Wednesday, 19 January 2011

PSA: Hard disk passwords

"You can't remember your password?"

Like Simon the BOFH, I have many passwords to remember, and occasionally my brain can't conjure the right one at the right time. Thus when, for the first time in several months, I rebooted Traal (and yes, despite my reiplophobia, I do sometimes reboot - this time was to replace a noisy CPU fan) and realised that I couldn't bring him up again. Some time ago, I put a password on the hard disk (ATA password), and the computer won't touch the hard disk without it being entered. After half an hour of trying to remember the password, followed by an hour of searching my other systems for where I might have written down a hint as to what my password was, I turned to password recovery services.

There are several services that, for a fee, will low-level format your drive and wipe out both password and data. This was not what I had in mind, as it is basically a way to get a cheap(er) hard drive; yes, it's cheaper than replacing the drive, but I would prefer to keep all my data, thanks! Forums posts and blog articles consistently stated that it's impossible to remove an ATA password without wiping your data, but one site promised to do just that.

A-FF Repair Station boasts that it can remove passwords from a large variety of hard drives. Generally it seems best to add the drive as a secondary in a desktop; with SATA drives, this is quite easy, as desktop and laptop SATA is the same connection (with PATA/IDE you need a 44-to-40 adapter). The free download of the Repair Station will examine the drives attached to the system, identify them, and tell you which one(s) have passwords; it will not, however, remove the password until you pay for it. It scanned my drive and told me that it ought to be able to remove the password, so I got out the credit card and prepared to pay for my inability to remember unusual passwords.

The purchase was smooth and troublefree, and I then told Repair Station to have another look at my drive. Unfortunately it then - and only then - told me that it was unable to depasswordify this drive, which was a great disappointment. It did not, however, charge my account for this failed recovery, and left the credit there; and later on, after I'd figured out the password on my own, I was able to get a refund to my credit card of the full amount. Quoting from Daniel Clay of Atola support:
Upon investigating session logs at our end, I see that the problem is related to the specific firmware revision of your hard drive. There are some rare firmware revisions of WD drives that Repair Station fails to unlock, while initially misdiagnosing as "unlockable". This is actually quite rare (well less than 1% of all sessions). Our simple refund policy was designed exactly to cover these.

While 1% may sound quite high (eg 1% downtime average for a server is appalling, 1% misdelivered mail is a lot), what this really means is that they have a free service that can, with an excellent degree of reliability, predict whether or not the drive is unlockable. And as their refund policy covers the rest, this is fairly safe.

So, conclusions.

1) Popular opinion, that it's absolutely impossible to remove an ATA password, is not necessarily right. I can't say for sure that A-FF Repair Station will be able to work as promised, as I haven't seen it in action, but it certainly appears to be valid for a large variety of drives. (I'm not prepared to password a drive and pay for its removal JUST to verify the program, though. I'll let someone else do that.)

2) It's still worth remembering your password. The removal service costs $50 (less if you buy in bulk) and you have to have a spare computer to plug it in to, and only certain drives are supported.

3) If you do have an issue with A-FF Data Recovery, their support people will handle it. I had a full refund back on my credit card within three days, and considering that the first "day" started at 11pm, that's decent turnaround time.

Ultimately, of course, no encryption on a removable device can ever be perfect. It would be possible, albeit slow, to just brute-force the password, and I think there are services that offer this. But you need special hardware or a REALLY patient person, so it's not practical. However, A-FF can remove passwords in fixed time, making ATA passwords largely bypassable; if your data is too sensitive to be released, use software encryption using industry-standard cryptography (maybe in addition to the hard disk password). Nothing's perfect, and ultimately, the only way to be sure is... to make sure your laptop isn't stolen. But you knew that already. :)

No comments: