Last week, six of the world's largest hard disk drive manufacturers announced specs for a full-disk encryption standard.  It's similar to what hard drive encryption software providers like AlertBoot offer, except it comes built-in into the drive itself.

The news, of course, is that there is an agreed-upon standard: Hitachi, for example, is one of the companies that already sells hard drives factory-equipped with encryption technology.

However, one thing puzzled me at the time: what happens if someone forgets their password?  With an encryption service provider like AlertBoot, it's just a matter of calling up the company, verifying your identity, and having the password reset.  You can do this over the internet if you feel that picking up a phone is too much of a hassle.

(Of course, this means you have to have easy access to a second computer.  For example, a home computer that your kids use exclusively, and hence is not encrypted with the password you've forgotten.)

So, I assumed that there would be a contingency plan of some sort, since the issue of forgotten passwords (and, with increasing frequency, forgotten usernames) is an obvious one.

For the moment, it looks like you're royally screwed if you forget the password: if you forget it, you're locked out.  And since the drive is encrypted, your data is lost...forever.

Multiple Passwords Can Be Created For The Same Drive

However, things need not be so bleak.  More than one password can be created for the same drive, according to this Computerworld article, so the theory is that, if you forget one password, you use another one to access the contents of your computer.

I'm not too crazy about this approach, however.  Doesn't this mean you're essentially making your data less secure?  I mean, instead of one entry point to your data, now you have two or more.

And since encryption is only as strong as its weakest link, it means you'd have to ensure that the second (or third, or fourth, etc.), infrequently-used password is very strong.  In fact, it must be as strong as the encryption key itself.  Otherwise, what's the point?

Ways Of Accessing Encrypted Data 

Generally, there are two ways of accessing encrypted data: find out the username and password to the encrypted data, or figure out the encryption key.

Encryption keys cannot be changed easily.  Whereas changing a password doesn't affect the encryption state of your data, changing keys would require data to be decrypted and then re-encrypted with the new key.

This is probably the main reason why almost no one gets new encryption keys once they have one in place.  It's also the reason why encryption keys are as random as possible and as long as possible--the chances of figuring out the key becomes an unachievable goal after a certain length, due to all the possible character combinations.  If keys weren't random or long, they'd have to be changed frequently, just like passwords.

For example, brute-forcing 50% of all key combos found in 128-bit encryption would take centuries, even with today's supercomputers.  So, once a key is generated, most people keep it.  Because encryption keys are so hard to crack, hackers attack the passwords.

Passwords are shorter, and generally not as random.  Because users can't remember random strings, most use actual words. This allows a hacker to grab a list of words (i.e., a dictionary) and run a script to see if matches can be found.  Some scripts are sophisticated enough to combine words, attach numbers to words, etc.

Now imagine that you've got two or more passwords, probably weak passwords (if your passwords are generally shorter than 10 characters in length, it's considered weak, regardless of how random it is.  Welcome to the world of fast processors).

It would be just a matter of time--we're talking hours or days here--before someone gains access to the data.  The more weak passwords you have, the greater the chances of a hacker hitting on something that will match.

A Moot Point? (Updated: February 4, 2009)

I see here that John Bedrick, from CryptoMill Technologies, has commented on the issue.

According to him, "lost or forgotten passwords are not an issue."

"…there are software solutions that work with these new TCG FDE drives that enable a user or organization to recover their data by doing a password reset (or in some less secure options a password recover) and then all is fine again with the world…"

It sounds like what AlertBoot already offers with their centrally managed encryption.  This prompts two questions, though.

1. Why the implication, in the Computerworld article, that lost passwords are an issue for these new drives?  The sub-headline and initial wording is tricky enough that I was led to believe it was an issue (I have to admit I kept having second thoughts about this post.  Something didn't sound right with that article; it seemed to want to couple lost passwords and data recovery together, which are separate issues.)
2. How will consumers be able to access these recovery services?  I mean, are they signed up for them automatically (doubtful...there must be some kind of identity verification process to ensure that a thief is not calling in), or will they have to enroll separately?  Will it mean additional costs?  Something to keep an eye on, I guess.

Related Articles:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9127178&taxonomyId=19&intsrc=kc_top
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126869