BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] TrueCrypt with SSD

Subject: [Discuss] TrueCrypt with SSD
From: omegahalo at gmail.com (Chris O'Connell)
Date: Mon, 15 Aug 2011 09:07:26 -0400
In-reply-to: <20110815124530.GI4396@angus.ind.WPI.EDU>
References: <CADdmjq8ATpGBC85KJi=RnktAtox-NTEwf_3vEE5Mr1q0EP27Qw@mail.gmail.com> <003101cc5aed$9d2728c0$d7757a40$@nedharvey.com> <CAFv2jcbApV+RB6ZS3=AGg_Q5=9YzsWHSAa=Cf8HzjkncDpFk_g@mail.gmail.com> <000401cc5b40$d67e55a0$837b00e0$@nedharvey.com> <20110815124530.GI4396@angus.ind.WPI.EDU>

Does anyone know of any other methods to securing the data on a solid state
drive?  Any BIOS level or TPM integrated security?

On Mon, Aug 15, 2011 at 8:45 AM, Chuck Anderson <cra at wpi.edu> wrote:

> On Mon, Aug 15, 2011 at 07:45:26AM -0400, Edward Ned Harvey wrote:
> > Incidentally, what *is* the problem with TrueCrypt anyway?  It seems to
> me,
> > a hard drive looks like a hard drive whether it's a HDD or SSD.  I would
> > expect it to be fine.  Do they have any details anywhere, what is the
> > problem?
>
> Sure, an SSD looks the same as an HDD to the application running on
> it.  But unlike HDDs, SSDs perform (in some cases much) worse and wear
> out faster when they are full vs. when they still have empty unused
> space.  So the ATA TRIM (and SCSI Discard) command was invented as a
> way for the application (i.e. filesystem, RAID subsystem, LVM,
> encryption subsystem, etc.) to tell the SSD which sectors are free/no
> longer in use.  In a normal, unencrypted scenario, a disk starts out
> mostly empty--the sectors start out zeroed and are only written to
> when they are actually needed.  In contrast, encrypted disks are
> always completely "full" or "untrimmed", because from the time they
> are initially formatted and encrypted every sector is written to with
> non-zero data because the empty encrypted sectors (i.e. the unused,
> zeroed blocks of a filesystem living on top of the encrypted mapping)
> appear random once they are encrypted onto the underlying physical
> device.
>
> TrueCrypt and many other full disk encryption packages cannot tell the
> drive which sectors are actually free (and hence maintain them as
> zeroed sectors on the SSD) because they don't support TRIM.  Many of
> the packages don't want to support TRIM because it would leak
> information about the encrypted disk to a potential attacker.  That's
> pretty much it in a nutshell.
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

Follow-Ups:
- [Discuss] TrueCrypt with SSD
  - From: gaf at blu.org (Jerry Feldman)

References:
- [Discuss] TrueCrypt with SSD
  - From: omegahalo at gmail.com (Chris O'Connell)
- [Discuss] TrueCrypt with SSD
  - From: blu at nedharvey.com (Edward Ned Harvey)
- [Discuss] TrueCrypt with SSD
  - From: abreauj at gmail.com (John Abreau)
- [Discuss] TrueCrypt with SSD
  - From: blu at nedharvey.com (Edward Ned Harvey)
- [Discuss] TrueCrypt with SSD
  - From: cra at WPI.EDU (Chuck Anderson)

Prev by Date: [Discuss] TrueCrypt with SSD
Next by Date: [Discuss] 30% Apple
Previous by thread: [Discuss] TrueCrypt with SSD
Next by thread: [Discuss] TrueCrypt with SSD
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org