Security implications for Wear-Leveling of Hard Disks
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Security implications for Wear-Leveling of Hard Disks
Hi all,
I am surprised (from the searches I carried out on the net) that no one seems to have considered this danger so far as I can see...
I'm a little concerned about the implications on security for algorithms that opaquely shift data blocks around on disks to even-out surface wear rates.
In the good old days, if I wanted to wipe a file that documented my struggle to give up frosted strawberry donuts (for example) I knew where that file started on the disk and how long it was and could thus instruct the OS to wipe it with complete confidence.
Nowadays, however, with increasingly sophisticated use being made of W-L techniques and fancy, journaling file systems that separate meta-data from file content and whatnot and so forth, how can I still be sure that when I try to overwrite a personal and private file, that i AM actually doing precisely THAT, and not just nuking some virtual image of the thing which in reality remains preserved elsewhere on the disk?
It wouldn't be over writing if it remained the same somewhere else would it ? Overwrite takes care of the journal and a file is still a file, even if it's been moved slightly.
I believe your concern is valid, Completely Clueless, for the reasoning explained in this LQ post.
EDIT: my reasons had more to do with the hardware itself, rather than how the file systems work. Deleting a file at the file system level will leave lots of data still on disk because there is no point (security aside) to do the extra work of removing the content of what were once file data blocks after they have been freed by removing references to them. A common workaround for this issue is to write a single large file of, say, zeros to the file system until it fills and then delete it.
Last edited by catkin; 03-17-2010 at 08:38 AM.
Reason: Errant comma
It hardly matters really. Unless you are going to give your disk to someone with sophisticated low level hard drive recovery gear, your deleted files are not readable. When you've finished with the disk you can zero it, but as noted the bad blocks will not get overwritten.
Are you a spy or a govt. agent ?
If not, don't worrry about it.
I believe your concern is valid, Completely Clueless, for the reasoning explained in this LQ post.
Very interesting, Catkin. I recall WD have been using wear-leveling techniques in their normal (non-SSD) drive controllers for a while now. If one was unaware of this phenomenon, one would never know that 'wiped' data was in fact still readable - albeit not via conventional means.
I wonder if the same unsatisfactory situation pertains to USB thumb drives or even SD cards? At first sight, I would find it hard to believe there is as yet such a thing as a "USB stick controller" that opaquely maps out bad sectors of thumb drives, but has anyone any information to the contrary? It would need to be incorporated into the stick itself, presumably.
Firstly you keep saying opaquely, when you actually mean transparently. If you can't see it happening then it would be transparent.
Ah, semantics!
I recall finding the usage of these words counter-intuitive when I first learned them (not that I knew "counter-intuitive" then). Transparent means you can see through something. Opaque means you cant. Simple.
Except that neither means you can see inside the something so not so simple because people were using transparent to mean you could see inside something and opaque to mean you couldn't. People define language so I had to go along with it and struck on the idea that when the "something"s are boxes with things inside (as opposed to filters, window panes etc.) the transparent was applied only to the box, not to the things inside the box. From there it was a short step to extending "boxes" to more abstract concepts such as processes and financial accounts. Got it!
On that basis I go with Completely Clueless' usage; anything going on inside a USB stick controller is completely hidden using such instruments as are "to hand".
On that basis I go with Completely Clueless' usage; anything going on inside a USB stick controller is completely hidden using such instruments as are "to hand".
THanks, Catkin. As a non-technical person I have run up against this curious situation before. For example, with the word "partition" - which before I learned about disks, I took to mean a *divider* that separated things on either side of it. Like the Great Wall of China. Now I know in the virtual world, it is in fact *not* the divider, but a portion of that which the divider has divided!
Same with Ethernet. I always thought that meant a wireless connection (after "Ether" - the old term for space). Now it turns out to actually mean a *wired* connection in nerdspeak. How curious! It amazes me how even more confusing it must be for non-native English speakers.
Ah, semantics!
On that basis I go with Completely Clueless' usage; anything going on inside a USB stick controller is completely hidden using such instruments as are "to hand".
So it is transparent, both to you and the filesystem. Transparent means you can see through it as if it weren't there, which you can.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.