Project

General

Profile

Feature #93

support "quick" encrypt for new media (especially flash/SSD)

Added by Jason Pyeron almost 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
01/25/2015
Due date:
% Done:

0%


Description

This mode simply applies the header and metadata, but since the container is empty, no encipherment is performed. The container is esentailly pre-filled with gibberish.

Once the OS starts to write (with a format first) it put the known data and the driver encypts only the writes and decrypts the future reads.

There is a single security risk with this approach, as the drive leaks the information about which portions have not had data written to it since the encryption was applied. This could be a risk for some usecases, but can be mitigated at any time by wiping the "free" space.

This would also require drivers to be written for OS installation.

Also available in: Atom PDF