Main Area and Open Discussion > Living Room
SSD usage recommendations
4wd:
It's amazing, I was thinking of exactly the same thing re. the security of SSDs, a few months ago when there was a thread here about the merits of SSD for a new system.
I'm wasn't sure I was interested in going for SSD for my main system drive back then given the security concerns. Now that they've been confirmed, I'm even less inclined.
After all a 150GB Velociraptor is the same price as a 64GB SSD and given that I don't have a pagefile, (which I wouldn't have with an SSD either), I'm wondering just how beneficial the SSD would be given I currently have a 50GB OS partition and the rest of the drive, (590GB), is given over to relatively infrequently accessed data.
Maybe I would be better off with a 'Raptor.
f0dder:
Security concerns, 4wd? It's simple: if you are going to toss out the SSD, put a hammer to it. Or, if the SSD supports the ATA "secure erase" command (and does it properly), that'd be safe.
You cannot compare Velociraptor and SSD performance, they're worlds apart. Sure, Velociraptors have OK sequential read/write speeds (even if lower than most SSDs), but as soon as you start doing random I/O or multiple streams, it's performance dies just like all other mechanical drives.
Eóin:
Another related question is one of encryption, I wonder if using TrueCrypt full disk encryption is worthwhile, or even advisible?
* SSDs and TrueCrypt: durability and performance issues
* TrueCrypt Docs - Wear-Leveling
4wd:
Security concerns, 4wd? It's simple: if you are going to toss out the SSD, put a hammer to it. Or, if the SSD supports the ATA "secure erase" command (and does it properly), that'd be safe.-f0dder (February 22, 2011, 04:29 PM)
--- End quote ---
I wasn't specifically talking about EOL of the product, eg. you're silly enough to leave your laptop on display in the car or someone nicks your PC from home.
I thought one of the points of the article was that Secure Erase wasn't properly implemented in some controllers and there was no way you could verify it had done it.
“The danger, however, is that it relies on the controller to properly sanitize the internal storage location that holds the encryption key and any other derive values that might be useful in cryptanalysis,” the researchers wrote. “Given the bugs we found in some implementations of secure erase commands, it is unduly optimistic to assume that SSD vendors will properly sanitize the key store. Furthermore, there is no way to verify that erasure has occurred (e.g., by dismantling the drive).”
--- End quote ---
And that's even using drive encryption, at least with a HDD I can verify to a very high percentage that any data I wiped using one of the many secure wipe programs will indeed be unrecoverable to the general public.
I'll have to fully read the pdf but do they specifically mention any SSD controllers to either use or avoid?
Sorry, I know the random access will give the SSD the advantage over the HDD, I was just wondering if it was worth it in my case.
f0dder:
I wasn't specifically talking about EOL of the product, eg. you're silly enough to leave your laptop on display in the car or someone nicks your PC from home.-4wd
--- End quote ---
Then you're no better (or worse) off than with a mechanical drive :)
I thought one of the points of the article was that Secure Erase wasn't properly implemented in some controllers and there was no way you could verify it had done it.-4wd
--- End quote ---
Well, yes - that's the short version. There's some drives that don't support Secure Erase, and one that says it does but doesn't do anything. For the rest of the drives, you need to build custom hardware to get at the data - and you'll only be able to get at a (low) percentage. In other words: this isn't an attack you should fear as a normal person, people are only likely to launch an attack like that against really high-profile data.
“The danger, however, is that it relies on the controller to properly sanitize the internal storage location that holds the encryption key and any other derive values that might be useful in cryptanalysis,” the researchers wrote. “Given the bugs we found in some implementations of secure erase commands, it is unduly optimistic to assume that SSD vendors will properly sanitize the key store. Furthermore, there is no way to verify that erasure has occurred (e.g., by dismantling the drive).”
--- End quote ---
And that's even using drive encryption, at least with a HDD I can verify to a very high percentage that any data I wiped using one of the many secure wipe programs will indeed be unrecoverable to the general public.-4wd
--- End quote ---
Keep in mind that for the AES-encrypted drives, what the paper says is that they can't verify the AES key has been wiped from storage. Now, I haven't studied the ATA specs in detail, so I'm not sure how this is stored, but hopefully it's stored in encrypted for and unlocked with the passphrase you send to the drive... so this isn't something I'd lose sleep over as a normal user, but it definitely something drive makers will want to address ASAP to retain enterprise trust.
I'll have to fully read the pdf but do they specifically mention any SSD controllers to either use or avoid?-4wd
--- End quote ---
I only skimmed the paper, but as far as I can tell they don't drop any names :(
Sorry, I know the random access will give the SSD the advantage over the HDD, I was just wondering if it was worth it in my case.-4wd
--- End quote ---
Hard to tell - depends on what you do. Even without special needs, it does speed up everyday stuff a fair amount... the problem is that you get used to it, so after half a year it doesn't feel zippidy fast anymore, but all HDD based computers seem like slugs :)
Eóin: I don't think wear-leveling + TrueCrypt is a problem for us regular people, as even if somebody seized or systems, they wouldn't be subjected to heavy and expensive crytpanalysis. I dunno if there's even any public AES attacks that can utilize knowledge of multiple encrypted blocks, or if it's only in the secret NSA backdoor labs ;). But it's definitely a valid concern as well.
It sounds likely that TrueCrypt can cause performance or even lifetime degradation of drives - consider that SandForce controllers emply compression to enhance both, and encrypt "has a peculiar tendency" (;)) to make data uncompressable.
Navigation
[0] Message Index
[*] Previous page
Go to full version