Homepage
Forum
Drivers
HMM-Manuals
MTM
Feed
Hi,
I fail to see what full disk encryption brings to the table, having the option to simply put an ATA password on the drive. It seems to me that such technologies make it even easier for hackers to use ransomware against you. Or make your data more prone to catastrophic loss / corruption if your system begins to fail / has a bug.
All in all, the most likely negative scenario is that you do something wrong yourself and you're locked out of your own data. Besides, I think the chances of finding someone capable of circumventng disk encryption are far higher than of finding someone capable of breaking into an ATA password protected drive. If for anything, because the former can be done remotely, and the second only physically.
Or am I missing something?
Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
Disk drive encrytion - bad idea?
Disk drive encrytion - bad idea?
X301: SU9600 | 8GB | 1TB | WXGA+
X1C9: 1185G7 | 32GB | 1TB | WUXGA | WWAN
X1Y8: 1365U | 32GB | 1TB | WUXGA
For the sake of ecology I donated all my classic Thinkpads.
X1C9: 1185G7 | 32GB | 1TB | WUXGA | WWAN
X1Y8: 1365U | 32GB | 1TB | WUXGA
For the sake of ecology I donated all my classic Thinkpads.
Re: Disk drive encrytion - bad idea?
In practice, on modern SSD's, they are the exact same thing.
You have to trust the hardware on some level, which has proven to be problematic. Hence the rise of secondary authentication measures like TPM, which distributes trust among components made by different manufacturers.
The attack vector comes in when you add remote management. McAfee, Symantec, and Bitlocker allow this.
But for that kind of infrastructure, you are talking a large corporation willing to pay for such services, and they assume the risk not in terms of data, but in terms of the insurance payout from the vendor when the data is lost.
For a personal user, normal FDE given by the OS is sufficient enough. The benefit of not using the ATA encryption is that, one can remove the drive, use dd or one of the pretty front ends (Clonezilla, etc) to mirror the drive to another one sector by sector and it the other drive will work with the same password. A nice out of band backup system.
You have to trust the hardware on some level, which has proven to be problematic. Hence the rise of secondary authentication measures like TPM, which distributes trust among components made by different manufacturers.
The attack vector comes in when you add remote management. McAfee, Symantec, and Bitlocker allow this.
But for that kind of infrastructure, you are talking a large corporation willing to pay for such services, and they assume the risk not in terms of data, but in terms of the insurance payout from the vendor when the data is lost.
For a personal user, normal FDE given by the OS is sufficient enough. The benefit of not using the ATA encryption is that, one can remove the drive, use dd or one of the pretty front ends (Clonezilla, etc) to mirror the drive to another one sector by sector and it the other drive will work with the same password. A nice out of band backup system.
unix_joe
T14 Gen 1 and some older ThinkPads running Debian.
T14 Gen 1 and some older ThinkPads running Debian.
Re: Disk drive encrytion - bad idea?
> I fail to see what full disk encryption brings to the table, having the option to simply put an ATA password on the drive.
Not all computers have a way of entering ATA password. If your computer quits working you may be unable to read the drive in another computer.
Full disk encryption that is done in software doesn't have this issue.
FDE does not protect you from malware or ransomware. for this you need backups.
Not all computers have a way of entering ATA password. If your computer quits working you may be unable to read the drive in another computer.
Full disk encryption that is done in software doesn't have this issue.
FDE does not protect you from malware or ransomware. for this you need backups.
-
- Similar Topics
- Replies
- Views
- Last post
-
-
FREE: Thinkpad X201 Tablet with bad AC input
by Brainer » Tue Dec 16, 2025 11:33 am » in Marketplace - Forum Members only - 1 Replies
- 5031 Views
-
Last post by olex126
Thu Dec 18, 2025 7:27 pm
-
-
-
Is this battry BAD - T580 internal battery
by Scoobis » Thu Jan 22, 2026 10:33 am » in ThinkPad T430-T495 / T530-T590 Series - 2 Replies
- 3259 Views
-
Last post by Scoobis
Thu Jan 22, 2026 12:57 pm
-
-
-
FS: Ultrabay Slim HD Drive Adapter FRU 62P4553 w/160GB hard drive
by PiZzA EnGiNeEr » Wed Mar 04, 2026 8:08 pm » in Marketplace - Forum Members only - 1 Replies
- 2113 Views
-
Last post by coolcat37
Sat Mar 21, 2026 5:31 am
-
-
-
WTB: 66G3696/66G5069 External Floppy Drive for Thinkpad 760
by oliviaiacovou » Mon Dec 01, 2025 5:05 pm » in Marketplace - Forum Members only - 0 Replies
- 5366 Views
-
Last post by oliviaiacovou
Mon Dec 01, 2025 5:05 pm
-
Who is online
Users browsing this forum: No registered users and 40 guests