[Cryptography] LUKS on ATA versus on SSD
Tom Mitchell
mitch at niftyegg.com
Wed Jan 7 04:08:13 EST 2026
On Wed, Dec 31, 2025 at 7:11 PM Douglas Lucas <dal at riseup.net> wrote:
> For a nomadic freelance journalist, does it matter whether I deploy LUKS
> for drive encryption on an ATA drive or on an SSD drive? In other words,
> is ATA better for encryption because it's less complicated than SSD and
> therefore there are fewer things to screw up.
>
.....
>
> Also, ChatGPT claimed the below, but I'm not sure what or how much it
> means regarding plausible deniability setups or ATA vs SSD security
> under LUKS:
> ===
> Encryption + Wear Leveling
>
Wear leveling and automatic sparing of "blocks" should not matter today.
With LUKS, Linux Unified Key Setup, a standard for full disk encryption on
Linux systems, provides strong security for entire drives or partitions
using dm-crypt. All data of interest will be encrypted on the media. A
block that is remapped by the drive will have old encrypted data without a
context making it darn hard to recover a secret.
Secure drives that support an erase command discard the saved encryption
key and generate a new key for all future writes that begin with making a
file system. They are almost standard.
I might recommend one disk/partition key set to support booting the OS
and then a different key for /home/your-data.
Look into your content management editors for insecure backup file work in
progress. Automatic Copies in temp directories ;-}
Make sure you can securely and safely boot the machine to prove it is a
functional computer at TSA airport stations.
i.e. /home/your-data is not needed to boot. Perhaps multiple user accounts.
Sleep mode, screen saver, auto shut down, power off, true power off, syslog
files.
Important: passwords, identity and key management is hard. Do not mix OS
and personal data keys.
Data backups are still a necessary thing so backup in a way you know,
understand and can verify.
First pass LUKS works well. Second pass, poor key management can be a
problem.
How does a Journalist communicate with his/her editor and office (tools and
process)?
--
T o m M i t c h e l l (on NiftyEgg[.]com )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20260107/b271b133/attachment.htm>
More information about the cryptography
mailing list