3

The reason I ask this question, is that presumably when contents on an SSD are encrypted, the unencrypted data is overwritten with its encrypted version. This study tells us that overwritten data can still be recovered.

Such being the case, if an SSD were thought to have been encrypted after having had data stored on it, would it not be possible to recover the data present prior to encryption?

If so, then wouldn't the only way to really be sure your data was safe would be to encrypt the SSD on day zero*?

*(With the advent of quantum computers, encrypted data is arguably no longer safe. Of course, currently only well funded entities have access to these machines, but in seventy or so years time, it may be the case that everybody has access to a quantum computer. If a hard drive (or any encrypted data) were kept for such a time, it could theoretically be decrypted).

Synthetic Ascension
  • 141
  • 1
  • 5
  • that study does NOT claim overwritten data can be recovered. That would mean drives can store more than their capacity. The study talks about deleted data. in fact it says it over-written data can't be recovered: "_To our knowledge (based on working closely with several government agencies), no one has ever publicly demonstrated bulk recovery of data from an HDD after such erasure_" – dandavis Jan 20 '18 at 21:12

1 Answers1

3

Self Encrypting Drives (SED)

Many SSDs offer a "Self Encrypting Drive" feature where the encryption is completely transparent to the operating system. These require that you enter your drive password via a UEFI module and it will unlock the drive. These drives are always encrypting your data, even when SED is not enabled. Enabling SED causes the drive to encrypt the Data Encryption Key (DEK) with your password, thus requiring your password to access the data on the drives. In such a case, you need not worry about the prospects of data recovery.

OS-Based FDE

In the case of operating-system based FDE (Bitlocker, LUKS, FileVault, Veracrypt, etc.) things are a little different. There, encrypting the drive does require making a copy of all of the data from the plaintext to the ciphertext. (Notably, only Bitlocker and FileVault offer in-place encryption.)

From the paper you linked:

Second, overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive.

So not all overwritten data is recoverable. After encrypting the drive, you can overwrite the slack space a few times to have a high likelihood of overwriting all of the underlying erase blocks.

That being said, encrypting the drive when new is still a best practice -- it avoids all these concerns, and ensures there's no time window where an attacker can get access to unencrypted data.

Side note on quantum computing: There is no evidence that quantum computing would allow breaking encrypted hard drives when used with a key length of 256 bits or longer. Grover's algorithm is the best known speedup for symmetric encryption, and it has the effect of halving the key length. (So a 256 bit key offers 128 bits of effectiveness against a quantum computer.) Additionally, cryptographers do not believe even well-funded adversaries currently have large scale quantum computers, but that is likely to change in the next 10-15 years.

David
  • 15,814
  • 3
  • 48
  • 73