Security implications when setting the discard option in /etc/crypttab

Question

Setting the discard option in /etc/crypttab has security implications.

Allow discard requests to be passed through the encrypted block device. 
This improves performance on SSD storage but has security implications.

Q: What are the security implications if this option is set?

score 4 · Accepted Answer · answered Sep 27 '14 at 22:02

4

A discard request, aka "TRIM", puts part of a solid-state drive into an "unused, ready to write" state. An attacker can use this to figure out which parts of the drive are empty, something they couldn't figure out if those sections contained encrypted empty space.

answered Sep 27 '14 at 22:02

Mark

34,646
9
87
137

1

That can be used for example to determine what filesystem is used on the drive. See here for a detailed explanation about it. – Sep 28 '14 at 19:36

Security implications when setting the discard option in /etc/crypttab

1 Answers1