[cryptography] secure deletion on SSDs (Re: Asynchronous forward secrecy encryption)

Adam Back adam at cypherspace.org
Mon Sep 23 19:18:45 EDT 2013


On Mon, Sep 23, 2013 at 01:39:35PM +0100, Michael Rogers wrote:
>Apple came within a whisker of solving the problem in iOS by creating
>an 'effaceable storage' area within the flash storage, which bypasses
>block remapping and can be deleted securely. However, iOS only uses
>the effaceable storage for resetting the entire device (by deleting
>the key that encrypts the user's filesystem), not for securely
>deleting individual files.

Hmm well thats interesting no?  With the ability to securely delete a single
key you can probably use that to selectively delete files with an
appropriate key management structure.  eg without optimizing that, you could
have a table of per file keys, encrypted with the master key.  To delete a
given file you'd re-encrypt everything in the file table to a new key,
except the deleted file, and delete, then over-rewrite this "effaceable
storage" area.

Adam


More information about the cryptography mailing list