[cryptography] secure deletion on SSDs (Re: Asynchronous forward secrecy encryption)

Adam Back adam at cypherspace.org
Mon Sep 23 18:03:12 EDT 2013

(Changing the subject line to reflect topic drift).

Thats not bad (make the decryption dependant on accessibility of the entire
file) nice as a design idea.  But that could be expensive in the sense that
any time any block in the file changes, you have to re-encrypt the
encryption or, more efficiently the key computed from the hash of the file. 
Still you have to re-write the header any time there is a block change,
and do it atomically or log recoverably ideally.  Also you have re-read and
hash the whole file to re-compute the xor sha(encrypted-file) header.  Well
I guess even that is relatively fixable probably eg merkle hash of the
blocks of the file instead plus a bit of memory cacheing.


On Mon, Sep 23, 2013 at 03:00:03PM +0200, Natanael wrote:
>   I made a suggestion like this elsewhere:
>   Store the keys split up in several different files using Shamir's
>   Secret Sharing Scheme. Encrypt each file with a different key. Encrypt
>   those keys with a master key. XOR each encrypted key with the SHA256 of
>   their respective encrypted files. Put those XORed keys in the headers
>   of their respective files.
>   If you manage to securely wipe just ~100 bits of any of the files, the
>   keys are unrecoverable.
>   I don't know if that can provide enough assurance of secure deletion on
>   a flash memory, but it's better than nothing.

More information about the cryptography mailing list