From owner-freebsd-hackers@FreeBSD.ORG  Fri Jul  4 08:19:39 2014
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 8B1F3404
 for <freebsd-hackers@freebsd.org>; Fri,  4 Jul 2014 08:19:39 +0000 (UTC)
Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222])
 by mx1.freebsd.org (Postfix) with ESMTP id 50B442D72
 for <freebsd-hackers@freebsd.org>; Fri,  4 Jul 2014 08:19:39 +0000 (UTC)
Received: from critter.freebsd.dk (unknown [192.168.48.2])
 by phk.freebsd.dk (Postfix) with ESMTP id 2B4861578;
 Fri,  4 Jul 2014 08:19:37 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
 by critter.freebsd.dk (8.14.9/8.14.9) with ESMTP id s648Ja7J060446;
 Fri, 4 Jul 2014 08:19:36 GMT (envelope-from phk@phk.freebsd.dk)
To: Jesse Gooch <lists@gooch.io>
Subject: Re: geli+trim support
In-reply-to: <53B6427D.1010403@gooch.io>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
References: <alpine.BSF.2.00.1407020036280.4507@wojtek.tensor.gdynia.pl>
 <7E2718485A3E405D89E5EAB331E9ED70@multiplay.co.uk>
 <53B6427D.1010403@gooch.io>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <60444.1404461976.1@critter.freebsd.dk>
Date: Fri, 04 Jul 2014 08:19:36 +0000
Message-ID: <60445.1404461976@critter.freebsd.dk>
X-Mailman-Approved-At: Fri, 04 Jul 2014 11:42:18 +0000
Cc: freebsd-hackers@freebsd.org
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jul 2014 08:19:39 -0000

In message <53B6427D.1010403@gooch.io>, Jesse Gooch writes:

>IIRC, TRIM is bad for encryption anyway. You want everything to be
>random noise, even the empty sectors. TRIM defeats this.

The problem is that there is nothing you can do.

If you overwrite, your old sector is still unchanged somewhere in flash.

If you TRIM, your old sector is still unchanged somewhere in flash, but
if you're lucky for slightly less time.

Doing both just means that you have both the original and the overwritten
content lingering in flash.

GBDEs scheme with per sector PRNG keys is marginally better than
GELIs, in that the chances that both the sector and its key survives
is only 3/4 of the chance that the sector survives.

Without access to and control over the Flash Adaptation Layer,
encrypting SSDs so they are safe against hardware access is impossible.

For the paranoid:  ... and a hostile FTL can make it much harder.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.