SSD Drives VS 7200 rpm drives

[meilicke]

How about dual drives in your Macbook Pro?

One SSD for speed, one disk for capacity
http://philikon.wordpress.com/2008/12/10/two-hard-drives-in-a-macbook-pro/

Striped SSDs
http://echeng.com/journal/2008/09/28/striped-ocz-120gb-ssds-raid-0-in-a-macbook-pro/

 

[Guy Mancuso]

Don't tempt me. LOL

 

[ChrisDauer]

Just an FYI:
http://arstechnica.com/news/2009/02/sector-remap-fragmentation-slowing-intel-x25-m-ssds.ars

 

[Oxide Blu]

Thanks for the link, Chris.


Sector remap fragmentation slowing Intel X25-M SSDs

Intel's celebrated X25-M SSD may have just lost some of its luster. A new review indicates Intel's subsector wear-levelling actually causes massive fragmentation problems which are nearly impossible to fix. SSD advocates with persecution complexes, please report to the comments thread.

It's that wear-leveling scheme that is the security vulnerability with any flash memory device.

 

[Guy Mancuso]

Maybe every once in awhile you can clone off to a external than reformat the SSD and than reload. Does that sound like a solution. Actually very easy to do, just takes about two hours

 

[LJL]

I was thinking that a better solution might be to completely erase the SSD, using a zero write to "clean" all the registry and any lingering fragmented data. While taking a bit of time to do that, it may be worth trying on occasion after cloning stuff or backing things up. Intel claims that they cannot reproduce the results. However, they also go on to comment that the testing may be unrealistic use compared to how folks would normally "stress" these SSDs. That sounded like B.S. to gain some wiggle room until they can develop a better explanation and possible fix.

LJ

 

[Oxide Blu]

You have competing ideas. Wear-leveling is technology that spreads around where data is written. It appears as if tossing around data into cells at random. This is done to prevent the same area of memory from being constantly written to. The cells of solid state memory, unlike a hard disk, can only sustain so many write functions before those cells crap out. By randomly spreading around where data is written you can get more miles overall from a collection of solid state memory cells, longer product life. So even if you wipe a SSD and re-write the data back to it, you get data that is still scrambled and spread around in memory.

Now, the SSD must keep track of where the wear-leveling scheme wrote data, what cells are in use and what cells are available for writing to in the future. For simplicity, think of it as a look-up table. That LUT is external to the solid state memory cells. To corrupt a SSD you need only corrupt the LUT. Likewise, to "crack" a secured SSD, you need only monitor the way the LUT is managed to determine how the memory cells are being managed. This is why SSD security is a point of interest to folks wanting to protect data. They have a new set of issues to deal with that did not exist with HDDs.

 

[Jack]

Why not a hybrid drive? IOW say a 32 Gig SSD coupled to a 1TB spinner -- the 32 G like a really big uber-speed buffer, the spinner for mass storage. Seems to me it would work, solve the issue above and provide the best of both worlds...

 

[meilicke]

Big array manufacturers (Sun with their 7400 line, and EMC) are doing just that Jack. I bet the drive manufactures will come out with something like what you are suggesting. Just a matter of time.

 

[Bob]

Really-really big array vendors also do that with gobs (1 TB or more) of battery backed up ram and a write-back algorithm that works on a least-recently-written basis.
As the stuff gets smaller and volume potential increases, it just continues to trickle down. SSD in big systems still has a lifetime issue for high-utilization buffers.

 

[ChrisDauer]

Say hello to Cray super computers. ;-)

 

[LizaWitz]

And unfortunately, the only one that's SATA 2, the X25E, is only 32 Gigs. (And never mind it also costs $350!) The X25M's are SATA 1

This is in error. The X25M and X18M are both SATA 2, and can transfer at up to 3 Gbps (Though drive performance is 250MB read and 70MB write max).
http://download.intel.com/design/flash/nand/mainstream/mainstream-sata-ssd-datasheet.pdf

Its quite possible the X25E writes are much faster, but they're out of my pricepoint so I haven't looked at them.

Hi Jack
do you know which 256Gb SSD Apple are currently offering on the new 17"mbp?

Apple uses (based on reports from last fall) Samsung MLC models.

This one also seems very fast but is MLC
http://www.newegg.com/Product/Product.aspx?Item=N82E16820161317

Looking at the generic MLC drives out there -- and I did a lot before buying the Intel-- I found a couple problems-- many of them reported performance that wasn't realistic, and many of them used a particular controller chip that was prone to fail after a couple months. They also use the same or similar internals and sell them under a variety of brand names, and sometimes one brand would use one internals and then change internals without changing model number or marketing brand.

Intel's drives are engineered by intel, have a safety margin, and are high performance, and are pretty reliable. They're also more expensive but not too expensive-- so just right for me.

The controller chip issue though was a real scare point for the generics- loss of that chip meant loss of your data, without a lot of expense going in and getting the data out.

Ok, good choice, now how do you secure that SSD? I'm using TrueCrypt for all of my HDD data,
I'm guessing somewhere embedded in a SSD is an external library of what cells to write to, which ones not to write to, which ones are in use. Therein is the security vulnerability of SSDs

Where's the vulnerability? IF the data is encrypted, then a map of which cells are in use is only a map to encrypted data.

 

[LizaWitz]

Just an FYI:
http://arstechnica.com/news/2009/02/sector-remap-fragmentation-slowing-intel-x25-m-ssds.ars

Frankly, arstechnica is a disreputable site. One of the downsides of the way the internet has developed is that a site like that gets more authority attached to it than a random person posting on a forum, even though I am more conversant in the technologies in question than anyone who works for that site (and I've seen a lot of totally made up BS on that site over the years.) On the internet, its easy to post an article making a claim, and before anyone has a chance to refute it, it spreads to a hundred or so blogs and becomes "truth" in the mind of readers.

Anyway, their claim hasn't been backed up, intel wasn't able to reproduce it, and the issue certainly hasn't affected me, and I do move a lot of video data around.

Likewise, to "crack" a secured SSD, you need only monitor the way the LUT is managed to determine how the memory cells are being managed. This is why SSD security is a point of interest to folks wanting to protect data. They have a new set of issues to deal with that did not exist with HDDs.

Maybe you're assuming the drive is doing the actual encryption? I don't see how a writing pattern will allow one to break encryption. I'm not saying its not possible, but I think you might be assuming a different encryption scheme than I am.

For FileVault under leopard, the virtual drive is made up of hundreds of 8MB files that are written out and updated as data in the partition changes. These may be spread all over the drive, and maybe some of them are written more than others. By watching that pattern, a cracker could find the data that changes most often, but that wouldn't give you a clue to the key.

Could you explain how this compromise works?

 

[Oxide Blu]

...Where's the vulnerability? IF the data is encrypted, then a map of which cells are in use is only a map to encrypted data.

Think of it as putting your valuables into a safe. Cracking the safe is one issue, but first you have to find it. Obscuring the safe is part of the security scheme.

Wear-Leveling

Some storage devices (e.g., some USB flash drives) and some file systems utilize so-called wear-leveling mechanisms to extend the lifetime of the storage device or medium. These mechanisms ensure that even if an application repeatedly writes data to the same logical sector, the data is distributed evenly across the medium (logical sectors are remapped to different physical sectors). Therefore, multiple "versions" of a single sector may be available to an attacker. This may have various security implications. For instance, when you change a volume password/keyfile(s), the volume header is, under normal conditions, overwritten with a re-encrypted version of the header. However, when the volume resides on a device that utilizes a wear-leveling mechanism, TrueCrypt cannot ensure that the older header is really overwritten. If an adversary found the old volume header (which was to be overwritten) on the device, he could use it to mount the volume using an old compromised password (and/or using compromised keyfiles that were necessary to mount the volume before the volume header was re-encrypted). Due to security reasons, we recommend that TrueCrypt volumes are not created on devices (or in file systems) that utilize a wear-leveling mechanism. If you decide not to follow this recommendation and you intend to use system encryption when the system drive utilizes wear-leveling mechanisms, make sure the system partition/drive does not contain any sensitive data before you fully encrypt it (TrueCrypt cannot reliably perform secure in-place encryption of existing data on such a drive; however, after the system partition/drive has been fully encrypted, any new data that will be saved to it will be reliably encrypted on the fly). To find out whether a device utilizes a wear-leveling mechanism, please refer to documentation supplied with the device or contact the vendor/manufacturer.

http://www.truecrypt.org/

 

[DougDolde]

Guy,
. I use a LaCie rugged 500GB firewire 800 drive for storage and cache of photos on the road.
-Brad

Does the LaCie drive need the extra USB power cord on your MacBook Pro or is the basic USB 2.0 port power sufficient to run it?

 

[Oxide Blu]

Does the LaCie drive need the extra USB power cord on your MacBook Pro or is the basic USB 2.0 port power sufficient to run it?

Does not answer your question but I've noticed external drives that use a laptop sized HDD are powered by the USB port, external drives that use the larger PC tower size HDDs depend on an external power supply.

 

[LizaWitz]

For instance, when you change a volume password/keyfile(s), the volume header is, under normal conditions, overwritten with a re-encrypted version of the header. However, when the volume resides on a device that utilizes a wear-leveling mechanism, TrueCrypt cannot ensure that the older header is really overwritten. If an adversary found the old volume header (which was to be overwritten) on the device, he could use it to mount the volume using an old compromised password (and/or using compromised keyfiles that were necessary to mount the volume before the volume header was re-encrypted).

Whoops, that's a hole in truecrypt, and good to know about. To exploit it, you would have had to have a keyfile that was stored in the clear (which it sounds like is part of the password changing process in truecrypt) or have had a previous password compromised.

I'm glad they are paranoid and honest enough to talk about that. Seems the issue is part of the fact that truecrypt is an application rather than built into the os. I believe the way Mac OS X handles this and filevault means this isn't an issue for mac users. There's no unencrypted keyfile on the disk ever, even if you change a volumes password... and a compromised password wouldn't be sufficient to read data because the key would have changed.

At any rate, the easiest way to breach any of these security schemes is to hit the person who knows the password upside the head with a wrench (or something else painful) until they give you the password.

 

[Oxide Blu]

At any rate, the easiest way to breach any of these security schemes is to hit the person who knows the password upside the head with a wrench (or something else painful) until they give you the password.

That is why TrueCrypt was designed with plausible deniability; an invisible encrypted volume within an invisible encrypted volume; unrelated, separate passwords. Specifically designed for the senario you mentioned.

Nothing about TrueCrypt ever acknowledges there is even a TrueCrypt volume on the drive, unless/until you enter a valid password. There is no way anyone can look at a HDD and know whether or not there is a TrueCrypt volume on it.

 

[ChrisDauer]

For those of us looking for speed:

http://www.youtube.com/watch?v=96dWOEa4Djs&fmt=22&annotation_id=annotation_196657&feature=iv

At about 1:40 or so; the speed tests start and that's when things get interesting.

 

[DougDolde]

Sanddisk has a new line of SSDs coming out up to 240 GB ($499 msrp). I read that they are equivalent in speed to a 40,000 rpm spinning disk type drive.

I am going to hold off on drives for my new Mac Pro until I can get these. Likely higher capacities will be forthcoming as well. A striped pair of these would be the bees knees for a boot drive. Then there is the option of using them for data as well. Ultra reliable, supposedly with something like 100 year MTBF.

http://gizmodo.com/5126848/sandisks-g3-ssds-deliver-40000-rpm-speeds-without-breaking-the-bank