Is there any app for locking pendrive...?

On 2014-02-04 13:46, panchparmeshthi wrote:

>> NO! I’m not talking of realcrypt or any other software encryption. I’m
>> talking of the “ATA Security Feature Set”.
>
> Okay, ‘ATA Security Feature Set’ means that is only on that external
> hard disk (in our case, external). Now that app (which does the job of
> providing password and unlocking the same) should also be on that hard
> disk?

How on earth are you going to run an application to enter a password, if
that application is inside an encrypted/blocked disk?

> And that particular app is dependent of the hard disk irrespective
> of distro. I guess this is the meaning.

Again, no. The application only depends on the operating system.

How many times do I have to explain?


Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

On 2014-02-04 18:43, Carlos E. R. wrote:

I’ll try to explain once more. If you need more info, google for it, I
don’t know more.

  • Hard Disks can block or encrypt full disks, using the hard disk
    firmware. It uses the CPU inside the hard disk itself, not the enclosure
    nor the computer.

  • This is called “ATA Security Feature Set” and it is a standard.

  • I don’t know for sure if it is encryption or it is a block. I think
    it is encryption. It depends on the specific manufacturer. Being
    encryption, I don’t know how hard it is. For sure, users can not break
    it. Manufacturers might, but they do not publish it (or not much). Some
    commercial software claim to break it, but again I don’t know if it is
    true or not. Maybe they simply erase the disk so that you can use it again.

  • To activate this feature of the disk, to encrypt it, or to open it,
    you need that certain commands be passed from the computer to the disk,
    via the ATA cable. This might be done by an application, the bios, the
    operating system… whatever. In Linux, the only application that does
    this is “hdparm”. The only known (to me) documentation is in the man
    page of that program. And it says it is experimental.

  • As the encryption is done by the disk itself, placing it on another
    computer does nothing. That new computer must be able to send the
    password via the ATA cable.

  • The operating system of the computer is irrelevant.

  • The application that sends the password is irrelevant.

  • Without that password, you can not even do a raw read of the disk to
    try decrypt by brute force - or at least, those are the claims.

  • If you power off, the password is lost instantly. There is absolutely
    no data in clear or accessible on the disk.

  • It is impossible to boot a computer with such a disk, unless the
    computer BIOS handles the entering of the password. I have never seen
    this in action, but it is of course a very interesting feature for
    laptops (it is operating system agnostic).

  • If you place the disk on an external enclosure, via USB cable, notice
    that the chipset of the enclosure does the translation between the USB
    cable and the internal ATA cable to the disk. Often, those chipsets do
    not translate the entire ATA command set: which means that not all the
    features work. For instance, often you can not launch the SMART tests.
    It is thus possible that this feature does not work on all enclosures.

  • An enclosure via eSATA should work.

  • As far as I know, flash sticks do not support any of this.

  • There is somekind a standard for some USB sticks, that does some kind
    of block. Windows only. The wikipedia mentions some. It is absolutely
    unrelated to the above.


Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

On 2014-02-04 19:53, Carlos E. R. wrote:

> In Linux, the only application that does
> this is “hdparm”. The only known (to me) documentation is in the man
> page of that program. And it says it is experimental.

Specifically, the manual says:

These switches are DANGEROUS to experiment with, and might not
work with some kernels. USE AT YOUR OWN RISK.

THIS FEATURE IS EXPERIMENTAL AND NOT WELL TESTED. USE AT
YOUR OWN RISK.


Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

Thanks for this explanation Robin. I would have to read it twice and then understand and I am doing that.