isn't empty space encryption far more important as respects SSDs than it is as respects HDDs because of the fact that SSDs retain data even after they've been "erased"?
Well the issue here is that the TRIM command won't change the contents of a block. What it WILL do is return all zeros. And for an encrypted-free-space device, that's a problem because now it can clearly be seen as empty. Ignoring the data that's actually still in the nand cells on the device, the analyst will immediately be able to see which blocks "should contain current information". I call that a bad thing. It's not straight-forward
useful information to many, but ANY information I can get from an encrypted device counts against it. So if you want to properly erase an encrypted drive, you have to zero it, encrypted, and
never use TRIM. I suspect we'll start seeing more SSDs that have built-in support for full-disk encryption though, which will then be able to use TRIM to "zero" a block without having to burn another write-cycle or take the time required to actually change all those blocks if you're formatting.
Needless to say, we didn't stock any of these new drives.
Did anybody buy them?
I have no idea. I don't do sales, and rarely needed to come up front and help out.
