Originally posted by tga.d
View Post
The only reason I encrypt SSD OS volumes at all is to narrow the target area for a keylogger attack to /boot and the BIOS, both of which are very small, plus the (obvious) hardware keylogger that pretends to be a USB adapter and gets caught. SSD's should not be used for secure data unless it is acceptable not to be able to erase the data and/or a plain mapping is used with a long interation at password-derived key generation. For the same reason, if a key must be revoked, an SSD drive volume should be remade from scratch so as to kill the usefulness of any recovered key.
For a laptop, a control to feed the full +12V to an SSD's memory cells with a combination of keys would be the best emergency kill switch.
Leave a comment: