[Cryptography] LUKS on ATA versus on SSD

[Jon Callas]

> On Dec 31, 2025, at 22:57, Douglas Lucas <dal at riseup.net> wrote:
> 
> Thanks. Question below.
> 
> On 2026-01-01 00:40, Kent Borg wrote:
>> As far as I know when doing LUKS/dm-crypt it is a clean layer on top
>> of a block device, and the block device can be anything that
>> implements a block device.
> 
> Is that -- block device can be anything that implements a block device
> -- because of how Turing machines / Godel numbering work, basically?

Think of it slightly differently -- you're right but over-complexifying it. In the Bad Old Days, there was Physical IO. For a disk (and they were all rotating rust), physical IO was a three-dimensional coordinate of [track, sector, platter] and even a geometric concept of "cylinder" which is important for performance. Physical IO would make your tear your hair out, and was also heavily restricted --- in VMS, for example, there was a privilege for doing physical IO that was as dangerous as being in kernel mode. Then there was Logical IO, which for a disk was that you number the blocks as an array, through a mapping that is device-specific. Today, just about all "physical" geometry is abstracted by the device's internal operating system, and a disk is presented to us as an array of logical blocks. (On some devices, there are abstractions that are an analogue of physical IO because there's areas for replacing damaged blocks, etc. and sometimes but not always ways to get to them. It's complex.) Utilities like `dd` in unixes are all at the LBN level --- buttttttt, it's complex. There's also Virtual IO, and on simple disk systems you can think of Virtual IO to be a per-file analogue of Logical IO. You open the file, write block 1234. That ends up being LBN 98765 on the disk, and who knows where off in physical land. And it gets even weirder because the good old 512 byte block still exists despite the fact that actual physical and logical blocks are anywhere from kilobytes to megabytes depending on many things.

Some Virtual IO systems are even weirder, like Content Addressed Storage, where the location of the data is (handwave) its hash. IPFS does this along with others.

Popping the stack back to SSDs, they live in an utterly different physical world, where they not only store huge chunks of data (where huge might be a few K), but there are weird performance things, like speed --- because the bits actually are rotated in serially, the fact that NAND flash literally uses NAND operations to put stuff in (and NOR flash does exactly what it says on the label, too), and that there are other weird things, like that if you write too many bits of the same value in together, it's both slower and takes more space. So internally, they use a "whitening function" that takes the data bits and transform them into something that's mathematically pseudorandom, so as to maximize the bit-flipping in oh, say a block of zeroes, so we don't expand the data nor make it slower to read later. Spoiler: a really popular function for this is AES, which is how we got lots of hardware disk encryption everywhere, and why in early days it was so whackadoodle like having a constant key, or things were just done in ECB mode. Anyway, the details of how this is all done still changes so fast that things that were accurate when I started typing this paragraph are no longer true. And it's New Year's Day, which lots of people have off.

Going back to rotating media, even that is bizarre compared to the old days. You know about the whole multiple-write, various pattern stuff and how data slightly bleeds at the edges of a track and scary agencies can read "remanence" of the data. Well, that was true in the 1980s, with RLL type disks. The last RLL disk I had was a 300MB full-height 5.25" drive in my VAXStation II. While those considerations were indeed once true, if you are using a disk that uses this new-fangled SCSI stuff, or even later than that, it's all changed, you don't have to worry about it. 

Modern rotating media does not actually write "bits" onto the media. They write an analog (audio) waveform that derives from a pseudorandom function (and what's everyone's favorite function? That's right, AES!) and the internal software of the disk uses dead-reckoning to find the right position -- there aren't even geometric sectors any more! All one's intuition about how it works are just abstractions of a mystery religion and none of us here have been inducted into its arcane ways.

Which means that yeah, actually thinking about it with Godel numbering is not a bad way to think about it, really. Heck, content-addressed storage is pretty close to Godel numbering. 

	Jon