Which software to make use of a Samsung 850 Pro?

[probedb2]

Failing being able to find a new motherboard with the HDD ATA password option, what software can I use to make use of the encryption features of this drive?

I'm currently using Win 7 Pro with no intention to update until Win 10 is out.

In the software it mentions Opal?

I'd like to turn on FDE for the drive even if it means a full reinstall.

Many thanks!
Paul.

 

[probedb2]

So this drive is essentially useless for encryption if you use Win 7 Pro and have an older motherboard then?

It'd be nice is manufacturers/reviewers could be clearer about this. While it's a faster drive than my old one I can't use one of the features I bought it for

 

[Bubbaleone]

Samsung's Magician software is all you need to access all the settings and features of the 850. While you're on that download page get a copy of the installation guide also.

.

 

[probedb2]

It tells you what's available. It doesn't allow you to use encryption in itself.

 

[Bubbaleone]

I run 840 Pro's and encrypting these drives simply requires setting the ATA password in BIOS/UEFI. These quotes are from this Samsung Whitepaper on drive encryption:

With the introduction of the SSD 840 and 850 Pro Series SSDs, Samsung has added AES hardware-based SED technology to its consumer SSD lineup. Simply enabling the ATA password via the BIOS will automatically render all data on the drive unintelligible without the proper password.
....................................
Enabling AES Encryption

AES encryption is always active on an 840 or 850 Pro Series SSD. In order to benefit from the encryption feature, however, the user must enable an ATA password to limit access to the data. Failure to do so will render AES-encryption ineffective – akin to having a safe but leaving the door wide open. To set an ATA password, simply access the BIOS, navigate to the “Security” menu, enable “Password on boot” and set an “HDD Password.” Administrators also have the option of setting a “Master Password,” which can allow a lost user password (“HDD Password) to be recovered. The “Master Password” may also be used to unlock and/or erase the drive (depending on the settings), effectively destroying, and thus protecting, the data but allowing the drive to be reused. The setup procedure may differ slightly depending on the BIOS version installed on a particular machine. It is best to consult the user manual if there is any confusion.

Note the caveat that if one should forget their ATA master password the drive just becomes an expensive paperweight since that same password is needed to "unlock" the drive, prior to being able to either recover a lost HDD password or run Samsung's ATA secure erase feature.
.

 

[probedb2]

Cheers, but I know this hence my first post:

Failing being able to find a new motherboard with the HDD ATA password option...

which seems to be the case...unbelievable that such a useful feature that would require minimal BIOS effort (at a guess since it's in laptops) just isn't in any mainstream boards. Such a pity

Hence the only way I can see to use the encryption is software for me.

 

[Bubbaleone]

I think you misunderstand; nearly all PC and laptop BIOSs have had the option to set both master (admin) and hdd (user) passwords for many years. The password you set is the ATA (specification) password for a SED (self encrypting drive).

 

[probedb2]

I think you misunderstand; nearly all PC and laptop BIOSs have had the option to set both master (admin) and hdd (user) passwords for many years. The password you set is the ATA (specification) password for a SED (self encrypting drive).

No they don't. Most have an option to set admin and user passwords. These are NOT HDD passwords.

Provide me to a link to a current Z97 chipset Asus mobo that allows this to be set.

 

[probedb2]

Sorry for immediately jumping down your throat!

Are you saying the user password is the same as the HDD password?

 

[Bubbaleone]

I get that you're frustrated but just relax, because it's really as simple as setting the user password. The user password is the "HDD" password because without the user password the PC won't boot past the password entry screen when the computer is started. Just be sure you also set an "admin" password or you'll be unable to clear a lost user password and be unable to secure erase the drive.

Unfortunately, the definitions that the computer industry uses so carefully tend to get completely misunderstood and mislabled by well meaning "enthusiasts" that don't really understand the technology and nomenclature. ATA is an industry standard specification that stands for "Advanced Technology Attachment." It is a type of disk drive that integrates the drive controller directly on the drive itself. Computers can use ATA hard drives without a specific controller to support the drive.

So, your Samsung 850 Pro is an ATA specification drive that also utilizes internal hardware-based encryption which is automatically activated by setting a user password (don't forget the admin password needs to also be set). There is no software required to utilize the self-encrypting feature.

.

 

[probedb2]

Thanks for the reply I skipped over your reply far too quickly.

I understand how ATA and the encryption all works I just didn't realise that the User password was the same as the HDD password. Laptops tend to call it the HDD password and I know you have User passwords on newer BIOSes.

You'd think they'd make this clearer

Thanks again, you're the only person on various forums that's understood this. I think most people just buy them because they're fast.

However the unfortunate thing is I now need to upgrade My BIOS/mobo is one of the first with a couple of SATA 3G ports as a feature, it only has a standard BIOS password available.

 

[biostud]

Thanks for the reply I skipped over your reply far too quickly.

I understand how ATA and the encryption all works I just didn't realise that the User password was the same as the HDD password. Laptops tend to call it the HDD password and I know you have User passwords on newer BIOSes.

You'd think they'd make this clearer

Thanks again, you're the only person on various forums that's understood this. I think most people just buy them because they're fast.

However the unfortunate thing is I now need to upgrade My BIOS/mobo is one of the first with a couple of SATA 3G ports as a feature, it only has a standard BIOS password available.

And people who really needs encryption would already know what you've been asking about.

 

[probedb2]

And people who really needs encryption would already know what you've been asking about.

I guess so!

 

[OlyAR15]

Unfortunately, it's not that simple. The "user" BIOS password is NOT the same as the hard drive password, and will not enable disk encryption. You can verify this by installing Samsung Magician and checking the encryption state. It seems the "easiest" way to enable hardware disk encryption requires Win 8.1 Pro, doing a secure erase of the drive followed by a clean installation of the OS. Then enabling Bitlocker will use the hardware encryption abilities of the drive.

 

[probedb2]

Really? Sigh...I give up, what a crock of swear words. Why do they bother giving you this stuff when it's so damned complicated and messy just to use something which should be so simple to enable?

 

[Bubbaleone]

Unfortunately, it's not that simple. The "user" BIOS password is NOT the same as the hard drive password, and will not enable disk encryption. You can verify this by installing Samsung Magician and checking the encryption state. It seems the "easiest" way to enable hardware disk encryption requires Win 8.1 Pro, doing a secure erase of the drive followed by a clean installation of the OS. Then enabling Bitlocker will use the hardware encryption abilities of the drive.

I don't know where you get your mis-information from, but I actually run this hardware on a daily basis. All six of of my 840 Pro SSDs are encrypted and nothing more was required than following the procedure from the Samsung webpage below, which is, to enter a user and master password in BIOS/UEFI setup.

https://www.samsung.com/global/busi...isite/SSD/global/html/about/whitepaper06.html

Enabling AES Encryption

AES encryption is always active on an 840 or 850 Pro Series SSD. In order to benefit from the encryption feature, however, the user must enable an ATA password to limit access to the data. Failure to do so will render AES-encryption ineffective – akin to having a safe but leaving the door wide open. To set an ATA password, simply access the BIOS, navigate to the “Security” menu, enable “Password on boot” and set an “HDD Password.” Administrators also have the option of setting a “Master Password,” which can allow a lost user password (“HDD Password) to be recovered. The “Master Password” may also be used to unlock and/or erase the drive (depending on the settings), effectively destroying, and thus protecting, the data but allowing the drive to be reused. The setup procedure may differ slightly depending on the BIOS version installed on a particular machine. It is best to consult the user manual if there is any confusion.

.

 

[OlyAR15]

I don't know where you get your mis-information from, but I actually run this hardware on a daily basis. All six of of my 840 Pro SSDs are encrypted and nothing more was required than following the procedure from the Samsung webpage below, which is, to enter a user and master password in BIOS/UEFI setup.

https://www.samsung.com/global/busi...isite/SSD/global/html/about/whitepaper06.html


.

Because I have an 850 Pro, I tried setting a user and master password, and in Samsung Magician it still lists the encryption as disabled. From what I read on the net HDD passwords are common in the BIOS of laptops but rare in consumer desktop motherboards. It is certainly possible that business PCs have HDD passwords in their BIOS since encryption is more of a business tool than a consumer tool.

 

[Bubbaleone]

OK, but you and the OP both seem to keep missing this crucial fact: the "User password" is the "HDD Password and it's been that way for over two decades. Don't let semantics get in the way; please, carefully re-read the fifth sentence in the quoted passage from Samsung:

Administrators also have the option of setting a “Master Password,” which can allow a lost user password (“HDD Password) to be recovered.

.

 

[OlyAR15]

I'm not letting semantics get in the way. As I said, I tried it. I set a user password, even a master password. Even with that, Samsung Magician says drive is still not encrypted, nor can I find anywhere in disk management that the drive is encrypted. The only other way I could check it would be to remove the drive and install it in another computer and see if I can read it.

 

[Bubbaleone]

Here's what an AES/SED does when it's been enabled by setting master and user passwords; when you power on your computer the data on the SSD is complete gibberish until you enter the user (hdd) password. Once that password has been entered, and post completes, your data is unencrypted.

Drive encryption is intended to prevent someone who has illegally gained physical access to your computer, from being able to (easily) access your data. It's not perfect and if one has the funding, time, and resources, and your data is invaluable to them, it won't be your data anymore. But the typical smash and grab punk who steals your laptop out of your car, or breaks into your house or office and steals your PC, will never have a clue what's on your AES/SED without your user password.

.

 

[probedb2]

OK, but you and the OP both seem to keep missing this crucial fact: the "User password" is the "HDD Password and it's been that way for over two decades. Don't let semantics get in the way; please, carefully re-read the fifth sentence in the quoted passage from Samsung:

.

Hey, don't moan at me, I understood this, but you can see why people get confused....this thread kind of proves that.

 

[gasmando]

OK, I'd like to try and sum up this situation because I just went through it all after doing my first build. First off, full disk encryption (FDE) on self encrypting drives (SED) is a feature touted by Samsung 840/850 EVO SSDs and Intel SSDs. This is different from the old days with hard drive PATAs, which I don't know much about and which I heard were pretty crackable.

In short, the above SSDs always are encrypting what goes in and decrypting what comes out, but unless you set a password for the ATA drive in the BIOS, that 'encryption' is blank and useless. Once an ATA drive password is set in the BIOS, the SSD sees it, and then truly encrypts all that goes into that drive.

Note: the ATA Password within the BIOS is in addition to and totally separate from the BIOS Password, which simply secures access to the BIOS and access to POST . . the BIOS password is easily cleared by simply clearing the CMOS on most boards. If you only set the BIOS password, you can easily remove the SSD, plug the SSD into another machine, and it's completely readable.

I did a build on a state-of-the-art ASRock Extreme 6 motherboard. Lo and behold, no ATA Password. This means that like all the countless millions of customers who bought Samsung EVOs and Intel SSDs, I couldn't use the hardware encryption. That meant buying Win7 Pro to use Bitlocker (with a performance hit and the concern that any software can be cracked/hacked) or using TrueCrypt (performance hit, software crack, plus ?? stability on SSDs).

So I wrote ASRock. In Taiwan, I believe. Within a week they wrote an updated BIOS, 1.07B, that has ATA Password capability.

I suspect they had it all along. So why don't they advertise it? Why don't motherboard reviews and comparison charts mention this feature given how commonly used Samsung and Intel SSDs are? Well, turns out if you use the ATA Password, power down your machine, and forget your password. No. One. Can. Help. You. Not Samsung, Intel, ASRock or the NSA, from what I understand.

So, I tried the new BIOS out. Turns out you can put individual ATA passwords on different drives (rebooting each time). So I tested it on my Samsung 840 EVO and my Intel SSDs. There is no detectable performance hit, because even without the ATA password they're encrypting, so no change in performance. When the SSDs are removed and put in another machine, they are either not recognized or are simply unreadable, even with some basic forensic software.

So if you're concerned about you computer being stolen with all financial data on it, or the drives being stolen to get your personal/financial data, this is a far easier and more secure way of protecting your data on an SSD than Truecrypt or Bitlocker. For hard drives, though, I have no idea. Please note: I did not extensively examine how many characters can be used for the passwords, nor what extended character sets can be used.

 

[OlyAR15]

I guess the reality is that not a significant portion of the enthusiast population really cares enough about the encryption that they pressure the kobo manufacturers to include HDD passwords. I reached the same conclusion, and thought about using bitlocker (which can use the built-in hardware encryption) but to me it's not worth it since I really don't have any sensitive data on my PC.

 

[probedb2]

I think we already established that the ATA password is set when you set a User password in the BIOS? We're not talking about the password that protects the BIOS.

 

[VirtualLarry]

I think you misunderstand; nearly all PC and laptop BIOSs have had the option to set both master (admin) and hdd (user) passwords for many years. The password you set is the ATA (specification) password for a SED (self encrypting drive).

Not really. I can't recall the last time I've seen a HDD password option in the BIOS on a desktop board.