afraid that their OS login password is copied by someone looking over their shoulder).

Imo, if you want to protect a HDD, the only currently safe thing to do is to use full-drive encryption with BitLocker or TruCrypt (use the latter one only without hibernation in Windows). Further more, this is only truely safe if nobody can get their hands on the laptop in a powered or S3 (standby) state. There are many ways to read out the RAM (and thus encryption key) without needing to be logged into the OS.

Even then, this security is only temporary (until a weakness in the algorythm is found or until brute-force cracking becomes a viable option).

[pae77]

I realize this is an old thread but I just wanted to clarify that it is very easy to make clones using Acronis TIH to and from hard drives that are protected by the HD password.

The procedure is simple. One simply has to boot up with the target drive in the ultrabay so that one is given an opportunity to enter the password(s) for each hard drive. So now both drives have had their passwords entered at startup and are accessible to Acronis from within Windows. Then, still from within Windows, one initiates the cloning procedure and Acronis reboots the computer to make the clone and it completes fine without the need to reenter any passwords. This is because when the computer is rebooted without being entirely "shut down," it is not necessary to re-enter the HD passwords a second time.

So using this procedure, Acronis has no difficulty cloning from the primary pw protected drive to the pw protected drive in the ultrabay.

[RealBlackStuff]

You are missing the [original] point!
Without knowing/applying the HD password, Acronis can NOT access that HD, end of story.
'nough said.