3

It appears that in many cases, there is no way (short of physical destruction) to securely delete data from an arbitrary SSD. Unfortunately, I do not know how an individual (not a business) can destroy a drive without violating HAZMAT laws.

Should I just stick with HDDs? I know I can erase those securely.

Demi
  • 799
  • 1
  • 4
  • 11
  • 2
    Full disk encryption -> throw away the key when you're done. – KDEx Feb 24 '15 at 01:01
  • There are actually a lot of posts on this under the destruction tag. Also, please read http://security.stackexchange.com/q/36721/485 – Rory Alsop Feb 24 '15 at 15:13

4 Answers4

2

Either way there are risks, but the best solution is to use full-disk encryption.

With SSD's, there is the risk of data that is left readable by technical tools in areas of the drive that have been removed from service by wear leveling.

But the same thing applies to hard disk platters, which likewise "house keep" in this fashion.

I am not aware of any physical destruction issues that would apply only to SSD's that would not also apply to modern hard disks (which have circuit boards, flash chips, etc.

It seems to me the solution is to initialize the SSD (or physical platter hard disk), out of the package, with your favorite secure full disk encryption software; and rely on the security that provides. If you want further assurance, then there are services that will reliably grind used hard drives into metal, plastic and epoxy confetti.

pacifist
  • 804
  • 4
  • 8
boggart
  • 516
  • 3
  • 5
  • Sector remapping is far less common in hard drives than in SSDs, because remapping greatly reduces performance. I've got disks from the late 1990s that still aren't reporting any reallocated sectors. (I've also got disks from the mid-1990s that probably don't, but they don't support SMART). – Mark Feb 24 '15 at 02:52
0

You can wipe a SSD if you write enough information on it. If you zero it 10 times over, you can work around the wear leveling.

If you really want to destroy the data (and probably the disk), just run (on Linux) something like this:

while true; do
  dd if=/dev/urandom of=/dev/sda bs=4M oflag=direct
done

And let it run for a day or two. No matter how good the wear leveling is, it will overwrite the data a lot of times. It probably will ruin the disk too.

ThoriumBR
  • 51,983
  • 13
  • 131
  • 149
  • 1
    If you zero the disk repeatedly, you are *statistically likely* to work around the wear leveling, but there's no guarantee. For example, if a sector has been marked as "worn out", it may still be readable, but no amount of writing will write to it. – Mark Feb 24 '15 at 02:47
  • There's no garantee, but you can be almost certain that all data was overwritten. Unless your last *valid* write on a sector was the last one the sector would allow writing before worning out. – ThoriumBR Feb 24 '15 at 12:42
0

SSD devices have a special command ATA Secure Erase that will instruct the firmware to release all data stored on every sector of the disk. According to NIST (U.S. National Institute for Standards and Technology), ATA Secure Erase is an effective and secure way to meet legal data sanitization requirements against attacks up to laboratory level.

It works different on SSD devices with and without encryption.

On devices that does not perform encryption, the controller is instructed to send a voltage spike to all sectors, resetting every block of data.

On devices that employ transparent encryption, only the key is changed. There's no way to recover the key, and even if the data is not changed, it's impossible to decrypt without the proper key.

Is possible to use hdparm on Linux to execute a Secure Erase on a SSD.

A study from Michael Wei et al describes a lot of ways to properly erase a disk, and shows that some firmware bugs and missteps can prevent the disk from being secure erased. So, a hybrid approach (Data overwriting and ATA Secure Erase) would suffice to destroy the data.

ThoriumBR
  • 51,983
  • 13
  • 131
  • 149
-2

I would not sweat it. Even a platter-based drive can be recovered because the magnetic zones are two-dimensional areas and when you "erase" the bit in the area, it just erases the center of the area.

If the data is so secretive that you feel a need to wipe the drive you are better off just destroying it with a drill. Thorium's suggestion of just randomly writing things to every bit on the drive repeatedly is valid too; just be sure to write to every single bit 5-10 times.

You can do the same thing with an SSD. Just drill a hole or two through it.

Data drives are not "hazardous materials".

Tyler Durden
  • 1,116
  • 1
  • 9
  • 18
  • Your first paragraph hasn't been true since the late 1980s. Your suggestion of drilling will only protect you against someone using data-recovery software; a professional will be able to recover everything but the areas that you actually drilled through. – Mark Feb 24 '15 at 02:49
  • @Mark LOL a "professional" huh? What are you suggesting, reading data using a magnetic force microscope, one bit at a time? Unless he is Snowden I don't think he has to worry about this. – Tyler Durden Feb 24 '15 at 03:11
  • No, I'm suggesting opening up the drive in a clean room, separating the platters, and reading them one at a time using the sort of rig that any good data-recovery company should have. – Mark Feb 24 '15 at 03:13
  • @Mark What kind of "rig"? To use a standard HDD head the entire platter has to be absolutely flat to within microns, and that will no longer be true after a drill has gone through it. – Tyler Durden Feb 24 '15 at 03:16
  • That's the point: a data recovery company won't use a standard flying head to read the platter, they'll use one that gets its vertical positioning from its actuator arm. Slower to read, but you can recover data from a damaged platter without further damaging it. – Mark Feb 24 '15 at 03:19
  • @Mark I don't know where you are getting your ideas, but I seriously doubt there is any "rig" that can be used on a drilled platter (short of a MFM). You can't use any kind of a head on a distorted platter because even a slight bend will damage the head. Once a platter is drilled, you can't predict how the platter may have been distorted. – Tyler Durden Feb 24 '15 at 03:22
  • [NIST SP-800-88 says a single overwrite pass is enough.](https://en.wikipedia.org/wiki/Data_erasure#Standards) Likewise, New Zealand's NZSIT 402 says a single overwrite pass is sufficient for data up to Confidential. Note that even Gutmann's 35-pass overwrite accounts for *many different* types of encoding (many of which are obsolete and haven't been used for like 20 years); if you know the type of encoding used, even with media for which Gutmann's algorithm is appropriate, you can select the overwrite patterns tailored for the specific encoding; there is nothing magical about 35 passes. – user Feb 24 '15 at 15:07