On Sat, Jul 17, 2010 at 09:13:13AM +0200, Heinz Diehl wrote: > Hi, > > I just took a closer look at one of the (new?) hybrid harddisk drives, > such as the Seagate Momentus XT, and now I'm wondering if this > is a top level security problem. If I understand it correctly, the 4 GB > SSD memory on the harddisk operates independendly of the drive itself, > acting as a buffer/cache for virtually all the data stored to the drive. Some > logic in the harddrives controller is going to serve the 4 GB SSD memory > part, which is not available/accessable to the OS. > > In other words: such hybrid drives can not safely be encrypted with > LUKS/dmcrypt (or any other WDE software), because the controller > randomly swaps out 4 GB data to the SSD area, and even after shutting > down the machine, parts of/the whole LUKS header/key could possibly > be left on the SSD part? There is only one risk, namely a keyslot with an old, later changed key still being on the SSD part. That is a real risk. However, it is only a risk if you change a key and the old one is a security problem before the old keyslot in the SSD cache is at least partially overwritten. Keys never get written to disk, whether hybrid or not. Doing that would be a massive risk in the first place, whether hybrid or not so it os never done. For plain dm-crypt there is absolutely no risk at all. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
