From: Matthias Schniedermeyer <ms@citd.de>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Possibility for safe Luks partition delete functionality
Date: Wed, 11 Dec 2013 21:55:16 +0100 [thread overview]
Message-ID: <20131211205516.GA21128@citd.de> (raw)
In-Reply-To: <20131211191607.GA9082@fancy-poultry.org>
On 11.12.2013 20:16, Heinz Diehl wrote:
> On 11.12.2013, tada wrote:
>
> > I was wondering if it is possible to add something like shred or wipe
> > functionality for Luks devices, call it luksWipe, to safely delete the
> > luks header
>
> You can do that easily by running dd against the first MB's of the
> respective partition..
>
> dd if=/dev/zero of=/dev/sdaX
That heavily depends on who is the "bad guy" and what storage technology
is used.
For a non-hybrid HDD a single pass is suppossed to be enough to
permanently overwrite anything there was before, no recourse whatsoever.
(Or only the millions of dollar range, a.k.a. "State sponsored enemys")
Non-rotating-platters-of-rust, namely NAND-Flash, are much trickier. If
you only need to defend against an attacker investing a handfull of
dollars (a.k.a, let's connect the thing and see what we get with
standard "get me block X"-commands) a single overwrite/TRIM/Secure Erase
is enough.
But with just slightly more money (a.k.a., let's desolder the chips and
see what's the raw contents) it's gets tricky pretty fast. Like you have
to overwrite the (whole(?!)) contents with random data several times and
you would still not have a 100% guranteed that the original content is
really overwritten and not sitting somewhere as "spare" waiting to be
reused.
Altough at least some current SSD (don't know which ones) are supposed
to be secure if you use Secure Erase. Thoses SSDs always encrypt the
content as a way to guaranteed randomness of the data, which is supposed
to be better for the flash-cells. So when you need a "scrambler" anyway,
you just use AES256 and also have something you can advertise, 2 flies 1
stone. So when you secure erase such a SSD it (supposedly) discards the
previous encryption key and generates a new one. If that is implemented
correctly (which you or i can't really proven one way or the other) it
would be safe. A single Secure Erase (overwriting not necessary)
effectivly would make the problem "you need to brute force an AES256
key" to even get to the RAW content.
--
Matthias
next prev parent reply other threads:[~2013-12-11 20:55 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-11 18:59 [dm-crypt] Possibility for safe Luks partition delete functionality tada
2013-12-11 19:16 ` Heinz Diehl
2013-12-11 19:18 ` Heinz Diehl
2013-12-11 20:21 ` Arno Wagner
2013-12-11 21:48 ` Heinz Diehl
2013-12-11 22:53 ` Arno Wagner
2013-12-12 6:11 ` Heinz Diehl
2013-12-11 20:55 ` Matthias Schniedermeyer [this message]
2013-12-11 23:22 ` Sven Eschenberg
2013-12-12 0:29 ` Matthias Schniedermeyer
2013-12-12 0:49 ` Arno Wagner
2013-12-15 2:55 ` Robert Nichols
2013-12-15 12:47 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131211205516.GA21128@citd.de \
--to=ms@citd.de \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.