[Cryptography] Rubber-hose resistance?

John Gilmore gnu at toad.com
Tue Dec 26 03:21:41 EST 2017


> Actually no, most SSDs sold since the late 2000s have supported the
> feature set, and on Linux the hdparm command has supported it since
> 2005.

Not only SSDs, but also spinning magnetic hard drives, implement ATA
Secure Erase.  It is the standard way to erase a magnetic hard drive
these days, and generally does a better job than "writing zeros on
every block" or "writing random numbers on every block" because the
firmware actually knows the characteristics of the drive, can erase
remapped blocks, etc.  It's also much faster and doesn't tie up the
CPU nor bus with transferring all those zeroes.

ATA Secure Erase erases the *entire* drive.  When I travel
internationally, I bring a USB stick with a bootable Linux
distribution.  Before crossing a problematic border like the US
border, I boot the USB stick and use it to erase the internal hard
drive completely.  Any data that needs to stick around permanently was
already scp'd to a server that I trust, before erasure.  After
crossing the border, I boot the USB stick and reinstall Linux on the
hard drive.  (If the goons have had access to my USB stick, all it has
on it is a standard Linux distro.  And rather than depend on it after
they meddle with it, I can just grab a fresh Linux distro from a
reliable Linux distro server.)

There's a similar sort of erasure called the TRIM or "discard" command,
that tells the drive that a certain list or range of blocks are now
garbage and need not be retained while garbage collecting an SSD or
SDcard.  For example, the mke2fs command in Linux issues a TRIM for
the entire partition that it is creating a filesystem in, unless the
"-E nodiscard" option is set.

Foolishly, though, there is no SECURE TRIM command that would require
the firmware to explicitly erase all copies of the data from those
blocks -- so TRIM is ***NOT*** any good for data security, just for
performance.  Since stale copies of blocks from any part of an SSD or
SDcard can be intermixed with other blocks from anywhere on the medium,
you have to securely erase the *entire* medium to be sure of removing
all the copies of your previously written data.

	John

PS: Apple's laptops screw you from being able to securely erase your
internal hard drive, by "locking" the drive in the BIOS.  You can
still erase it, but you have to open the case and power cycle the
drive by removing it briefly.  The lock is released by the power
cycle, and THEN you can issue a Secure Erase command (e.g. using the
Linux hdparm command).  Another good reason to skip Apple products.


More information about the cryptography mailing list