[Cryptography] LUKS on ATA versus on SSD

[Kent Borg]

On 12/31/25 3:54 PM, Douglas Lucas wrote:
> In other words,
> is ATA better for encryption because it's less complicated than SSD and
> therefore there are fewer things to screw up. An engineer once
> (oversimplifying) told me ATA just stores 1s and 0s, and therefore
> encrypting it with LUKS is straightforward, but SSD does a lot of
> remapping/algorithms/probabilities to try to speed things up, thus
> opening up a greater surface area of vulnerability

As far as I know when doing LUKS/dm-crypt it is a clean layer on top of 
a block device, and the block device can be anything that implements a 
block device. The bits that get presented to the layer below are 
encrypted the same whether it is spinning iron oxide ATA disk or an SSD 
flash memory or an S3 bucket. Recording it on a different medium can't 
magically break the encryption. Which makes sense if it is done 
correctly. So from a security perspective, the two should both be good.

That said, the two /are/ very different. SSDs tend to like to know when 
portions aren't used so use that space for wear leveling, and that needs 
to be passed down the layers. Linux knows how to do this, but things 
have to be configured right. I think this happens fine on the encrypted 
SSD in my laptop, but the SSDs I use for offline backups, in USB 
enclosures, don't seem to know fstrim, and I haven't figured why not. 
But this isn't a security hole.

-kb

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20251231/b2318e61/attachment.htm>