[cryptography] secure deletion on SSDs (Re: Asynchronous forward secrecy encryption)

Michael Rogers michael at briarproject.org
Tue Sep 24 04:36:59 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 24/09/13 00:18, Adam Back wrote:
> On Mon, Sep 23, 2013 at 01:39:35PM +0100, Michael Rogers wrote:
>> Apple came within a whisker of solving the problem in iOS by 
>> creating an 'effaceable storage' area within the flash storage, 
>> which bypasses block remapping and can be deleted securely. 
>> However, iOS only uses the effaceable storage for resetting the 
>> entire device (by deleting the key that encrypts the user's 
>> filesystem), not for securely deleting individual files.
> 
> Hmm well thats interesting no?  With the ability to securely
> delete a single key you can probably use that to selectively delete
> files with an appropriate key management structure.  eg without
> optimizing that, you could have a table of per file keys, encrypted
> with the master key.  To delete a given file you'd re-encrypt
> everything in the file table to a new key, except the deleted file,
> and delete, then over-rewrite this "effaceable storage" area.

Yes, absolutely, that's what makes it so frustrating - they already
have per-file encryption keys with user-selectable key management
policies and a hierarchy of keybags - adding a policy for efficient
secure deletion would be a small amount of work. But it's work that
would have to be done by Apple, not in userland.

Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJSQU8rAAoJEBEET9GfxSfM9FsIALdSvuPTB4b8zUa9NnVSz+bM
JdgQ9/pMB60V2/3Ebjm6zZHEZ/AmWDOQslOGCOANMa1JkbL51Hfzhd5qFllEXyeK
8T2pX6K0vKwyPWBmeASMATtiUxXgvf1NCE+TzQexmb/OEBF+Kq384tgu9Jps+H6K
ktIXFImUBnkrjpp7g4mUbJv4SOZBdBrT7kLqouSPS/UdfscZhnlPS1yT713J1GIL
nJBNjAabkaMsk77RfvasCk5NQZxUz0T/3g51Xf/eaoFij7AXK9nGJVrOAPti0WsW
hfdKlxMzsWDOpHAtHFChpkdTAH1bQEbZXW6XXOvZYuSFkK2yM1nAb/ba4+CVclk=
=ttTm
-----END PGP SIGNATURE-----


More information about the cryptography mailing list