Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] TrueCrypt with SSD



Does anyone know of any other methods to securing the data on a solid state
drive?  Any BIOS level or TPM integrated security?

On Mon, Aug 15, 2011 at 8:45 AM, Chuck Anderson <cra at wpi.edu> wrote:

> On Mon, Aug 15, 2011 at 07:45:26AM -0400, Edward Ned Harvey wrote:
> > Incidentally, what *is* the problem with TrueCrypt anyway?  It seems to
> me,
> > a hard drive looks like a hard drive whether it's a HDD or SSD.  I would
> > expect it to be fine.  Do they have any details anywhere, what is the
> > problem?
>
> Sure, an SSD looks the same as an HDD to the application running on
> it.  But unlike HDDs, SSDs perform (in some cases much) worse and wear
> out faster when they are full vs. when they still have empty unused
> space.  So the ATA TRIM (and SCSI Discard) command was invented as a
> way for the application (i.e. filesystem, RAID subsystem, LVM,
> encryption subsystem, etc.) to tell the SSD which sectors are free/no
> longer in use.  In a normal, unencrypted scenario, a disk starts out
> mostly empty--the sectors start out zeroed and are only written to
> when they are actually needed.  In contrast, encrypted disks are
> always completely "full" or "untrimmed", because from the time they
> are initially formatted and encrypted every sector is written to with
> non-zero data because the empty encrypted sectors (i.e. the unused,
> zeroed blocks of a filesystem living on top of the encrypted mapping)
> appear random once they are encrypted onto the underlying physical
> device.
>
> TrueCrypt and many other full disk encryption packages cannot tell the
> drive which sectors are actually free (and hence maintain them as
> zeroed sectors on the SSD) because they don't support TRIM.  Many of
> the packages don't want to support TRIM because it would leak
> information about the encrypted disk to a potential attacker.  That's
> pretty much it in a nutshell.
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org