SoylentNews is people
SoylentNews
How do you destroy an SSD?
First, let's focus on some "dont's." These are tried and true methods used to make sure that your data is unrecoverable from spinning hard disk drives. But these don't carry over to the SSD world.
Degaussing – applying a very strong magnet – has been an accepted method for erasing data off of magnetic media like spinning hard drives for decades. But it doesn't work on SSDs. SSDs don't store data magnetically, so applying a strong magnetic field won't do anything.
Spinning hard drives are also susceptible to physical damage, so some folks take a hammer and nail or even a drill to the hard drive and pound holes through the top. That's an almost surefire way to make sure your data won't be read by anyone else. But inside an SSD chassis that looks like a 2.5-inch hard disk drive is actually just a series of memory chips. Drilling holes into the case may not do much, or may only damage a few of the chips. So that's off the table too.
Erasing free space or reformatting a drive by rewriting it zeroes is an effective way to clear data off on a hard drive, but not so much on an SSD. In fact, in a recent update to its Mac Disk Utility, Apple removed the secure erase feature altogether because they say it isn't necessary. So what's the best way to make sure your data is unrecoverable?
(Score: 5, Informative) by julian on Friday March 17 2017, @06:07AM (12 children)
Use full disk encryption, preferably with Linux, and use a good passphrase (dozens of characters, alphanumeric and punctuations). Never put anything sensitive on it before full disk encryption has been applied. Then do whatever you want with the drive afterward, data won't be recoverable. Throw it in a bonfire if you're really paranoid or don't want it anymore.
That's it.
(Score: 0) by Anonymous Coward on Friday March 17 2017, @07:06AM (7 children)
I want to get rid of it anyway. Encrypt it, fill it full of anything and/or nothing, and lose the encryption key. That could be the first step, as well as the last step. Encrypt, fill with data, reformat, encrypt, fill with data, reformat, encrypt, fill with data. What are the flaws? You can repeat these steps as many times as you wish - two, twenty, or two hundred times.
(Score: 4, Informative) by Immerman on Friday March 17 2017, @08:10AM (5 children)
The flaw is if you didn't encrypt *before* writing the sensitive data in the first place.
Because, as the most-extreme example, it's possible that that sensitive data was written to an about-to-fail cell, which was subsequently retired by the wear-leveling algorithm and completely removed from use. At that point it becomes completely impossible to access or change the data in it through any normal means - rewrite the drive a million times, and that cell will still never be touched. But desolder the chip and stick it in a chip reader, and whatever was written to it last will still be there.
(Score: 0) by Anonymous Coward on Friday March 17 2017, @09:29AM (3 children)
All modern SSD's are encrypted by default, with a unique key that is automatically applied at boot (unless you apply a secure passphrase in the BIOS, which actually changes the encryption key). This is to prevent wear on the cells when the drives are re-formatted. "Formatting" a modern SSD seems instantaneous because the process really just changes the encryption key to something unknown.
So grandparent is sort of correct, but you would need an OS-level format of the drive as well to change the original key.
(Score: 2) by Immerman on Friday March 17 2017, @03:14PM (2 children)
Are you sure? I've found precious little documentation about the subject, and it would be good to know.
On the general subject, it's also worth noting that the ultimate security of "erasing" in this manner is entirely dependent on
1) the drives flawless implementation of a flawless encryption algorithm
2) the use of a secure password (in the case of the default master password truly random, high-entropy, and unknown to anyone else?)
Even with the encryption, if I were being just a tiny bit paranoid I'd still overwrite the drive with random noise a couple times to try to truly wipe out the sensitive data instead of just relying on the security of the encryption (not zeros, which might actually overwrite only a single cell if the firmware does de-duplication). Just on general principle. SSDs are fast, and it's not like a couple of extra writes is going to wear out the cells significantly.
If I were a lot paranoid, I'd pulverize or incinerate the drive. There's just no way to get the same level of confidence in the security of an SSD wipe that you get from writing a few passes of random noise to a HDD.
(Score: 0) by Anonymous Coward on Friday March 17 2017, @04:27PM (1 child)
See https://en.wikipedia.org/wiki/Parallel_ATA#HDD_passwords_and_security [wikipedia.org] and https://en.wikipedia.org/wiki/Write_amplification#Secure_erase [wikipedia.org]
(Score: 2) by Immerman on Friday March 17 2017, @06:25PM
That says how things *can* work, but from what little I've read it sounded like a great many drives don't actually implement them properly.
(Score: 2) by darkfeline on Friday March 17 2017, @06:20PM
Sensitive data should never be stored or transmitted unencrypted anyway.
Join the SDF Public Access UNIX System today!
(Score: 2) by Immerman on Friday March 17 2017, @03:27PM
Realized I forgot to address an important point:
>Encrypt, fill with data, reformat, encrypt, fill with data....
Encrypting during the attempt to overwrite is completely pointless - you're encrypting random noise to get...other random noise, which you then write to disk. The added layer of "randomness" from encryption contributes nothing to the process. You do want to use random noise rather than zeros though, just in case the firmware does any de-duplication, which could cause a "full disk" zero-wipe to actually only overwrite write a few cells)
Though... if you're using the integrated disk encryption, I suppose repeated re-encryption with different keys could make the original internally stored keys more difficult to recover, essentially performing a multi-pass wipe of the key store. You wouldn't need to write any data, just encrypt/"eerase"/encrypt/"erase", since you're only targetting the key store with this part. But that might be total overkill - you'd *hope* that the drive would internally make $#@! sure that key was *gone* the first time you told it to get rid of it.
(Score: 2) by VLM on Friday March 17 2017, @11:59AM
I have a data center buddy who says this is SOP for them because if the NSA/CIA/KGB can freely decrypt AES or whatever they use, then the IT world has a bigger problem than one little boutique data center. If there's no way the key can be on the disk, you can just torrent upload the encrypted FS without the key and nothing will happen. Key mgmt is a PITA. No, everything isn't encrypted with "Password1"
In the modern world its all NAS virtual disks so speed is "infinite" because of striping and replicating and throwing money at the problem so the mapping isn't as simple as the old days of one drive/one computer. This depends on data safety issues, theres not much I can do with a 1/16th strip of someone's copy of /bin/ls thats full disk encrypted anyway, but if I had 1/16th of the credit card numbers in some database I could have a real good time if there's more than 16 or so CC in the database...
This also fits in well with virtual images, oh FDE costs you 10% more CPU so what you turn the dial on CPU allocation and now you got 10% more so STFU about IO bandwidth.
I have no idea where this lives on the spectrum of "good enough for hello world" and top of the line PCI/DSS and surely he wouldn't tell me if I asked anyway so I'm not going to bother.
WRT device destruction I've heard weird stories from people about thermite is too messy and steam explosions are dangerous and scatter undamaged parts so thats purely tactical in the field and professionals use recycling grinders that turn chips and a lot of kilowatt hours into what amounts to dust, or plasma cutters that turn chips and a lot of kilowatt hours into vapor. Plasma cutter operators are already quite used to good ventilation, I remember some saying about you only cut galvanized steel one time without good ventilation as the flu-like zinc poisoning symptoms are quite memorable and RoHS means essentially all SSD are lead-free.
(Score: 2) by Justin Case on Friday March 17 2017, @04:18PM (1 child)
I can't believe all the uninformed speculation on this topic when we already have The Correct Answer right here.
Full Disk Encryption before writing any data! Strong passphrase! Done.
I recently had to return an SSD to my employer. Since I use a password safe, even I did not know the pass phrase. Once I deleted it from the safe, the entire SSD was rendered unreadable, even by me.
My employer didn't mind at all, because I was following their rules.
(Score: 2) by Hyperturtle on Friday March 17 2017, @06:23PM
This advice doesnt help me when I already have drives to ensure safe disposal of.
Worst yet, the drives are not mine, and I was not there to repeat your advice when they bought them 5 years ago. I am now supposed to eliminate the risks involved in their disposal, though.
Your advice is, unfortunately, not useful. An ounce of prevention is worth a pound of cure; your preventative measures aren't going to cure anything when a cure is required.
It's like sex-- the baby we have now won't go away if we use a condom later. That process will just break and give us more babies that will grow into real problems over time...
(I would have said it was like IT security, but the port openings and negotiating with the app owner regarding administrative permissions are a lot less fun when not involving a social networking opportunity and instead involves a network firewall.)
(Score: 2) by DeathMonkey on Friday March 17 2017, @05:44PM
Use full disk encryption...
Zero the drive first. Then, encrypt the crap out of it. Put a sticker on it: Property of Ed S.
Man-years later: Congrats, you just trolled the crap out of the NSA!