On Fri, Aug 24, 2012 at 05:23:05PM +0200, Thomas B?chler wrote: > Am 24.08.2012 17:06, schrieb Milan Broz: [...] > > But there is no perfect solution. > > Interesting write-up. If you are really paranoid, it seems you must back > up all data, perform ATA security erase and put the data back on the > disk (and then perform ATA security erase on the backup). That may not be enough, see Section 3.2 of http://cseweb.ucsd.edu/users/swanson/papers/Fast2011SecErase.pdf Unfortunately, no manufacturer names given. My current take is that the only reliable thing is to have LUKS key-slots individually larger than the spare area and then overwrite all free space with random data after a key-slot change. That way the SSD would be unable to hold an old key-slot. For a 240G SSD that may mean key-slots > 16GB each. Also, you cannot be sure how much Flash capacity an SSD actually has without opening it. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
