From: Milan Broz <mbroz@redhat.com>
To: Richard Zidlicky <rz@linux-m68k.org>
Cc: dm-crypt@saout.de, Felix Blanke <felixblanke@gmail.com>
Subject: Re: [dm-crypt] LUKS - SSD trim
Date: Fri, 23 Apr 2010 22:45:34 +0200 [thread overview]
Message-ID: <4BD206EE.9070606@redhat.com> (raw)
In-Reply-To: <20100423200901.GA8023@linux-m68k.org>
On 04/23/2010 10:09 PM, Richard Zidlicky wrote:
> On Fri, Apr 23, 2010 at 01:46:33PM +0200, Milan Broz wrote:
> As of cryptographic attacks: I have no idea how easy it is to retrieve the TRIM data and how
> it is stored internally. But in the worst (and not quite unlikely) case the device would have
> something like a log-structured trim record which - if extracted by some means would reveal
> not only the free block count but would allow to infer things like file sizes of almost all
> files and lots of the filesystem structure and history.
> It is impossible to overestimate the worst case information leak in this scenario.
I asked how TRIM (and SCSI discard) is handled and it seems that most of drives zeroes
trimmed blocks (or the function is internal to drive - so undefined, we must expect the worst case).
So it is clear that an attacker can recognize which block was trimmed (reading
zeroed blocks instead of "random" data). If there is some internal drive data
related to TRIM available, it can be even worse.
So the option to disable TRIM requests in dm-crypt layer seems to be quite useful
option to avoid these possible leaks.
> So even in case the disk was not cleverly filled by garbage it could still make a huge
> difference in some cases.
yes.
Still probably most of people can ignore it (even leaking of file & disk sizes is not problem),
but according to above, you are right it should default to safe operation.
(I used a quite stupid example to demonstrate the problem - take several SSD empty disks,
use encryption and then format it with FS which TRIMs free space. Use one disk to store
backup. Without TRIM you cannot say which disk contains data, with TRIM you can scan
disk and see used block statistics - so you know which disk you should watch or install
hacked fw etc:-)
Milan
next prev parent reply other threads:[~2010-04-23 20:45 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-21 22:48 [dm-crypt] LUKS - SSD trim Felix Blanke
2010-04-21 23:00 ` Milan Broz
2010-04-21 23:03 ` Felix Blanke
2010-04-22 2:17 ` Arno Wagner
2010-04-22 8:42 ` mark
2010-04-22 9:37 ` Milan Broz
2010-04-22 20:12 ` Felix Blanke
2010-04-22 22:20 ` Richard Zidlicky
2010-04-22 22:22 ` Richard Zidlicky
2010-04-23 8:49 ` Milan Broz
2010-04-23 10:20 ` Mikko Rauhala
2010-04-23 11:13 ` Richard Zidlicky
2010-04-23 11:46 ` Milan Broz
2010-04-23 20:09 ` Richard Zidlicky
2010-04-23 20:45 ` Milan Broz [this message]
2010-04-23 22:59 ` Richard Zidlicky
2010-04-24 15:59 ` Arno Wagner
2010-04-24 16:44 ` Richard Zidlicky
2010-04-24 17:01 ` Arno Wagner
2010-04-22 6:17 ` Heinz Diehl
2010-05-14 7:35 ` JG
-- strict thread matches above, loose matches on Subject: below --
2010-05-27 13:14 Christoph Anton Mitterer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BD206EE.9070606@redhat.com \
--to=mbroz@redhat.com \
--cc=dm-crypt@saout.de \
--cc=felixblanke@gmail.com \
--cc=rz@linux-m68k.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.