Poor man’s SSD: A cryptic twist

If you’ve suffered through this site over the years, you will recall there was a time in the previous decade when a little idea paid off big, and an ancient laptop got a nifty upgrade.

Fast-forward to this year, and again, a little crablike thinking seems to have paid off.

Let’s start at the beginning. Remember this machine? It’s humming along nicely, and with only a few shortcomings, I expect it will last quite a while into the future.

Among those shortcomings are a lack of USB2.0 ports, and nothing to interface with SD cards. For some reason Dell never swapped out the USB1.1 ports that were part of the early 8000 line for the higher-speed ports that were more common with Pentium 4 machines. Design flaw, or programmed obsolescence? You decide.

Regardless, the obvious solution is a PCMCIA-to-USB2.0 card, which costs all of about US$2 these days. They’re literally recycle store giveaways, to be honest.

Which means the two omissions — USB2.0 and an SD card reader — are related in an odd way: From PCMCIA to USB2.0, to USB-to-SD reader, to an SD card. It’s not as ungainly as it sounds, and really, I’ve done much worse in the past. At roughly US$6, something like this was well worth the price.

And with a lot of leftover SD cards lying around — mostly from the same camera I’ve owned for about seven years now — this is a good way to pick up a little extra storage space, in oddball sizes.

Now shift gears for a little bit, to a larger, grander scale. Online privacy is something that I think about a lot more these days, and I hope you do too. Knowing that most anything that’s transmitted unprotected is likely to be archived somewhere by someone for sometime has, in short, caused me to retract just about anything I kept on the web — everything to the lowliest .conf file — and either keep it locally or repost it encrypted.

A few months ago I decided the best way toward physical security for that data was to dedicate one entire machine to the prospect of data storage. Starting with the operating system, I wanted something that could encrypt without excessive entanglement, require several passwords to access, be more or less impervious to environmental issues, be self-sufficient and not need network access or frequent updates.

No, I’m not Edward Snowden. I just have a hope of protecting electronic documents, and I don’t think I’m too far from the target.

Hopefully the picture in your mind at this point is about the same as the one I had in mine. I decided to use one of my many leftover machines for the purpose, and even went so far as to purchase a small, inexpensive SSD to avoid the pitfalls of data errors or drive crashes. I installed Linux Mint 17, encrypted the entire drive, encrypted the home partition, and even password-protected grub. I turned the wireless switch off, put it in a generic black laptop sleeve and set it on a bookshelf next to a copy of Walden and a can of compressed air.

And then I got to thinking: Now I’m dependent not just on that drive, but on all the components that keep it running. Why did I lock myself into that particular computer? Just because it was available? Only the drive is important.

So I took it back down off the shelf, unscrewed the case and took out the drive, and put the drive back on the shelf between Walden and the canned air.

And then I got to thinking again: Now I have to put that drive into the computer, every time I decide to move a file on or off of there. That’s terrifically inconvenient.

So I took it back down off the shelf, took out an old USB drive enclosure, dropped it in, and started screwing it back together.

And then I got to thinking, and this was the last time: I only really need about 20Gb of space, for family photos and scanned documents. The drive is three times as big as that, and the remainder will basically go unused.

I have SD cards that are plenty big for that. And while some machines won’t boot from a card reader, almost anything after 2002 will boot from a USB port. And I have a USB-to-SD card adapter. Why couldn’t I just reinstall everything to an SD card?

It’s much more portable. It’s easier to back up. And prices on SD cards are falling. A 128Gb SD card, at the time of this writing, was only about US$60. That’s as much as the value of Vista-era computer I was using, and I spent almost as much on an SSD.

You can figure out the rest of the story. I re-ran the entire installation and encryption process on a leftover 64Gb SD card I got from a family member last year, and it works like a champ. I transferred all my sensitive files onto the SD card, put it back in its teeny-tiny plastic case, and put it on the shelf between Walden and the can of compressed air.

I’ve tried booting that same SD card on a half-dozen machines now, the fastest being a 2.4Ghz core 2 duo Penryn-based machine, and the slowest being an old, 1.6Ghz non-PAE Pentium M (a good reason to rely on 32-bit versions). Perfect performance, every time.

Great security too: Knowing the grub password might grant access to recovery mode, but doesn’t give you access to the drive, and knowing the drive password doesn’t give you access to the privileged user’s home folder. And if I encrypt anything inside there, that will be one last small measure of prevention.

And no hardware issues, since Mint is smart enough to adjust itself to the hardware of the host machine, no questions asked.

I know there are some downsides. It takes a little while longer to boot across a USB port, particularly on that Pentium M. And there’s the rumor that SD cards have limited read-write lifespans … whatever that happens to be. πŸ™„ And besides: I might start up from that card once a week at most, probably less. I’m not real concerned about lifespans right now.

But I’m satisfied at present with this arrangement. It streamlines the entire process and doesn’t lock me to one particular machine into the future. I can drop that card in my pocket, I can dd between two cards and have a duplicate in a matter of hours, I can mail it cross-country without worrying about someone intercepting it, and I can lose it without fear of anyone picking through my 2011 vacation photos. πŸ™„

So there it is: The poor man’s SSD strikes again. Perhaps I shall sit around for a little while again today, and try to dream up new uses for old ideas. πŸ˜€


4 thoughts on “Poor man’s SSD: A cryptic twist

  1. darkstarsword

    I would caution you against using a single SD card – not only do they tend to use pretty cheap flash storage (compared to a modern SSD) that is susceptible to die much sooner than expected even in ideal circumstances, they are also vulnerable to being killed much more rapidly by slightly over or under voltage card readers (I’ve heard the Raspberry Pi has been known to kill SD cards due to this). Also, even pretty good quality SSDs are susceptible to being bricked by a power failure at an unfortunate moment during a read/erase/write cycle or while remapping a block for wear levelling and the flash controller in an SD card is even more primitive then them.

    I’ve had plenty of SD cards die on me when the only thing they were being used for was in a rarely used digital camera. I also used to boot my EeePC from an SD card up until the card died on me. When a card dies you may sometimes still be able to dd some blocks off and recover some things, but if you’re using crypto and the block that died held your LUKS header, you are screwed.

    Note – I consider a partial failure to be just as severe as a catastrophic failure – many of these “dead” cards were successfully revived with a low level format available in most cameras, at least temporarily. Also, note that formatting them in Linux does not do a low level format, nor does running dd over them (which actually makes things worse since the SD card will then believe that every single block is in use and won’t be able to effectively wear level and will have to perform a read/erase/write cycle for every write from then onwards, making them slower and shortening their lifespan)! There’s a special command that has to be sent to the SD card to do a low level format, and there’s no way to do that from Linux (with the right software it could be done via the SD slot in a laptop, but it’s literally impossible if you are using a USB SD reader since there is no way to send an SD command over those).

    It’s also pretty common to get fake/counterfeit SD cards (Kingston seems to be a common target for fakes). Some of these are even manufactured in the same factories that produce the authentic ones (at night by factory workers who wants a bit more money using silicon that was rejected from quality control during the day), which can make them harder to detect. These often fail in unusual ways (I had one that would work fine for sequential writes after performing a low level format, but would quickly fail on randomly ordered writes). There are ways to identify these fakes – some have obvious errors on their label, using the wrong fonts or with slight errors on the logo, while others are harder to detect requiring the Card Identification Register (manufacturer ID, serial number, product name, date of manufacture, etc) stored on the card (Linux exports this via sysfs if you are using a direct SD interface) to be examined and compared with a known real card since the counterfeiters often don’t fill those out correctly.

    I don’t mean to frighten you, but if you are going to trust an SD card with your data, at least be sure to use a second for backup purposes.

    1. K.Mandla Post author

      Oh, absolutely. I might have made it sound like this was just a leftover card cast off from a relative, but it’s a reputable brand and I’m comfortable with the quality. I do make a point of keeping backups as well.

      Either way, thanks for the reminder. πŸ™‚

  2. Pingback: The masses have spoken: The ’41s | Motho ke motho ka botho

  3. Pingback: mnemonicode: At long last we meet | Inconsolation

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s