diskcryptor and SSD

Post Reply
maxlee
Posts: 1
Joined: Mon Feb 17, 2020 12:07 pm

diskcryptor and SSD

Post by maxlee »

Hello

How does Diskcryptor work with an ssd?
Are there any security issues?

Max

DavidXanatos
Posts: 48
Joined: Mon Jan 27, 2020 8:05 pm

Re: diskcryptor and SSD

Post by DavidXanatos »

Hi,

It works well, just don't set any wiping mode, to not necessarily wear out your SSD, that wont improve anything.


The paranoid rule about SSD's is that due to wear leveling and hidden over provisioning sectors, once plain text with truly sensitive data touched the SSD just throw it into a furnace and buy a new one.
This rule equally applies to any encryption software you may intent to use.

For using encryption on SSD's the advised practice is, encrypt the SSD using a secure password, before putting any sensitive data on it and keep it encrypted.

Now if you don't have super secret data it should be a reasonable trade of to encrypt the ssd and hope that after enough months of usage no encrypted sectors will remain in the overprovisioned area.
As this sectors can not be accessed normally for reading anyways your attacker would need to de-solder the flash chips one by one and read them out directly.

Also SSD's depending on their firmware like to preemptively erase unused sectors, as this benefits write performance a lot, hence it is a reasonable gamble to assume that the hidden sectors have been erased.

Also some SSD manufactures offer tools to erase the entire flash memory of the SSD including the hidden spare sectors.

That much to the paranoid side of things.

On a practical note, DC works just fine with SSD's and it supports the TRM command what is good for performance and long therm SSD health.

Cheers
David X.

Post Reply