Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] overwrite ssd with random data before encryption?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
haVok
n00b
n00b


Joined: 21 May 2013
Posts: 49

PostPosted: Sat Dec 28, 2013 2:40 am    Post subject: [SOLVED] overwrite ssd with random data before encryption? Reply with quote

I know about the secure erase function for ssd's, but also normally one would overwrite with random data before encrypting, is this also true for ssd's or is this bad?

Last edited by haVok on Sat Dec 28, 2013 4:37 am; edited 1 time in total
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2970
Location: Germany

PostPosted: Sat Dec 28, 2013 3:57 am    Post subject: Reply with quote

The main reason to overwrite an SSD with random data is if you had unencrypted data on the SSD and you want to be extra sure that it's gone. Random data will force the SSD to actually write it (as opposed to trimming or compressing it, which it could do if you used zeroes), thus making sure data was overwritten (except for the SSDs sector reserve).

Code:
shred -v -n 1 /dev/delete_this_disk


Other than that, there is no need to overwrite the SSD with random data. You could TRIM it completely instead and then set up cryptsetup etc. to allow TRIM. That way you have encryption while still allowing the SSD to use optimal wear leveling.

Code:

blkdiscard /dev/discard_this_disk
cryptsetup luksFormat -c aes-xts-plain64 ...
cryptsetup luksOpen --allow-discards ...


If your SSD reads trimmed areas as zeroes, it will be easy to tell how much "free space" is on that SSD even when encrypted. It will also tell where data is located. However that is only a real problem if you use an insecure cipher ( http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/ ). Most encrypted setups have more severe weak points in other places (e.g. if /boot is on the SSD, your initramfs can be manipulated), so that revealing free space is really a non-issue.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum