Am 24.08.2012 17:54, schrieb Arno Wagner: > On Fri, Aug 24, 2012 at 05:23:05PM +0200, Thomas B?chler wrote: >> Am 24.08.2012 17:06, schrieb Milan Broz: > [...] >>> But there is no perfect solution. >> >> Interesting write-up. If you are really paranoid, it seems you must back >> up all data, perform ATA security erase and put the data back on the >> disk (and then perform ATA security erase on the backup). > > That may not be enough, see Section 3.2 of > > http://cseweb.ucsd.edu/users/swanson/papers/Fast2011SecErase.pdf > > Unfortunately, no manufacturer names given. > > My current take is that the only reliable thing is to have LUKS > key-slots individually larger than the spare area and then overwrite > all free space with random data after a key-slot change. That way > the SSD would be unable to hold an old key-slot. For a 240G > SSD that may mean key-slots > 16GB each. Also, you cannot be > sure how much Flash capacity an SSD actually has without > opening it. Okay then. If you are paranoid, burn the entire SSD if your passphrase is corrupted.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
