Josh from the InfiniteAdmin blog has an interesting post about solid state disk (SSD) encryption. He raised doubts that drive encryption tools such as TrueCrypt are secure enough if applied to SSDs. Like memory sticks SSDs are flash drives that usually work with NAND technology. Therefore, these concerns also apply to USB sticks.

Do you recommend your users to encrypt their memory sticks? I hope so. Even if you don't have confidential data on your stick now, can you guarantee this also in the future? So, better make sure now that a lost thumb drive won't compromise your company.

If you are a security-conscious admin, you might have recommended unknowingly an insecure encryption method in the past. Crypto tools that are good enough for conventional magnetic drives cannot always provide the same level of security for flash drives. The problem with flash memory is that it has a relatively short lifespan. To remedy this downside the so-called wear-leveling technique is used to prolong a flash drive's service life. Please, check out my article about the lifespan of flash memory for more information.

Wear-leveling algorithms use different techniques. What is important here is that a certain piece of data is not always stored at the same location. You could say that it is this effect that reduces the wear-and-tear of memory cells. The point now is that if you encrypt data on flash memory, you can't be sure that all cells that contain data in the clear are really wiped out because the operating system is not aware of all locations where data has been stored before.

Subscribe to 4sysops newsletter!

A solution to this problem is not to store cleartext on a flash drive in the first place. If you want to work with full disk encryption, you should encrypt the memory stick before you store any confidential data on it. An even better way is to encrypt data on your hard disk first. An advantage is that the encryption process is faster. If you use TrueCrypt for example, you can create an encrypted volume first, and then copy this file which contains all your encrypted files to your USB stick. This also allows you to backup the flash drive easily.

2 Comments
  1. jhon 15 years ago

    i think it,s a great post.

  2. NonAdminNeedNotApply 13 years ago

    Good advice!

    Truecrypt isn’t particularly good – if you’re running it from a USB drive, it won’t even start up(!) unless you have administrator rights.

    FreeOTFE and FreeOTFE Explorer (http://www.FreeOTFE.org/) are much better

Leave a reply

Please enclose code in pre tags

Your email address will not be published.

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account