MY Book Duo - Hardware Encryption

Hi,

I am considering buying “My Book Duo” but I am not too sure about hardware encryption.

What I have found so far is that,

  1. Data on the disk is always encrypted, even if I have not specified a password, using some master key that resides on the disk enclosure (that is, its not possible to take out the disk and read it directly).

 2. The password we specify using WD Security, encrypts the master key so that no one can access it (and hence the data even if they have access to enclosure and disks both).

Both these features are infact what I want and are good, though

        Q1) What happens when the disk enclosure, which stores the master key, itself fails ?

        Q2) How can I get access to encrypted data on my disk drives?

        Q3)  I would assume the master encryption key on the enclosure is unique and it would not be possible to just replace the enclosure (even if it can be, it will be very difficult to find exact enclosure 3-4years down the line).

Even though failure rate of enclosures is low especially as compared to Hard Disks, I wouldn’t want myself to get locked out my data in case of such eventuality.

Can someone from the WD staff explain what are the recovery steps if this infact does happen?

Thanks,

1 Like

Hello,  

As you already mentioned the data inside the hard drive is encrypted for your protection and it is only available thought the My Book Duo enclosure. We recommend maintaining a backup of your data at all times, as a best practice to ensure the availability of your information and minimal potential data loss. There are many variables that can result in a failed
drive, such as power outages, accidental physical damage, internal component failure, and computer viruses, just to name a few. In any scenario,data recovery is not a failsafe. If you would like to know more information, about this I recommend you to contact support. 

Contact WD

One more thing to keep in mind is sometimes there is a problem with the password not working. Sometimes this happens after a firmware update or using on mutiple computers. There is no reset if that happens. 

Joe

Thanks Hamlet & Joe for your response.

A possible firmware upgrade locking us out of data is very disconcerting.

The whole point of buying an expensive RAID 1 enabled enclosure is to have an automatic mirror instead of going through the hassle of manually keeping a backup (which by its very nature of being manual is not reliable).

Even at enterprise level the harddisk configured in RAID 1+ level are usually not separately backed up in real time (there is no need for many reasons UPS, better support/ easy replacement for controller failure).

It seems WD didn’t think it through, a RAID 1 solution designed for consumer space should have a better/easier  recovery step.

Having a separate backup to save yourself from enclosure failure is a strech and expensive proposition for retail customers.

The enclosure/controller will eventually die (perhaps in many years but eventually it will without warning) and will leave people locked out of their data. I am surprised why there are not many complains about it.

To a retail customer a hardware encrypted, mirrored solution is a god send from all data backup/hacking woes.

WD has done a great job on levaraging this to sell their product but a pathetic job of warning/explaining about a very serious issue.

_ I hope some one from WD answers this and at least reassures about the support available. _

Thanks,

1 Like

I don’t have experience with RAID but I have seen people post about having problems recovering from a failed drive. I don’t know how difficult it is. Maybe 2 different drives and sync software would be a better solution and have one drive that wasn’t encrypted. If you have a RAID drive that get hit with a power surge your backup drive is also toast.

Joe

Hi TrinityFox, it all depends on your needs and how protected you want your data to be. If you are not interested in a device with hardware encryption, you might want to look at the My Cloud Mirror, this device gives you the option to encrypt only select folders. 

My Cloud Mirror

http://www.wdc.com/en/products/products.aspx?id=1200

Hello,

I’m thinking about getting a My Book Duo, but have some additional questions about how the encryption works.

  1. Can the password be set and unset as many times as I want? The purpose would be to turn it off in order to connect the drive when running a non-Windows OS, then turn it back on when using with Windows. Am I correct that the drives remain encrypted when the password is turned off?

  2. Does the WD Security SW in Windows need to be run to initially set a password for the first time, or can I skip installing the SW, and just use the My Book Duo’s virtual CD executable to set it for the first time?

  3. Is there something similar to tthe virtual CD executable that can be loaded into a UEFI-compliant computer’s firmware to allow submitting a password to the My Book Duo in pre boot, also for use when booting to a non-Windows OS.

Thanks TrinityFox for pointing this problem out. As I currently own a My Book Duo I am not happy not all about learning about this. I would like a new firmware solution to this problem ASAP. I am a loyal WD customer, but this severely makes me question my loyalty. I agree there is a simple solution, but they have done nothing to resolve it.

PLEASE FIX THIS!!!

I’m going to pile-on a bit here. Hardware encryption is a feature that perhaps 10% of customers would choose if they understood all of the implications. It is there to market a feature, not add value for users.

The response “we suggest you keep all your data backed up” is CYA talk. In particular why would anybody invest in RAID hardware if they knew they had to maintain a real-time copy manually? I do take the point that any system can fail, so you want to have as much redundancy as possible. But home users? Come on.

Data encryption should always be off by default, and it should be difficult to enable it. Data encryption actually makes your data less secure in one sense by increasing the ways the data can become completely inaccessible. Users need to understand the trade-offs.

3 Likes

As the hardware encryption is of concern to me I’ve proposed a testing methodology:

My proposed testing method

As I may end up executing this test, feedback would be greatly appreciated.

So, if the My Cloud Mirror enclosure fails, or if one of the drives fail then the drive can be taken out of the enclosure and be accessed on a PC? It is my understanding that on the WD Duo the drives are automatically encrypted and cannot be accessed outside of the original enclosure. I’m thinking the My Book Essential drive I have now that failed is the same way, cannot be accessed outside of the original enclosure. Guess what I have now is a 3Tb paperweight. LOL

Wow, thank you for the PSA. I didn’t realize I had a ticking time bomb under my desk. Luckily I only have 500GB occupied on a 4TB RAID1 setup on my WD Duo. I just transferred all the files off to another backup drive, and plan to pull the drives out and sell the enclosure.

As a replacement, I just bought a simple SATA Dual-Bay USB 3.0 Hard Drive Docking Station from Amazon. I’m giving up on RAID, and plan on just running 2 drives in JBOD mode, and just use software to mirror data across them on a schedule. This way, at any time, I have the freedom to just take one of the drives, and read it on any other computer, rather than being married to a particular enclosure or RAID controller setup. You guys probably just saved my hide a few years down the line!

A post was merged into an existing topic: Removed post