Security implications of encrypted containers on non-encrypted SSDs (with TRIM and wear-leveling)

[phenomena-in-code]

Hi everyone,

I have read the Veracrypt documentation about TRIM and wear-leveling. After reading them, however, I am still unsure as to if I properly understand the security implications of this. I have posted in an old thread about this topic too, but I think it is dead, since I haven't gotten any response.

I think the documentation has been updated recently, but in the other thread about this topic, I have read something along the following lines: If you use an encrypted container on a non-encrypted SSD, you cannot be sure physical Veracrypt clusters won't be written (partially) to unencrypted parts of the SSD. Regardless, what is physically there is a string of encrypted characters that is mapped logically to the Veracrypt partition, and will appear as random characters , potentially in a background of 'zero characters' caused by the TRIM function.

For using encrypted containers on non-encrypted SSDs, I understand the security implications of this as follows: with wear-leveling and TRIM, (1) veracrypt clusters can be (partially) written to non-encrypted parts of an SSD, and (2) it is possible that an attacker can identify the location of veracrypt containers because of a background of zero characters. However, in both cases, the 'leak' remains limited to exposing the existence of encrypted data and does in no way involve access to the unencrypted contents of the container. Would I, for example, not care about people knowing about the existence of the container, have an extremely strong password, and not be afraid of extortion of any kind, there is no reason for me to care. The contents of the sensitive data container would remain encrypted and safe, assuming the password is strong enough and close to impossible to guess within a million years.

My aimed-at application: I am planning on putting an encrypted container on a non-encrypted SSD. The SSD drive has never had unencrypted versions of the data on it before. I am also never planning on decrypting/opening the data on the drive in question (or the associated system). It's just for long-term storage. So I think there is also no way for unencrypted data to end up in paging files or become accessible due to bad sector remapping etc.

Is my understanding explicated above correct, or do I miss certain implications of wear-leveling and TRIM and could the unencrypted contents of encrypted containers still be exposed?