[dm-crypt] Possibility for safe Luks partition delete functionality

Arno Wagner arno at wagner.name
Thu Dec 12 01:49:37 CET 2013


On Thu, Dec 12, 2013 at 01:29:54 CET, Matthias Schniedermeyer wrote:
> On 12.12.2013 00:22, Sven Eschenberg wrote:
> > Well usually those SSDs don't use any ecryption key, as long as you don't
> > use a HDD password (supposedly). Of course they could possible create a
> > random key and then write 'zeros' during secure erase, which would
> > incidently result in random content.
> 
> As the Secure Erase on the SSD i tested only takes seconds, i would 
> assume they (optionaly) reset the key and mark all sectors for reuse in 
> the wear-leveling-table. And then erase the cells either in the 
> background or the next time they are used. IOW the data is not really 
> erase immediatly, only inaccessible by normal read commands.
> 
> > But judging from experience, it would be quite foolish to assume
> > manufactures do anything properly or the way you'd expect it ;-).
> 
> Excactly.
> There is no real way of verifying what actually happens and if it done 
> in a way that really is secure.
> 
> The "content"-key can be something like MD5(serial_no + generation_no). 
> Which looks random in each iteration, but would be easily cracked by the 
> manufacturer.

Indeed. Or the manufacturer has some kind of backdoor. That is why
I recommend several overwrites with zeros, followed by physical 
destruction for SSDs. Same, BTW, for "hybrid" drives.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare


More information about the dm-crypt mailing list