[Cryptography] Rubber-hose resistance?

Tom Mitchell mitch at niftyegg.com
Thu Dec 28 19:12:37 EST 2017 

On Sat, Dec 23, 2017 at 3:24 PM, Jerry Leichter <leichter at lrw.com> wrote:

> >
> >> Of course this is mostly moot with the rise of SSDs, which, as others
> have pointed out, are hard to erase with any certainty.
> >
> > You guys all seem to be ignoring Secure Erase. Any particular reason?
> > https://itpeernetwork.intel.com/secure-erase-certified-intel-ssd/
> Only available on some high-end Intel SSD's, and the software to talk to
> the drive to trigger it is available only on Windows.  It does appear to be
> based on a standard ATA (but not SCSI) command, so others could implement
> the command (in the hardware) or access to the command (in the software).
>
> Nice to see this is out there, but it's going to have to be much more
> widely available before it makes much of a dent.
>

As a feature of the drive and given Intel's recent blunder I fear this is
a massive data loss risk.   We have seen systems held crypto hostage but in
the
world of internet thugs this is a risk.  As for the Intel tool kit.

   - You need secondary access for target drive for Secure Erase.
   - Remove all drive partitions.
   - You cannot Secure Erase a current working drive.        <--- RAID
   controllers?
   - Securely destroy and properly dispose of replaced SSDs.
   - Windows 8*/8.1* and Windows® 10 do not allow secure erase.

To me this implies that the tool kit depends on Windows drivers and security
to  make the Tools work and Windows 8&10  permissions keep the toolkit from
doing 'stuff'.
But the command still lives in the device for hackers to discover.
The omission of Win8&10 is a big omission for businesses with travelers.
https://www.intel.com/content/www/us/en/support/articles/000006084/memory-and-storage.html
<-- Aug 2017

It seems to be Win7 only...  Is Win7 more secure than the OS that was on
the device and can
thus be relied on to wipe the drive. "Run Secure Erase on a secondary SATA
Intel SSD in Windows 7*"
per the release notes on the download page.

I wonder how it securely works... Is there a flash device with the digital
key and hardware to encrypt all writes and
decrypt all reads with little latency.   Removal/modification of the key
would be a near instant wipe.
Once the wipe was done (key wiped) can a TLA  pull the data using offline
analysis of captured hardware.
i.e. do they depend on encryption to make it work?  If so what crypto
applies?
Does 2147483648 separate blocks of data encrypted with a single key aid in
decryption of a terabyte
device or can this many data blocks be protected by a single key of unknown
length.

I guess devices in storage racks could be recycled from project to project
with minimum  managed risk of
data leaks from one project to the next.





-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171228/33044856/attachment.html>

More information about the cryptography mailing list