LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-10-2018, 08:56 AM   #1
linustalman
Senior Member
 
Registered: Mar 2010
Location: Ireland
Distribution: Debian 9 Stable (Stretch) x64
Posts: 3,038

Rep: Reputation: 342Reputation: 342Reputation: 342Reputation: 342
Question SSDs with hardware encryption busted.


Hi.

Regarding this tweet: https://twitter.com/matthew_d_green/...35094421712896

"Several SSDs with hardware encryption appear to be busted. But the really terrible thing is that Bitlocker apparently relies totally on the SSD encryption if you have it. https://www.ru.nl/publish/pages/9092...ft-paper_1.pdf … via @ProfWoodward"

Is HDD with full-disk LUKS in GNU/Linux far more secure so than most SSDs with full-disk LUKS encryption?

Last edited by linustalman; 11-10-2018 at 10:43 AM. Reason: I added "with full-disk LUKS encryption"
 
Old 11-10-2018, 01:04 PM   #2
jmccue
Member
 
Registered: Nov 2008
Location: US
Distribution: slackware
Posts: 288

Rep: Reputation: 135Reputation: 135
I have not heard of any issues with LUKS, so I guess the naswer is yes. So going forward, if you format the SDD and put LUKS on top of that, I would say you are OK.

I would avoid hardware encryption devices unless the hardware is fully 'open', you really never know what is going on due to the proprietary bits.

Last edited by jmccue; 11-10-2018 at 01:05 PM. Reason: grammer
 
Old 11-10-2018, 01:53 PM   #3
cantab
Member
 
Registered: Oct 2009
Location: England
Distribution: KDE Neon, Ubuntu, Debian.
Posts: 523

Rep: Reputation: 105Reputation: 105
Dang.

I've got an MX100 with a LUKS-encrypted volume on it. As mentioned I think, or maybe just hope, that the dm-crypt folks had the sense to not automatically trust hardware 'encryption'.
 
Old 11-13-2018, 01:55 PM   #4
zeebra
Member
 
Registered: Dec 2011
Distribution: Mageia, Slackware, Maemo
Posts: 432
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by linustalman View Post
Hi.

Regarding this tweet: https://twitter.com/matthew_d_green/...35094421712896

"Several SSDs with hardware encryption appear to be busted. But the really terrible thing is that Bitlocker apparently relies totally on the SSD encryption if you have it. https://www.ru.nl/publish/pages/9092...ft-paper_1.pdf … via @ProfWoodward"

Is HDD with full-disk LUKS in GNU/Linux far more secure so than most SSDs with full-disk LUKS encryption?
Why would you trust a manufacturer and their claims about some disk encryption stuff inbuilt and it working as intended? You should encrypt the disk yourself, using LUKS.
 
Old 11-13-2018, 05:50 PM   #5
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 17,247

Rep: Reputation: 2639Reputation: 2639Reputation: 2639Reputation: 2639Reputation: 2639Reputation: 2639Reputation: 2639Reputation: 2639Reputation: 2639Reputation: 2639Reputation: 2639
Locksmiths can open (door) locks. Does that mean you can't trust lock manufacturers and should give up using locks on your house ?.
Or maybe you should add anti-tank barriers ...

What are you trying to protect that anyone would care enough to go to all the trouble ?.
 
1 members found this post helpful.
Old 11-13-2018, 09:02 PM   #6
zeebra
Member
 
Registered: Dec 2011
Distribution: Mageia, Slackware, Maemo
Posts: 432
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by syg00 View Post
Locksmiths can open (door) locks. Does that mean you can't trust lock manufacturers and should give up using locks on your house ?.
Or maybe you should add anti-tank barriers ...

What are you trying to protect that anyone would care enough to go to all the trouble ?.
With that attitude you might as well use Windows.
 
Old 11-13-2018, 10:08 PM   #7
jefro
Moderator
 
Registered: Mar 2008
Posts: 18,634

Rep: Reputation: 2789Reputation: 2789Reputation: 2789Reputation: 2789Reputation: 2789Reputation: 2789Reputation: 2789Reputation: 2789Reputation: 2789Reputation: 2789Reputation: 2789
I's say LUKS is LUKS isn't it? Why would one implementation be greatly different??

Maybe some better source of this issue besides twitter would be helpful too??

I've seen security issues for decades. Saying this or that is secure tends to be proven wrong.
 
Old 11-17-2018, 11:22 AM   #8
linustalman
Senior Member
 
Registered: Mar 2010
Location: Ireland
Distribution: Debian 9 Stable (Stretch) x64
Posts: 3,038

Original Poster
Rep: Reputation: 342Reputation: 342Reputation: 342Reputation: 342
Question

So whether I use LUKS on an SSD or HDD - I'm good?
 
Old 11-17-2018, 08:19 PM   #9
zeebra
Member
 
Registered: Dec 2011
Distribution: Mageia, Slackware, Maemo
Posts: 432
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by wikipedia
The fact that disk encryption (volume encryption) software like dm-crypt only deals with transparent encryption of abstract block devices gives it a lot of flexibility. This means that it can be used for encrypting any disk-backed file systems supported by the operating system, as well as swap space; write barriers implemented by file systems are preserved
https://smallbusiness.chron.com/sams...ork-39204.html
 
Old 11-18-2018, 05:06 AM   #10
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 11,607

Rep: Reputation: 3494Reputation: 3494Reputation: 3494Reputation: 3494Reputation: 3494Reputation: 3494Reputation: 3494Reputation: 3494Reputation: 3494Reputation: 3494Reputation: 3494
I read somewhere: software encryption (LUKS) is ok, regardless of the device you have. Actually I can't find that page, but if you are really interested you will definitely find it.
 
1 members found this post helpful.
  


Reply

Tags
encryption, hdd, ssd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Hardware based encryption with SSD's, how is this working in relation to Linux? coralfang Linux - Hardware 6 05-15-2018 05:11 PM
LXer: Docker Doubles Down on Security With Nautilus, Hardware Encryption LXer Syndicated Linux News 0 11-16-2015 03:01 PM
Performance on Linux of SSDs with hardware raid, good? abefroman Linux - Hardware 1 02-04-2012 06:25 PM
LXer: Encryption busted on NIST-certified Kingston, SanDisk and Verbatim USB flash dr LXer Syndicated Linux News 0 01-08-2010 03:50 AM
Hardware real time encryption/decryption in Linux... Akonbobot Linux - Security 2 11-24-2004 02:33 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:46 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration