Skip to main content
Information Security

Return to Question

added 100 characters in body
Source Link
WhiteWinterWolf
WhiteWinterWolf
  • 19.4k
  • 4
  • 63
  • 113

I have crossed such assertions a few times on this site:

One benefit of full-disk encryption is that it makes wiping the flash storage very fast.[...]

To wipe the entire drive, all you have to do is wipe the spot that stores the encryption of K (which is just one block). Once that block is gone, there is no way to decrypt the data on the drive (since K cannot be recovered), so the entire drive is as good as wiped.

However, I also saw a lot that due to wear levelling, overwriting data on a flash-based disks was not reliable: as per my understanding if I apply the procedure above the flash may just select another area and put the overwriting data there, leaving the key block K still present and readable in the chip (and the Internet is full of various cheap a relatively easy methods to directly access chip content, here is a random one which does not even require to desolder them).

In case a poor password was used to protect the disk content (like a 4 PIN code on cellphone for instance...by tying together the unlock password which aimed to be quick to type and the encryption one, Android seems to really try to enforce such weakness), wouldn't this mean that the whole disk content can still be retrieved even when this block has been "wiped"?

As a bonus, if I change a weak password to a strong one, theoretically the key block will be "overwritten" by a new block where the data encryption key will be protected by my new, stronger password.

However, isn't there any chance that the old block with the same encryption key protected by the previous weaker password will still be present and readable for an undetermined amount of time in the chip content, allowing an attacker to void completely the password change benefits?

I have crossed such assertions a few times on this site:

One benefit of full-disk encryption is that it makes wiping the flash storage very fast.[...]

To wipe the entire drive, all you have to do is wipe the spot that stores the encryption of K (which is just one block). Once that block is gone, there is no way to decrypt the data on the drive (since K cannot be recovered), so the entire drive is as good as wiped.

However, I also saw a lot that due to wear levelling, overwriting data on a flash-based disks was not reliable: as per my understanding if I apply the procedure above the flash may just select another area and put the overwriting data there, leaving the key block K still present and readable in the chip (and the Internet is full of various cheap a relatively easy methods to directly access chip content, here is a random one which does not even require to desolder them).

In case a poor password was used to protect the disk content (like a 4 PIN code on cellphone for instance...), wouldn't this mean that the whole disk content can still be retrieved even when this block has been "wiped"?

As a bonus, if I change a weak password to a strong one, theoretically the key block will be "overwritten" by a new block where the data encryption key will be protected by my new, stronger password.

However, isn't there any chance that the old block with the same encryption key protected by the previous weaker password will still be present and readable for an undetermined amount of time in the chip content, allowing an attacker to void completely the password change benefits?

I have crossed such assertions a few times on this site:

One benefit of full-disk encryption is that it makes wiping the flash storage very fast.[...]

To wipe the entire drive, all you have to do is wipe the spot that stores the encryption of K (which is just one block). Once that block is gone, there is no way to decrypt the data on the drive (since K cannot be recovered), so the entire drive is as good as wiped.

However, I also saw a lot that due to wear levelling, overwriting data on a flash-based disks was not reliable: as per my understanding if I apply the procedure above the flash may just select another area and put the overwriting data there, leaving the key block K still present and readable in the chip (and the Internet is full of various cheap a relatively easy methods to directly access chip content, here is a random one which does not even require to desolder them).

In case a poor password was used to protect the disk content (by tying together the unlock password which aimed to be quick to type and the encryption one, Android seems to really try to enforce such weakness), wouldn't this mean that the whole disk content can still be retrieved even when this block has been "wiped"?

As a bonus, if I change a weak password to a strong one, theoretically the key block will be "overwritten" by a new block where the data encryption key will be protected by my new, stronger password.

However, isn't there any chance that the old block with the same encryption key protected by the previous weaker password will still be present and readable for an undetermined amount of time in the chip content, allowing an attacker to void completely the password change benefits?

Tweeted twitter.com/StackSecurity/status/749284810225491968
added 3 characters in body
Source Link
techraf
techraf
  • 9.2k
  • 11
  • 47
  • 63

I have crossed such assertions a few timetimes on this site:

One benefit of full-disk encryption is that it makes wiping the flash storage very fast.[...]

To wipe the entire drive, all you have to do is wipe the spot that stores the encryption of K (which is just one block). Once that block is gone, there is no way to decrypt the data on the drive (since K cannot be recovered), so the entire drive is as good as wiped.

However, I also saw a lot that due to wear levelinglevelling, overwriting data on a flash-based disks was not reliable: as per my understanding if I apply the procedure above the flash may just select another area and put the overwriting data there, leaving the key block K still present and readable in the chip (and the Internet is full of various cheap a relatively easy methods to directly access chip content, here is a random one which does not even require to desolder them).

In case a poor password was used to protect the disk content (like a 4 PIN code on cellphone for instance...), wouldn't this mean that the whole disk content can still be retrieved even when this block has been "wiped"?

As a bonus, if I change a weak password to a strong one, theoricallytheoretically the key block will be "overwritten" by a new block where the data encryption key will be protected by my new, stronger password.

However, isn't there any chance that the old block with the same encryption key protected by the previous weaker password will still be present and readable for an undetermined amount of time in the chip content, allowing an attacker to void completely the password change benefits?

I have crossed such assertions a few time on this site:

One benefit of full-disk encryption is that it makes wiping the flash storage very fast.[...]

To wipe the entire drive, all you have to do is wipe the spot that stores the encryption of K (which is just one block). Once that block is gone, there is no way to decrypt the data on the drive (since K cannot be recovered), so the entire drive is as good as wiped.

However, I also saw a lot that due to wear leveling overwriting data on a flash-based disks was not reliable: as per my understanding if I apply the procedure above the flash may just select another area and put the overwriting data there, leaving the key block K still present and readable in the chip (and the Internet is full of various cheap a relatively easy methods to directly access chip content, here is a random one which does not even require to desolder them).

In case a poor password was used to protect the disk content (like a 4 PIN code on cellphone for instance...), wouldn't this mean that the whole disk content can still be retrieved even when this block has been "wiped"?

As a bonus, if I change a weak password to a strong one, theorically the key block will be "overwritten" by a new block where the data encryption key will be protected by my new, stronger password.

However, isn't there any chance that the old block with the same encryption key protected by the previous weaker password will still be present and readable for an undetermined amount of time in the chip content, allowing an attacker to void completely the password change benefits?

I have crossed such assertions a few times on this site:

One benefit of full-disk encryption is that it makes wiping the flash storage very fast.[...]

To wipe the entire drive, all you have to do is wipe the spot that stores the encryption of K (which is just one block). Once that block is gone, there is no way to decrypt the data on the drive (since K cannot be recovered), so the entire drive is as good as wiped.

However, I also saw a lot that due to wear levelling, overwriting data on a flash-based disks was not reliable: as per my understanding if I apply the procedure above the flash may just select another area and put the overwriting data there, leaving the key block K still present and readable in the chip (and the Internet is full of various cheap a relatively easy methods to directly access chip content, here is a random one which does not even require to desolder them).

In case a poor password was used to protect the disk content (like a 4 PIN code on cellphone for instance...), wouldn't this mean that the whole disk content can still be retrieved even when this block has been "wiped"?

As a bonus, if I change a weak password to a strong one, theoretically the key block will be "overwritten" by a new block where the data encryption key will be protected by my new, stronger password.

However, isn't there any chance that the old block with the same encryption key protected by the previous weaker password will still be present and readable for an undetermined amount of time in the chip content, allowing an attacker to void completely the password change benefits?

Source Link
WhiteWinterWolf
WhiteWinterWolf
  • 19.4k
  • 4
  • 63
  • 113

Is it possible to retrieve flash-based encrypted disks content (SSD, cellphones, USB sticks, ...) after password wipe/replacement?

I have crossed such assertions a few time on this site:

One benefit of full-disk encryption is that it makes wiping the flash storage very fast.[...]

To wipe the entire drive, all you have to do is wipe the spot that stores the encryption of K (which is just one block). Once that block is gone, there is no way to decrypt the data on the drive (since K cannot be recovered), so the entire drive is as good as wiped.

However, I also saw a lot that due to wear leveling overwriting data on a flash-based disks was not reliable: as per my understanding if I apply the procedure above the flash may just select another area and put the overwriting data there, leaving the key block K still present and readable in the chip (and the Internet is full of various cheap a relatively easy methods to directly access chip content, here is a random one which does not even require to desolder them).

In case a poor password was used to protect the disk content (like a 4 PIN code on cellphone for instance...), wouldn't this mean that the whole disk content can still be retrieved even when this block has been "wiped"?

As a bonus, if I change a weak password to a strong one, theorically the key block will be "overwritten" by a new block where the data encryption key will be protected by my new, stronger password.

However, isn't there any chance that the old block with the same encryption key protected by the previous weaker password will still be present and readable for an undetermined amount of time in the chip content, allowing an attacker to void completely the password change benefits?