23

Let's assume I store sensitive information on a SSD and I want to erase it without secure erasing the whole drive. I erase or overwrite the file. The OS supports TRIM, so the block containing the sensitive information is marked for the garbage collector to erase.

How long can I expect the garbage collector to take to actually erase the block? Seconds? Hours? Never if the disk does not contain enough data yet? I understand this will vary depending on the SSD controller, but I don't even have an idea of the figures to expect. Any information or references to technical papers would be much appreciated.

marcv81
  • 381
  • 1
  • 8

1 Answers1

26

For keeping "sensitive information" you should consider the time to be "Never". Not only do you have TRIM to be concerned about, but if a cell is swapped out for "wearing out" that the data in that cell can never be erased as worn out cells in SSD drives do not loose their data but become read-only.

If you have sensitive information it must stored inside a encrypted container and a unencrypted version must never reside on the hard drive. Due to how modern software and operating systems work, quite often using temporary files that could contain a copy of the data you are working with, the only safe way to do this is do full drive encryption on the drive so there is no space for temporary files to be stored that is not encryptied.

(P.S. If the sensitive data was already on the drive unencrypted but then you encrypt the drive with full drive encryption you still must treat the drive as if it had unencrypted text on it. This is because some of the sensitive information could be sitting in one of those read-only worn out sectors and enabling full drive encryption can't overwrite those read-only cells. The only "safe" way to do it is encrypt a drive that has no sensitive information on it then start using it to store sensitive information only after full drive encryption has been performed.)

Scott Chamberlain
  • 30,694
  • 7
  • 96
  • 109
  • Good answer, thanks. I didn't know the dead cells would become read only. Any idea of the typical garbage collection time for cells which are nowhere near dying? – marcv81 Mar 30 '14 at 21:32
  • 3
    Unfortunately no, but when dealing with crypto I always keep the mindset that unless I have a specific threat model in mind I assume someone could die if I make a mistake and the unencrypted text gets out (and depending on the country a person is living in that statement can be ***very*** true) so I would never even want to "guess" at how long sensitive data could be readable, I just go with the most pessimistic number of "once it is written once in plaintext to the hard drive it is there forever". – Scott Chamberlain Mar 30 '14 at 22:11
  • 1
    Very sensible approach. I was wondering whether changing the (non-compromised) password of a TrueCrypt volume stored on a SSD made any sense, as the volume header with the old password could still be on the drive. Based on the garbage collection speed (or dead cells retaining their value) changing the password could actually weaken the encryption. – marcv81 Mar 30 '14 at 23:04
  • @marcv81 interesting idea, I don't know. I would rephrase your question and include the detail about how you are concerned about weakening true crypt encryption due to changing the password and go ask it over on http://security.stackexchange.com/ – Scott Chamberlain Mar 31 '14 at 03:23
  • @marcv81 If you change the password, why would it be a problem for the old password to still be on the drive? A) it should be hashed and thus unusable; B) it should no longer be valid for decrypting the drive, so even if they were to figure it out, they couldn't use it; C) If you're into security so deeply that you worry about an old password being compromised, you're unlikely to reuse that old password somewhere else. – Nzall Mar 31 '14 at 07:46
  • In short, you need a hammer and an incinerator. – Lightness Races in Orbit Mar 31 '14 at 08:27
  • 2
    @NateKerkhofs: If you change the password and the old volume header is not garbage-collected, then you have 2 volume headers on the drive. Agreed it's encrypted, but this is less secure than just 1 volume header. Also the TrueCypt model is such that a depreciated volume header is unfortunately just as good as the current volume header to decrypt the whole volume. – marcv81 Mar 31 '14 at 09:51
  • @ScottChamberlain: I first thought about asking on security.stackexchange.com, but I realised it all boils down to garbage collection algorithms/timing. This is why I asked here. I don't know what I could ask on the other site that I can't answer already, or that could not be rephrased as the question I asked here :) – marcv81 Mar 31 '14 at 09:53
  • Sensitive doesn't have to mean "top-secret information", it might just be personal info like your address, birthday, etc. which you might want to protect but which isn't exactly going to kill you if revealed... You don't have to come up with a threat model here, it's perfectly fine and useful to store the data unencrypted with the knowledge of how long/hard it would be for someone to extract that data from your disk typically, assuming that someone isn't an NSA agent or something. – user541686 Mar 31 '14 at 10:54
  • 1
    @Mehrdad The cost of data loss is part of the threat model, some [PII](http://en.wikipedia.org/wiki/Personally_identifiable_information) is much less valuable then the schedule and location for your next Revolutionary meeting. That is why a making a threat model is so important, and in the presence of no threat model I feel it is good to always give advice assuming the worst case situation. I don't know if marcv81 is storing PII or plans to overthrow the government, but my advice as written is useful to both. Is it over kill for PII absolutely, is this advice being used for PII, I don't know. – Scott Chamberlain Mar 31 '14 at 15:40