Sunday, April 28, 2024
Homepage · security
 Popular · Latest · Hot · Upcoming
7
rated 0 times [  7] [ 0]  / answers: 1 / hits: 5790  / 1 Year ago, sat, november 12, 2022, 1:55:00

I recently installed Ubuntu 13.10 on an SSD drive using the "encrypt the new Ubuntu installation for security" option. I wanted to enable TRIM, so was following the guide provided here.



One step says to add the discard option to /etc/crypttab. However, the crypttab man page somewhat vaguely states:




WARNING: Assess the specific security risks carefully before enabling
this option. For example, allowing discards on encrypted devices may
lead to the leak of information about the ciphertext device
(filesystem type, used space etc.) if the discarded blocks can be
located easily on the device later.




What exactly are the security risks of enabling TRIM on an encrypted SSD partion/drive?


More From » security
 Answers
5

The warning just want to say, that if you enable the discard option, the firmware of your SSD will zero out the unused blocks on your drive. And these zeroed blocks can be easily identified and analyzed for a pattern.



Obviously the zeroed blocks will show the attacker the unused space and because of that he will know what is the used space. So if he want to crack the encryption he will have to deal with a smaller encrypted data, because he won't care about the unused blocks. And from the pattern of the unused blocks the attacker may be able to guess the filesystem type and the filesystem parameters, which may help him in cracking the encryption.



I'm not a cryptographer nor a cryptoanalyst but these informations are likely just a minimal help for the attacker. I think the warning is just there because in cryptology every minimal leaked information about the encrypted data can lead to the break of the encryption. So the authors of this encrypting software wanted to inform you that you have better security without enabling that feature, but how much better is not really known, because we can't know how much these leaked information help the attacker in breaking of the encryption. Obviously if the authors thought that the enabling of this feature would lead to a bigger than minimal risk for the encryption then this feature wouldn't be present in the software.



If you want to know more about this topic I advise you to read this article from Milan Broz and the comments on that page which also contain some good links. From that good article I paste here his conclusions:





  • If there is a strong requirement that information about unused sectors must not be available to attacker, TRIM must be always disabled.

  • TRIM must not be used if there is a hidden device on the disk.
    (In this case TRIM would either erase the hidden data or reveal its position.)

  • If TRIM is enabled and executed later (even only once by setting option and calling fstrim), this operation is irreversible.
    Discarded sectors are still detectable even if TRIM is disabled again.

  • In specific cases (depends on data patterns) some information could leak from the ciphertext device.
    (In example above you can recognize filesystem type for example.)

  • Encrypted disk cannot support functions which rely on returning zeroes of discarded sectors (even if underlying device announces such capability).

  • Recovery of erased data on SSDs (especially using TRIM) requires completely new ways and tools.
    Using standard recovery tools is usually not successful.



[#27700] Saturday, November 12, 2022, 1 Year  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
theurn
Add To Favorites
Follow
Total Points: 30
Total Questions: 110
Total Answers: 111
Location: Bahrain
Member since Fri, Sep 16, 2022
2 Years ago
theurn questions
Tue, Apr 5, 22, 14:18, 2 Years ago
Mon, Feb 14, 22, 16:29, 2 Years ago
Sat, Apr 8, 23, 05:26, 1 Year ago
Tue, Jan 10, 23, 23:59, 1 Year ago
Fri, Apr 8, 22, 01:36, 2 Years ago
View All
;