Seagate ST500LM020 Podręcznik Użytkownika Pobierz pdf (Strona 46)

Self-Encrypting Drive Management | Wave Systems Corp.  2012

ESC 2.9.5 Client Manual

8.12 Drive Recovery

Drive recovery enables IT staff to deliver an out-of-band password to recover a locked drive. This is done

through what is called a challenge-response. The client with the lost password will pull up the recovery

screen and be displayed a challenge, a series of thirteen characters, to be read to the IT staff member.

The IT staff member will then use the challenge to generate a recovery password, which the client will

enter into pre-boot to unlock the drive.

For Challenge-Response Recovery, Wave offers:

• Drive-based Challenge-Response Recovery (128 bit)

• Drive-based Challenge-Response Recovery (256 bit)

• User-based Challenge-Response Recovery (128 bit)

• User-based Challenge-Response Recovery (256 bit)

One offers a shorter recovery password to type (128 bit), and the other offers additional cryptographic

strength. Both methods are secure. If AES 256 is required, an AES 256 SED is recommended with a 256

bit recovery mechanism. For each ESC challenge-response recovery mechanism, a thirteen character

recovery challenge is provided from the client to the IT staff member. The IT staff member will then

provide a thirty-one character recovery password if the drive uses 128 bit recovery mechanism, or a

sixty-two character recovery password if the drive uses a 256 bit recovery mechanism..

Most will prefer to use User-based Challenge-Response Recovery because it will automatically sign one

into their Windows account, even if the Windows password is forgotten. The automatic sign into

Windows after recovery requires the Single-Sign on policy to be configured. To access the User Recovery

screen, press the CTRL key and ‘R’ key simultaneously at the pre-boot screen.

The other recovery method is called Drive-based Challenge-Response Recovery. Both Drive-based and

User-based will unlock the drive, however Drive-based will not automatically sign one onto Windows.

Drive-based Challenge-Response Recovery would typically be used by IT Staff when unlocking a

computer for service. To initiate Drive-based Challenge-Response Recovery, press the CTRL key and ‘X’

key simultaneously at the pre-boot screen.

Each set of letters are grouped between hyphens, and contain a checksum. If a set of letters between

hyphens are typed incorrectly, you can go back and correct them before moving forward.

The challenge/response uses Base-32 encoding. This means a

challenge, or recovery password will never contain numbers one ‘1’, or

zero ‘0’. This helps to prevent confusion with the letters “I” and “O”

1 2 ... 41 42 43 44 45 46 47 48 49 50 51 ... 62 63

Brak uwag

Seagate ST500LM020 Podręcznik Użytkownika Strona 46