Re: [Thinkpad] Thinkpad Hard Drive Passwords

I wasn't sure where to tack this on to this old thread so I picked
Bruce. (There is just nothing like hit a hornets' nest with a short
stick) See <http://www.distributed.net/rc5/> for what is possible by
using computers (en mass) to break codes. Just a comment, not meant to
revive the war.

Bill

Bruce Markowitz wrote:

>When a password is set on a ThinkPad, you can not simply move the drive to
>another machine. It is a hardware password that is fix on a non-volatile
>chip. IBM will not crack the password.
>Nortek in Canada says they can retrieve the password, as can a few folks on
>the Internet, supposedly. One of the main guys is in Australia.
>Bottom line- anyone less than an electronics pro can not bypass the hard
>drive password. Encryption is also effective, but anything coded by man can
>be decyphered by man. The hard drive password requires some equipment and a
>lot of expertise. It is probably more secure.
>----- Original Message -----
>From: "Bennett Smith" <bennettsmith@idevelopsoftware.com>
>To: "Greg Langham" <greg@ubh.com>; <thinkpad@stderr.org>
>Sent: Sunday, February 01, 2004 6:46 PM
>Subject: Re: [Thinkpad] Thinkpad Hard Drive Passwords
>
>
>
>
>>Greg,
>>
>>You should consider taking a look at some of the newer ThinkPad systems
>>that come with a built-in security chip that can do on the fly hardware
>>encryption of all data going to/from the disk. The advantage of this
>>over OS level encryption is that even the boot record is encrypted.
>>This can be coupled with a smart card reader and company issued smart
>>card keys to make it very secure to keep sensitive data on a ThinkPad
>>hard drive. Obviously there is more to setting this up than just going
>>into the BIOS and enabling a hardware password. There will be a cost
>>associated with this level of security, but in your business I expect it
>> is well justified.
>>
>>Check you IBM's site where they have some great discussions of this
>>technology. Sadly, it only seems to be included in some of the newer
>>ThinkPad systems so it may not be an option for all your employees. (Or,
>> this may be just the opportunity you were looking for to justify
>>upgrading everyone's systems!)
>>
>>Cheers
>>
>>---
>>Bennett Smith
>>CEO / Software Architect
>>iDevelopSoftware, Inc.
>>
>>--- "Greg Langham" <greg@ubh.com> wrote:
>>Hi all,
>>
>>Our IT shop supports a financial instituion where Gramm-Leach-Bliley (the
>>
>>
>"Privacy Act") is of importance. The bank examiners are tellling the bank
>that notebook computers need to be protected in the event of theft, loss,
>etc.
>
>
>>Beyond implementing the normal things (such as power on passwords, OS best
>>
>>
>practices, etc.) the examiners want notebook drives encrypted. Their concern
>is that a drive from one machine could be moved to another machine and read.
>When we mentioned hard disk passwords, they wanted more information
>regarding the implementation.
>
>
>>I know the Thinkpad hard disk password "follows" the drive. We have tested
>>
>>
>the disk password is "user+master" mode it and it works great.
>
>
>>Still, I would like to hear everyone's opinion on whether this is an
>>
>>
>adequate security measure for protecting the hard drive data (rather than
>encrypting it.) If there are work-arounds to the password, I would like to
>know that they exist, though I really don't want to how to do it. I would
>also be interested in other thoughts you might have on the subject.
>
>
>>Thanks,
>>
>>Greg
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>_______________________________________________
>>Thinkpad mailing list
>>Thinkpad@stderr.org
>>http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
>>_______________________________________________
>>Thinkpad mailing list
>>Thinkpad@stderr.org
>>http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
>>
>>
>
>_______________________________________________
>Thinkpad mailing list
>Thinkpad@stderr.org
>http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
>
>
>

_______________________________________________
Thinkpad mailing list
Thinkpad@stderr.org
http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
Received on Fri Feb 6 15:29:45 2004