On 08.11.2017, Merlin Büge wrote: > To avoid information leakage about the storage device's usage patterns, > it is generally recommended to fill the entire device with random data > before setting up encryption. It is also recommended to issue an 'ATA > secure erase' to SSDs before using it to avoid performance issues. As far as I know (and the fine people here on the list will surely correct me if I'm wrong), there is no need to do anything else than partitioning your SSD and establish a crypto device via device mapper. Of course, somebody with access to your harddisk will be able to identify which blocks are real data and which are not, but it won't have any impact on the security of our data unless the underlying device mapper has a major bug or the crypto is broken. Most of the "security flaws" are more of an academic nature. Yes, TRIM does make it possible to gather data on patterns of disk usage. It may also be possible to identify (or guess) the underlying filesystem. But does this ultimately lead to data access? Most probably not. Wear levelling is often discussed to be a problem, because old data may linger somewhere in the dark depth of memory cells. As long as you don't change the password/keyslot and a password with enough entropy is used, I can see no real danger. Most of the encrypted data is being "decrypted" because of keyloggers, physical access to the machine while running, trojans, viruses and weak passwords - and not because of using an SSD. Attacking the crypto itself is plain stupid, unless you have found the holy grail of mathematics. Cheers, Heinz _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
