When will we see TRIM support for GELI volumes ?
Fabian Keil
freebsd-listen at fabiankeil.de
Wed Mar 20 13:04:04 UTC 2013
Daniel Kalchev <daniel at digsys.bg> wrote:
> The comment before about TRIM being bad idea with encrypted storage is
> very valid. You don't want anyone to know the layout of the data on the
> drive. Considering, that today anyone can have access to huge computing
> farms, anything that can make the task of decrypting more difficult is
> more than welcome. If you want to be safe, just use more performant
> drive and encrypt it all, with no gaps. The bigger the drive, the safer
> your data is.
Why would it be safer?
I agree that there might be scenarios in which one might not
want to disclose how much of the disk is used for actual data,
but I'd expect brute force attacks to concentrate on getting
the master key instead of dealing with every sector on its own.
As long as a single provider is used encrypting more data
shouldn't make this attack harder. Trimming could decrease
the chances of recovering a previous copy of the master key,
though.
Are you aware of other attacks on geli?
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-fs/attachments/20130320/ef6f1209/attachment.sig>
More information about the freebsd-fs
mailing list