Does WD Drive Lock encrypt the data?
Solution 1:
No encryption, it locks the hard drive so data cannot be accessed, this is done by a chip on the hard drive controller board, they are very hard to break into if you do not have the password, some makes/models are impossible even by data recovery/crack experts.
The stronger the password the harder it is to crack it.
If you put the locked drive into another PC it cannot be unlocked even if you have the password.
Some laptops provide a utility to lock a hard disk with a password. These passwords are not the same as BIOS passwords. Moving a locked hard disk to another machine will not unlock it, since the hard disk password is stored in the hard disk firmware and moves with the hard disk. Also, adding a new (unlocked) hard disk to a locked machine may cause the new hard disk to become locked. Also, note that hard disk lock passwords cannot be removed by reformatting the disk, fdisk or any other software procedure (since the disk will not allow and reads or writes to the disk, it cannot be reformatted.) Usually, the BIOS password and hard disk lock passwords are set the same by a user and we can recover the BIOS password directly from the laptop security chip (after it is removed from the system board.) However, it is possible that the BIOS password and hard disk lock passwords may be set different. In this case the BIOS password will not unlock the hard disk.
. Source
Solution 2:
To set the record straight for future readers, it is poor security without encryption. In theory you could simply remove the disk platters and place them in a different drive to read the data. You don't need to know the password then.
Solution 3:
There is much confusion about how Western Digital data drives that are labeled as having "hardware encryption" actually operate. I was also confused after buying 2 of their 6TB models on sale until I read several reports by 3rd party reverse engineering tech teams more nerdy than me (uber-nerds) along with the comments of a few very helpful respondents across several forums.
Based on the common findings from those teams and my own systems design experience, I think, but would never guarantee, the following points are correct. I welcome any corrections that are based on direct 1st person research and validation:
1. Western Digital's Hardware Encryption WD's "hardware encrypted" drives, like some "My Book" models, e.g., contain an AES encryption chip whose circuitry is optimized for applying AES encryption to ALL data to and from the drive.
AES chips are now mass produced, cost little, and do their computational magic faster than the throughput of most, if not all, mechanical drives.
As such, WD always encrypts the drive using an internal random passkey. Due to the AES chip's computing power, there are little, if any, discernible manifestations of their operation - such as delays or reduced throughput.
2. Always Encrypted? How can the drive always be encrypted when it seems to be accessible on any machine I plug it into without ever having enabled encryption?
This is because the drive system uses a fixed internal random passkey value, often referred to as "K" in some deep tweak papers, which acts as the one and only encryption key for the drive. That passkey is used to encrypt and decrypt all data to and from the drive from its first I/O operation.
In other words, you can neither enable or disable the encryption nor change the encryption key. The only thing you can change is access to the drive by creating your own passkey for that drive. That key is for access only. It has no effect on the encryption that is always enabled.
This is different than the method where the user creates a passkey that is used to encrypt the data. E.g., as with popular software encryption programs like Truecrypt (now defunct), its retooled opensource replacement Veracrypt, old PGP (now Norton), and OS solutions like Windows Bitlocker.
There is a moderate downside to the "always encrypted" approach. In addition to the risk of the expected mechanical drive failures you also can lose the data if the drives AES circuitry were damaged or fried. It may not be as simple as pulling the physical drive from its enclosure and popping it into another housing. If the AES module is deep within the actual drive, this may be a moot point.
This issue should not be a problem if you follow standard backup methodology. To wit: You should always buy two drives for backup. The 1st is the backup of your system while the second is a backup of the backup. I can attest that, in the past, when I had only one backup drive, I'd be working through the night sitting on eggshells, playing with the ONLY copy of my data. After pulling the 1st 1,000 files or 200 folders, you can easily fall prey to brain out and delete the files from the wrong drive.
Repeat 3 times: AT ANY TIME, I WILL LOSE ALL THE DATA ON MY DRIVE!
4. "LOCKING" a WD encrypted drive with a passkey merely tells the drive that any further access will require the user to enter that user passkey. The user passkey is not used to re-encrypt data. The data remains unchanged and encrypted with the same internal random passkey as always. The user passkey simply restricts access to the drive. No more - no less.
5. How secure is it? This is where many teams and security experts disagree greatly. One of the reverse engineering teams suggested there are a couple of back doors - ways of getting access to the internal key. However, I have yet to see any mention of an easy automated way to instantly use such a technique without a lot of effort. One team did suggest this but more as a supposition - not by a demonstration.
A key thing to consider in all these discussions is that there is no system yet for which there are one or more treatises on how it can be cracked or violated.
Until someone documents a witnessed and verified test of a method that cracks a WD encrypted drive with a simple program that could be mass produced and used my many to access most or all WD drives using this method, I'd estimate the security level of WD encrypted My Book type drive as about 7/10 on the basis that no system yet warrants a 10/10 and the best I've ever read about might be a 9/10.
6. Cost-Benefit Always Dictates One should also note that there has yet to be developed an affordable high throughput encryption system for consumer use that could not be cracked within hours to months by anyone with the budget of the NSA, China, or Russia. Yes, slower, multi-level methods can be made nearly uncrackable but they may also be impractical for daily use.
7. How important are you, really? Just ask yourself: What is the required budget of those I fear would try to access my data and what threat does that represent to your well-being. No agency or group is going to spend 4-7 figures to get into your bank data unless you are Bill Gates or Warren Buffet.
~ fin ~
Solution 4:
This may be no longer true. The bits on the platters are encrypted with a random key once generated by the firmware and stored in the controller electronics. So if you exchange the platters or the drive electronics you have no chance to recover the original data (Backup becomes even more important in this case). The user password is simply used to encrypt/lock the drive internal random key. If you cannot unlock the drive electronics to enable access (only for the drive electronics) to the random key and decrypt it, all data is lost! Or safe as you like to see it.
So you can very easily securely erase a hard drive by simply forgetting this random key. You no longer can decrypt the real data on the sectors.
See also SED (Self Encrypting Devices) on Hardware-based full disk encryption and the chapter "Disk Sanitization".
Here is also an article by heise.de about the WD Security Feature: Festplatten mit eingebauter Verschlüsselung
It is in german but may be Google Translate can help you.