From owner-freebsd-hackers@FreeBSD.ORG Sat Jul 5 01:11:38 2014 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 546FC65F for ; Sat, 5 Jul 2014 01:11:38 +0000 (UTC) Received: from mailout4.easymail.ca (mailout.easymail.ca [64.68.200.169]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0EAB925C3 for ; Sat, 5 Jul 2014 01:11:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mailout4.easymail.ca (Postfix) with ESMTP id 022CEE4BD for ; Fri, 4 Jul 2014 21:11:35 -0400 (EDT) X-Virus-Scanned: Debian amavisd-new at mailout4.easymail.ca X-Spam-Flag: NO X-Spam-Score: -4.399 X-Spam-Level: X-Spam-Status: No, score=-4.399 required=5 tests=[ALL_TRUSTED=-1.8, BAYES_00=-2.599] Received: from mailout4.easymail.ca ([127.0.0.1]) by localhost (easymail-mailout2.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C0bRP+NppMwH for ; Fri, 4 Jul 2014 21:11:34 -0400 (EDT) Received: from [192.168.42.161] (76-10-184-89.dsl.teksavvy.com [76.10.184.89]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mailout4.easymail.ca (Postfix) with ESMTPSA id 4F22DE37D for ; Fri, 4 Jul 2014 21:11:34 -0400 (EDT) Message-ID: <53B750C1.8070706@gooch.io> Date: Fri, 04 Jul 2014 18:11:29 -0700 From: Jesse Gooch User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.5.0 MIME-Version: 1.0 To: freebsd-hackers@freebsd.org Subject: Re: geli+trim support References: <7E2718485A3E405D89E5EAB331E9ED70@multiplay.co.uk> <53B6427D.1010403@gooch.io> <60445.1404461976@critter.freebsd.dk> In-Reply-To: <60445.1404461976@critter.freebsd.dk> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jul 2014 01:11:38 -0000 Hi, On 04/07/14 01:19 AM, Poul-Henning Kamp wrote: > In message <53B6427D.1010403@gooch.io>, Jesse Gooch writes: > >> IIRC, TRIM is bad for encryption anyway. You want everything to be >> random noise, even the empty sectors. TRIM defeats this. > > The problem is that there is nothing you can do. > > If you overwrite, your old sector is still unchanged somewhere in flash. > > If you TRIM, your old sector is still unchanged somewhere in flash, but > if you're lucky for slightly less time. Perhaps I misunderstand TRIM, isn't the point of TRIM that it zeroes out the sector ahead of time so it doesn't have to re-do it again when it stores more data in that sector later? > Doing both just means that you have both the original and the overwritten > content lingering in flash. > > GBDEs scheme with per sector PRNG keys is marginally better than > GELIs, in that the chances that both the sector and its key survives > is only 3/4 of the chance that the sector survives. > > Without access to and control over the Flash Adaptation Layer, > encrypting SSDs so they are safe against hardware access is impossible. > > For the paranoid: ... and a hostile FTL can make it much harder. >