Silk Road forums

Discussion => Security => Topic started by: 57 on August 29, 2013, 05:39 pm

Title: Wear leveling and SSDs, USB Flash
Post by: 57 on August 29, 2013, 05:39 pm
hello

maybe i missed the thread, but i don't see anyone speaking to wear leveling and SSD drives.  it seems impossible to securely erase any SSD or USB / Compact Flash drives due to this wear leveling technology.  even writing 0's to a disk does not securely overwrite any datas.  this seems to be a concern to truecrypt as well.  from what i understand, this is the case and i would recommend using a spinning disk without wear leveling technology built in.

577
Title: Re: Wear leveling and SSDs, USB Flash
Post by: Bazille on August 29, 2013, 09:05 pm
I think the main problem with TrueCrypt (or any encryption software) and SSD is that the device can't be securely wiped. If there was any sensitive data on the SSD before encryption there is no guarantee that you can get rid of it. As far as I remember it' may also easier to tell which parts of the drive are encrypted and which are not, which could make it easier to crack the encryption. It may also make plausible deniability impossible when using hidden volumes.

However even without encryption SSD's may  be a pain in the ass for forensics, if the user did a simple quick format:
http://news.techworld.com/security/3263093/ssd-fimware-destroys-digital-evidence-researchers-find/-/
Title: Re: Wear leveling and SSDs, USB Flash
Post by: kmfkewm on August 29, 2013, 09:19 pm
Some of the modern SSD can be secure wiped because they have built in encryption that is always used, even without password. Then you just need it to be able to wipe the encryption keys, which it seems to be able to do without worrying about wear leveling. So if you get a modern SSD it is possible that you can securely "wipe" it, but it is a different sort of wipe than a HD wipe. With HD you are actually overwriting the data so it is not there at all when you are done, with SSD you overwrite only a tiny bit string but once that is gone your data is impossible to access by someone who cannot break AES-256 with a 256 bit truly random key.
Title: Re: Wear leveling and SSDs, USB Flash
Post by: 57 on August 30, 2013, 04:12 pm
thanks for the comments, friends

it seems that anyone using an SSD should make sure not to write any sensitive data to the disk before creating an encrypted volume.  even after encryption, if the keys are discovered, it would be possible to uncover an old version of the encrypted volume, so deleting data inside of an encrypted volume is also vulnerable

i've been reading a lot about poor implementation of the "secure wipe" function of SSDs and how it has not been implemented properly in most cases

it sounds to me that users should be discouraged from using SSD if they are storing sensitive data.  i know i will stick to spinning disks.