On 10/17/2012 07:28 PM, Andreas Hartmann wrote: > I read a few articles about encryption with SSD. With linux / dm-crypt / > cryptseup luks, plausible deniability isn't given at all because of the > architecture of cryptsetup luks and the not completely crypted disk. You can have separated LUKS header (with recent cryptetup) and if you have filled device with random, you can map another device with different offset into it. So you get the same arch like "plausible" deniability in truecrypt, just it need some script magic. But not possible with TRIM obviously... (hidden disk, possibly mapped to unused outer disk space, could be discarded). > Are there any known successfully carried out attacks (= partition / > filesystem was decryptable by the attacker) on crypted partitions on > SSDs which would have been not successful without TRIM enabled or is it > (as of today :-)) more of theory? I don't think so. Discarded blocks are kind of side channel, you get more info about device (like I tried to show it here - I can detect filesystem from cipherdevice pattern here http://asalor.blogspot.cz/2011/08/trim-dm-crypt-problems.html Also read FAQ http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#5._Security_Aspects But without another weakness it should not lead to decryption of data (and if attacker can repeatedly get snapshots of ciphertext device, it can be problem even today). I would like people to tink about the problem, assess the risks and if discard is acceptable for their particular use case, no problem switch TRIM on. And the most common case - encrypted laptop to secure data against random thief - should still work even with TRIM. But targeted attack is something different. Really, you need particular threat model to say if it is a problem. Milan -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
