Re: [Thinkpad] Thinkpad Hard Drive Passwords

When a password is set on a ThinkPad, you can not simply move the drive to
another machine. It is a hardware password that is fix on a non-volatile
chip. IBM will not crack the password.
Nortek in Canada says they can retrieve the password, as can a few folks on
the Internet, supposedly. One of the main guys is in Australia.
Bottom line- anyone less than an electronics pro can not bypass the hard
drive password. Encryption is also effective, but anything coded by man can
be decyphered by man. The hard drive password requires some equipment and a
lot of expertise. It is probably more secure.
----- Original Message -----
From: "Bennett Smith" <bennettsmith@idevelopsoftware.com>
To: "Greg Langham" <greg@ubh.com>; <thinkpad@stderr.org>
Sent: Sunday, February 01, 2004 6:46 PM
Subject: Re: [Thinkpad] Thinkpad Hard Drive Passwords

> Greg,
>
> You should consider taking a look at some of the newer ThinkPad systems
> that come with a built-in security chip that can do on the fly hardware
> encryption of all data going to/from the disk. The advantage of this
> over OS level encryption is that even the boot record is encrypted.
> This can be coupled with a smart card reader and company issued smart
> card keys to make it very secure to keep sensitive data on a ThinkPad
> hard drive. Obviously there is more to setting this up than just going
> into the BIOS and enabling a hardware password. There will be a cost
> associated with this level of security, but in your business I expect it
> is well justified.
>
> Check you IBM's site where they have some great discussions of this
> technology. Sadly, it only seems to be included in some of the newer
> ThinkPad systems so it may not be an option for all your employees. (Or,
> this may be just the opportunity you were looking for to justify
> upgrading everyone's systems!)
>
> Cheers
>
> ---
> Bennett Smith
> CEO / Software Architect
> iDevelopSoftware, Inc.
>
> --- "Greg Langham" <greg@ubh.com> wrote:
> Hi all,
>
> Our IT shop supports a financial instituion where Gramm-Leach-Bliley (the
"Privacy Act") is of importance. The bank examiners are tellling the bank
that notebook computers need to be protected in the event of theft, loss,
etc.
>
> Beyond implementing the normal things (such as power on passwords, OS best
practices, etc.) the examiners want notebook drives encrypted. Their concern
is that a drive from one machine could be moved to another machine and read.
When we mentioned hard disk passwords, they wanted more information
regarding the implementation.
>
> I know the Thinkpad hard disk password "follows" the drive. We have tested
the disk password is "user+master" mode it and it works great.
>
> Still, I would like to hear everyone's opinion on whether this is an
adequate security measure for protecting the hard drive data (rather than
encrypting it.) If there are work-arounds to the password, I would like to
know that they exist, though I really don't want to how to do it. I would
also be interested in other thoughts you might have on the subject.
>
> Thanks,
>
> Greg
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Thinkpad mailing list
> Thinkpad@stderr.org
> http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
> _______________________________________________
> Thinkpad mailing list
> Thinkpad@stderr.org
> http://stderr.org/cgi-bin/mailman/listinfo/thinkpad

_______________________________________________
Thinkpad mailing list
Thinkpad@stderr.org
http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
Received on Sun Feb 1 19:22:14 2004