[Cryptography] Security on TRIM for full-disk encrypted SSDs

[Valmiky Arquissandas]

>> On Apr 19, 2016, at 5:03 PM, Valmiky Arquissandas
>> <crypto-metzdowd at kayvlim.com> wrote:
>> 
>> I understand at least some of the theory - encrypted information is
>> supposed to be indistinguishable from random noise, and TRIM reveals
>> patterns; and a plausible deniability scenario would probably be
>> unacceptable.
> 
> Can you please explain?
> 
> Assuming reasonable encryption, I do not understand what patters are
> being revealed.

The pattern is not in the ciphertext, but in the blocks marked by the 
TRIM operation as unused. Without decrypting the block device, you know 
which blocks are being used or not.
Since you can tell which blocks are unused, you can definitely infer 
information like the disk usage, and I *think* these blocks of free 
space may form patterns that can be used to identify the filesystem (as 
different filesystems organize their information in their own unique 
structure, and how they free their space should also be unique).

The plausible deniability scenario should be obvious by now: one can 
hardly argue their drive is just full of random data when there are 
visibly scattered unused blocks (that may form an identifiable pattern).

(I'm taking an uncompromising stance on whether these patterns exist 
because I don't know if wear-leveling makes a difference. I'm supposing 
it works at a lower level and is irrelevant to this discussion, but I 
can't say I'm sure.)