Trim on encrypted SSD--Urandom first?

Posted by cb474 on Ask Ubuntu See other posts from Ask Ubuntu or by cb474
Published on 2012-04-12T01:27:40Z Indexed on 2012/04/12 5:41 UTC
Read the original article Hit count: 267

Filed under:

encryption

|

ssd

|

trim

My understanding (I'm not sure I'm getting this all right) is that if one uses Trim on an encrypted SSD, it defeats some of the security benefits, because the drive will write zeros to empty space (as files are deleted).

See: http://www.askubuntu.com/questions/115823/trim-on-an-encrypted-ssd And: http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html

My question is: From the perspective of the performance of the SSD and the functioning of Trim, would it therefore be better to simply zero out the SSD, before setting up an encrypted system, rather than writing random data to the drive, with urandom, as one usually does?

Would this basically leave one with the same level of security anyway? And more importantly, would it better enable the Trim functionality to work as intended, with the encrypted SSD?

© Ask Ubuntu or respective owner

Related posts about encryption

SQL SERVER – History of SQL Server Database Encryption

as seen on SQL Authority - Search for 'SQL Authority'
I recently met Michael Coles and Rodeney Landrum the author of one of the kind book Expert SQL Server 2008 Encryption at SQLPASS in Seattle. During the conversation we ended up how Microsoft is evolving encryption technology. The same discussion lead to talking about history of encryption tools in… >>> More
Encryption is hard: AES encryption to Hex

as seen on Stack Overflow - Search for 'Stack Overflow'
So, I've got an app at work that encrypts a string using ColdFusion. ColdFusion's bulit-in encryption helpers make it pretty simple: encrypt('string_to_encrypt','key','AES','HEX') What I'm trying to do is use Ruby to create the same encrypted string as this ColdFusion script is creating. Unfortunately… >>> More
Confused about encryption with public and private keys (which to use for encryption)

as seen on Stack Overflow - Search for 'Stack Overflow'
I am making a licensing system when clients ask my server for a license and I send them a license if they are permitted to have one. On my current system I encrypt the license using a single private key and have the public key embedded into the client application that they use to decrypt the license… >>> More
Encryption Product Keys : Public and Private key encryption

as seen on Stack Overflow - Search for 'Stack Overflow'
I need to generate and validate product keys and have been thinking about using a public/private key system. I generate our product keys based on a client name (which could be a variable length string) a 6 digit serial number. It would be good if the product key would be of a manageable length… >>> More
Software tools to automatically decrypt a file, whose encryption algorithm (and/or encryption keys)

as seen on Stack Overflow - Search for 'Stack Overflow'
I have an idea for encryption that I could program fairly easily to encrypt some local text file. Given that my approach is novel, and does not use any of the industry standard encryption techniques, would I be able to test the strength of my encryption using 'cracker' apps or suchlike? Or do all… >>> More

Related posts about ssd

SSD -- Special settings for SSD as secondary drive?

as seen on Super User - Search for 'Super User'
Hello all, I recently purchased an Intel SSD (X25-V 40GB) and I want to add it to my PC as a secondary drive (not the boot/system drive) so I can install specific software to it. Now, do I need to do anything special to ensure long life and peak performance with this as a secondary drive? I have… >>> More
Internal drives vs USB-3 with external SSD or eSata with External SSD

as seen on Super User - Search for 'Super User'
I have a need to carry VMWare Virtual Machines with me for work. These are very large files (each VM is 20GB or more) and I carry around about 40 to 50 VM's to simulate different software configurations for different client needs. Key: they won't fit on the internal hard drive of my current laptop… >>> More
"Windows detected a hard drive" issue in Windows 7 x64

as seen on Super User - Search for 'Super User'
I upgraded to the OCZ-Agility3 120GB from a 60 OCZ Vertex2 SSD. I cloned the drive from the Vertex to the new Agility. Everything seemed to have gone well and have not had any problems. Recently in the passed month I have gotten this error: I downloaded teh OCZToolboxMP and ran the SMART utility… >>> More
Disable SSD in ASUS 900 running Ubuntu 9.10

as seen on Super User - Search for 'Super User'
Recently I managed to completely mess up my ASUS 900, but I have no immediate desire to upgrade since it's only my travel laptop (and I'm waiting for a few months to see if anything interesting comes out). For now, though, I've hit an interesting problem. The 4GB SSD that is soldered onto the motherboard… >>> More
NTFS journal on different (SSD) disk

as seen on Server Fault - Search for 'Server Fault'
Some advanced file systems, like ZFS have the option of using SSD disks as a second level cache for the file system or for the journal. Is this possible with NTFS? >>> More