| Rich Freeman on 7 Nov 2018 13:09:48 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Fwd: Self-Encrypting Solid-State Drive Vulnerabilities |
On Wed, Nov 7, 2018 at 2:32 PM Keith C. Perry <kperry@daotechnologies.com> wrote: > > One of the more interesting notices... > > I'm curious,was anyone using this? > Bitlocker in win10 uses this by default if the drive advertises support for it, so it is a big deal if you use Bitlocker. I checked my one windows laptop and it was using software encryption. You can force this using group policy editor. I suspect use of this in Linux is less common, but it can be done. hdparm can be used to access drive security settings. I have used this for secure erase. Typically I do this in addition to overwriting the drive contents, in the hopes of clearing any data the drive might be storing in inaccessible areas. I believe secure erase is sometimes implemented by having drives encrypt data by default using a session key stored in flash, and then just changing the key. So, your drive might be encrypting everything even if you don't tell it to - if so it is just a black box to the user. However, this might not be super-common otherwise I'm not sure how hard drive recovery shops would work. In any case, if you're using secure erase on top of overwriting, then the amount of data that might be leaked would be pretty minimal. Obviously if you're using software encryption (LUKS/etc) on top of the disk then it really doesn't matter what vulnerabilities the drive might contain. At most it might leak encrypted data that was thought to be overwritten, which shouldn't be a problem if your encryption is decent. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug