Re: [Full-disclosure] SSD and WDE
On Fri, Dec 17, 2010 at 3:16 PM, Paul Schmehl pschmehl_li...@tx.rr.com wrote: ... anyone aware of any academic or technical studies of whole disk encryption for solid state discs. what kind of details are you looking for? solid state and full disk encryption are a match made in heaven. the rest is just details... *grin* SLC over MLC and pair with on die accelerated AES. as with disk based, encryption renders all reads and writes effectively randomized. SSD removes seek hit but you have still invalidated read-ahead caching and other common optimizations. update firmware as nearly all devices have undergone wear-leveling, hw driver, and other fixes post launch. regarding wear leveling, FDE means never having to worry about secure delete, which may not be possible with reasonable effort on MLC SSD storage. SSD make fine compliment to hybrid storage; small fast SLC first tier backed by platters for extended duration and volume. key management of hybrid / multi LVM encrypted systems too long a tale to discuss here. but also not unique to SSD. hardware-based FDE is also just as applicable to SSD as other media. invoking CDE on demand a useful convenience. but also not unique to SSD. aside from MLC algorithm specific difficulties of data remanence all the usual disclaimers on zerisation and key management apply, including secure mode of operation. this also not unique to SSD. ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SSD and WDE
Hi Paul, I'm not aware if any, though I'm sure there are some. My understanding is that there shouldn't be any major issues with Full Disk Encryption on SSD. Modifying files might write the new data to a new physical sector, as part of wear levelling, leaving a copy of the old data in the old sector. This might provide some benefit to cryptanalysis. Compared to having a plaintext file system and then encrypting an existing file, which will possibly leave some or all of the plaintext behind due to wear levelling - FDE is much better. On 18/12/2010, at 10:16 AM, Paul Schmehl pschmehl_li...@tx.rr.com wrote: I've spent some time Googling and haven't found anything I wasn't already aware of. I'm wondering if anyone is aware of any academic or technical studies of whole disk encryption for solid state discs. Any issues uncovered that only apply to that specific combination and not to WDE in general would be of great interest. (I'm not interested in articles on the cold boot attack. I'm already familiar with that one.) -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson There are some ideas so wrong that only a very intelligent person could believe in them. George Orwell ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
