TrueCrypt and Hybrid Hard Drives

Discussion in 'privacy technology' started by JimmySausage, Nov 30, 2011.

Thread Status:
Not open for further replies.
  1. JimmySausage

    JimmySausage Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    53
  2. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    Not sure what you mean about TC Devs advising against full disk encryption for ssd drives. The only way to ensure data security with ssd drives is to use full disk encryption.
    The rule is to encrypt the entire drive before any sensitive data is written to it. That way, all data written to the disk is encrypted so it doesn't matter about wear leveling, sector swapping or whatever. If, on the other hand, you write sensitive data to a ssd or hybrid disk before encryption, you can't decide later to encrypt the disk. If you encrypt a ssd or hybrid disk that contains data, there will always be a chance that data fragments will be hidden by the disk controller where Truecrypt can't reach them.
     
  3. JimmySausage

    JimmySausage Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    53
    Now, I understand! What TC is saying is that if you already have purchased a SSD and have data on it, encrypting it does not ensure security. If however, as you said, you encrypt a new SSD and then add your data you should be as secure as using a regular hard drive.
    The only problem, from what I have read, is that SSd's take a big performance hit after WDE.
    Thank you for your response.
     
  4. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I encrypted a USB stick that had data on it, and then reformatted it. I assumed that I was effectively wiping it clean. Are you saying that there could still be data left on it?
     
  5. JimmySausage

    JimmySausage Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    53
    I would like an answer to that too.
     
  6. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    Yes, a reformatted Flash memory device can still contain data.
    The reasons is because many flash drives implement something called "wear leveling". Flash memory has a limited number of read/write operations. Eventually it wears out. To make flash memory last longer, manufacturers implement wear leveling by reallocating sectors each time data is written.
    A flash drive with wear leveling will contain at least 20% more memory than the specified capacity. This extra memory is inaccessible by the OS and generally inaccessible even with formatting tools.
    The flash control chip rotates physical sectors through this extra space whenever data is erased or overwritten.
    If you format the flash drive, some percentage of the existing data will be moved into the reserve space and the formatting will occur in memory space that was previously hidden. With special tools (usually low level diagnostic tools from the manufacturer) the hidden sectors can be accessed.
    You can find low level flash format tools but each manufacturer uses different protocols so there is no universal flash format tool.
     
  7. JimmySausage

    JimmySausage Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    53
  8. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Wow. So even though I encrypted the entire USB stick first, and then reformatted it, it could have still just shifted data around. So I guess the only way to protect privacy with a USB stick is to encrypt the entire device before anything is ever written to it. Thanks for explaining that.

    But just to be absolutely clear, there is no way to effectively wipe a USB stick and know with certainly that all of the personal data is gone?
     
  9. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    Yes and No.
    If the manufacturer of the flash drive specifically provides a low level format tool you may be able to fully wipe the drive. At that point, it would come down to how much you trust the manufacturer to provide a format tool that actually works. The only flash drives that I know of that can be fully erased are ones that use onboard encryption and have a self destruct feature built in. (ironkey for example)

    An interesting side note is that the newest flash drives have much more complex wear leveling strategy. This "self healing" and "garbage collection" can result in data block swapping whether or not you write to or format the drive. Law enforcement is beginning to find this problematic because they have been so far counting on finding deleted file fragments in the hidden sectors.
    Here is a link:
    http://www.theregister.co.uk/2011/03/01/self_destructing_flash_drives/
     
  10. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for that. That's really interesting. So what I gather is that newer USBs are beginning to employ this "self healing" technology, but they don't list any specific brands in the article. I guess what I will start doing is encrypt any new flash drive as soon as I buy it,.. with truecrypt. It's kind of a hassle though. But I like having some control. I appreciate your contributions.
     
Loading...
Thread Status:
Not open for further replies.