WD Full-encryption Hard Drives

The Western Digital external drives like WDBAAF0020HBK My Book Essential USB has a hardware-based AES data encryption. Surprisingly though, the content stored on this WD MyBook is encrypted even when no password was assigned. If the USB-to-SATA converter fails, the cipher keys are lost and hence data cannot be recovered even though the storage is fine. Considering that failure of the USB-to-SATA encryption chip is likely more probable than the drive getting into wrong hands, the continuous protection is likely more harm than good.

Why did designers implement the encryption? The reasoning behind such a decision is a speed of changing a password. If you have a policy of “no password = no encryption”, once the password is set or changed, the big disk needs to be re-encrypted, taking some hours. And this even before we start looking into other complex issues like something along the lines of multiple consequent power failures during reciphering. Exactly the same applies to password removal.

So the engineers went for the quicker method. The master key which is used for encryption is generated when the drive is built and stored within the controller memory. All the data on the drive is encrypted with this master key, all the time, regardless if the user sets the password. Once user assigns a password, the master key is encrypted with a password.  The data on the drive being encrypted from the start, it is not possible to decrypt data without the master key, and the master key is not accessible unless you can produce the good password. With this configuration if the encryption module goes bad, the external hard drive recovery is not possible.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s