NSA foils most encryption (NYT)

[dualstow]

I take it most of you have read this already? Seems like just a few short years ago that Skype felt safe.
I have mentioned in the past that my mom was employed by NSA in the 60s. We think she was a codebreaker but even now, she's not talking. ;-)

Anyway, scary stuff:
http://www.kurzweilai.net/nsa-cracks-mo ... es-reveals

[dualstow]

Related: I thought I heard on the Leo Laporte radio show (aka "The Tech Guy" show) that if you don't prepare an SSD drive for encryption when you first set it up, it can be cracked. Is this true?

[Xan]

I think the issue with SSDs and encryption is that SSDs have a lot more storage than is exposed to the computer.  In SSDs, reading and writing are fast, but erasing is slow.  So, for example, when the operating system requests that a particular piece of data be overwritten, rather than actually overwrite the data, it writes the new data to a new place, and then maps the location of the old place to the new data.

The implication here for privacy is that if you use the SSD for sensitive data for a while, then encrypt it, that there could still be a lot of unencrypted data physically stored in the flash chips.

I believe there are tools for most SSDs which do a complete erase, which should mitigate this.  On the whole, though, I would rate the difficulty of extracting useful data from a previously-unencrypted-but-now-encrypted SSD as extremely difficult.  If the NSA wanted your data there would probably be many easier ways of getting it.

[dualstow]

Thanks, Xan. I hope that's all there is to it.

I remember reading about scientists getting at a drive's data by freezing it, but I don't remember what kind of storage it was.
I didn't learn until recently that zeroing out a conventional hard drive doesn't help much, because writing to them leaves an impression like a pencil that has written hard on a pad. No wonder people melt them.

[Pointedstick]

I didn't learn until recently that zeroing out a conventional hard drive doesn't help much, because writing to them leaves an impression like a pencil that has written hard on a pad. No wonder people melt them.

That's why for real security, you have to write random data to the whole drive 7 or more times.

[Tortoise]

I didn't learn until recently that zeroing out a conventional hard drive doesn't help much, because writing to them leaves an impression like a pencil that has written hard on a pad. No wonder people melt them.

That's why for real security, you have to write random data to the whole drive 7 or more times.

Or you could invent a time machine, build it, and then go back in time to prevent the hard drive from ever being built. 

Seriously, though, what the hell kind of data are you guys storing on your drives?? 

[dualstow]

Wouldn't you like to know. 

[dualstow]

I was looking at a newer version of an SSD drive I bought last year. The product description of this new & pricier one includes this bit:

The Crucial M500 SSD is a self-encrypting drive (SED) based on the rigorous standards established by the TCG Opal specification. Combined with applications like Microsoft BitLocker or Wave Systems’ EMBASSY Trust suite, our AES 256-bit hardware encryption engine (that’s integrated into the controller of the Crucial M500) allows the drive to operate at full speed without the performance loss that’s typically associated with non-SED drives using software-based encryption technology.

I have no idea what the above means, other than the AES part, but since like most people I am not planning on going up against NSA, this is pretty heartening. Self-encrypting. Sounds like SSD is still a good option.

Still, that Snowden leak mentions not just codebreaking but introducing weaknesses into some encryption technologies. Sigh.