[Cryptography] Rubber-hose resistance?

Jerry Leichter leichter at lrw.com
Thu Dec 21 17:21:00 EST 2017 

> The border crossing scenario just got more difficult.  If you copy
> anything to the laptop, and then try to erase it using software
> techniques only, there is no way to be sure that it's gone.
Correct.  As an interesting datapoint:  Apple's MacOS has a Disk Utility that does all kinds of low-level stuff on a disk.  It used to provide a Secure Erase option, which erased everything on a hard drive using well-known techniques.  It no longer does:  Apple no longer sells any devices with "spinning rust" disks, just SSD's; and there is no secure way, even if you are the OS/driver author, to do a secure erasure.

Note that this is problem arises *because SSD's implement a backwards-compatible interface to a disk*.  The underlying technology is actually not a great match to the way disks work; there's a lot of code inside and SSD to make the device "look like" a disk.  The underlying layer *could* securely erase all the contents; and an interface to request erasure *could* be provided.  Such interfaces have been proposed and perhaps even implemented, but as far as I know none has actually been implemented in a mass-market product.  (It would not surprise me to learn that parts with this capability exist in specialized markets, e.g., for the military.  The prices would likely be extremely high.)

For the rest of us, probably the best thing to do is to encrypt everything before it goes to the device.  Destroy the key, and the device is logically erased instantly.  (Both iPhones and some Android devices actually do this.)

Of course you run into the "turtles all the way down" problem:  If you store the key on the device itself ... how do you erase it when you can't control what gets written where?

> I suppose now it's safest just to shred the SSD physically before you
> return from the trip.  Either return with no hard drive or install a spare.
While the information may be *present* on the drive, getting it out requires specialized hardware and techniques.  How valuable is this information?  How serious an attack are you concerned about having to survive?
                                                        -- Jerry

More information about the cryptography mailing list