Manualshelf

User Manual

ManualsBrandsSeagate Technology ManualsSeagate Technology Hard Drives & StorageSeagate 2TB EXOS 7E2000 ENT CAP 2.5 HDD - ST2000NX0273
21222324252627282930
Enterprise Self-Encrypting Drive User’s Guide, Rev. B 20
3.1 Changing a BandMasterX password.
If the host suspects that a data band password may have been compromised, it can be changed at any time as shown
in Figure 12.
Figure 12. Changing the data band password
The initial condition is that the host has already authenticated to BandMasterX using the current password value then:
1. The host sends the new value for BandMasterX (new password) to the drive
2. The drive hashes the new password
3. The drive stores the new password digest on the media
4. The data encryption key (DEK) is retrieved from the encryption engine and encrypted with the new password
5. The drive stores the new encrypted DEK on the media
6. The old key values are erased from the media
7. The drive has a new BandMasterX password but the encryption key does not change
3.2 Summary
No keys are stored on the media in clear text format. All passwords are stored as hash digests and all data encryption
keys are stored as encrypted objects using their respective data band passwords as the encryption key. If a data band
is not conditioned to lock automatically on a power cycle, its DEK is encrypted using a secret key, known only to the
drive, prior to storage on the media. The owner may change a data band password at any time without affecting the
band’s DEK.