[cryptography] secure deletion on SSDs (Re: Asynchronous forward secrecy encryption)
adam at cypherspace.org
Mon Sep 23 18:03:12 EDT 2013
(Changing the subject line to reflect topic drift).
Thats not bad (make the decryption dependant on accessibility of the entire
file) nice as a design idea. But that could be expensive in the sense that
any time any block in the file changes, you have to re-encrypt the
encryption or, more efficiently the key computed from the hash of the file.
Still you have to re-write the header any time there is a block change,
and do it atomically or log recoverably ideally. Also you have re-read and
hash the whole file to re-compute the xor sha(encrypted-file) header. Well
I guess even that is relatively fixable probably eg merkle hash of the
blocks of the file instead plus a bit of memory cacheing.
On Mon, Sep 23, 2013 at 03:00:03PM +0200, Natanael wrote:
> I made a suggestion like this elsewhere:
> Store the keys split up in several different files using Shamir's
> Secret Sharing Scheme. Encrypt each file with a different key. Encrypt
> those keys with a master key. XOR each encrypted key with the SHA256 of
> their respective encrypted files. Put those XORed keys in the headers
> of their respective files.
> If you manage to securely wipe just ~100 bits of any of the files, the
> keys are unrecoverable.
> I don't know if that can provide enough assurance of secure deletion on
> a flash memory, but it's better than nothing.
More information about the cryptography