I'm constantly amazed at the waste that happens when people decide they are going to destroy an old (serviceable) hard drive because they want to protect their old data on it.
I don't see a need in 99% of cases, when there are perfectly good ways to permanently delete the data and make it unrecoverable, albeit taking a longer time. No doubt I'll get shot to bits for this with various edge cases where it's important that the data is not recoverable, but the environmental cost of people destroying perfectly good drives because they want to upgrade and think that drilling or thermite is the way forward needs to be taken into account. Yes, it's quick to do the drilling, but is it really necessary when a free piece of software will render the same drive usable but without any real chance of access to the data that's on there?
We live in an increasingly throwaway society, but I'm certain that we will be viewed with true disgust by future generations when they see how knowingly profligate we have been with the resources we had access to.
Unless you're dealing with top-secret material, losing the encryption key is the best way
Or just dd around 5x - 50x (or more if you're paranoid) its size to the disk - if you want to further reuse it. No, you won't have a meaningful amount of data remaining on the disk and extracting it requires special software/hardware. Unless you're dealing with data that makes the disk price irrelevant, you can follow this procedure.
But if you're in the mood for vulgar displays of power, microwave the board or use a Tesla coil
A bitcoin wallet is not top-secret material and I don't trust myself not to fuck up overwriting the entire disk. I'd rather just take an angle grinder to it and not worry about it.
For the everyday coins (which I never use), my phone. For the savings (which I don't have), hardware wallet. The Ledger Nano S is great, I have one, but the HW1 is also very good and very very cheap.
If your btc wallet is left unencrypted in your hard drive, either spinning or ssd, you have bigger problems than someone rummaging for your used hardware
dd 1x-2x is enough in most use cases. most people don't have the time to go rummaging through random hard drive to recover what is mostly garbage. there might be a gem in there, but it's a straw in a haystack.
People have stranger hobbies. I can certainly see the appeal of buying used hard drives just to see what you can recover; part technical challenge, part voyeurism, and part schadenfreude.
Back in ~2008 someone ran what they called "the great zero challenge" promising a prize to anyone who could recover data from a (60GB mechanical) hard drive after dd had overwritten the drive with zeros once.
The prize wasn't large, but the challenge got pretty good coverage on tech news sites, so it would have been good PR for any data recovery company.
Nobody accepted the challenge. I think recovering such data is impossible, and I'd be fascinated to be proven wrong - if you know anyone who could do so?
Disc drives are consumable items. They only last 5 years. They're so fragile we treat them as if they're going to fail at any time - we have multiple backups in many places.
We shouldn't be encouraging people to use them for as long as possible, we should be encouraging better recycling.
I agree about other electronics though - the constant upgrade cycle is very damaging to the environment.
If your uptime doesn't matter and you keep good backups, I don't see why you shouldn't run it 'til it won't, and then recycle it. All my shit's more than 5 years old. Some of it is nearing 20. I guess there's an argument to me made about saving power with newer technology, but I don't want to spend the money to upgrade and I'm not sure which recycling companies recycle properly vs shipping everything out to be stripped down by children with hammers and coal fires.
First:
1) use encryption from day one. As long as you can be assured the encryption never failed (somehow repartitioning and writing bare data to the drive), it is a viable option to treat the drive as non-sensitive, depending on what it was used for.
Then:
2) use ATA secure erase to wipe it. This command, if you believe it was implemented correctly, should wipe the entire drive, including reserved space.
Then:
3a) re-use or re-sell the drives, if you're in a moderate security environment and all of the above have executed correctly. (or send back to a manufacturer if failed in moderate ways which still allow ata secure erase to execute...or if you really trust the disk encryption and it wasn't used for anything sensitive)
or
3b) If the security steps above have failed, or if you've screwed up somehow, or if the drive was used in a policy environment which requires or, or if it was used for the most sensitive of data and you need to convince outsiders of security, or if there's any chance the host the drive was attached to was hacked while in operation (in which case the drive security may have been defeated with new formatting or new firmware), physically destroy the drives in rotary disintegrator. You want to do the above even if you plan to shred them because it reduces security risks and requirements while in transit.
Step 1.5: Use something that overwrites everything, for good measure. I'd say this is more important than #1, since encryption is more likely to fail than overwriting (I once discovered that my encrypted volume had actually been set up as unencrypted, and I wasn't encrypting the things I thought I was).
Yep, write random data to the entire drive before doing the secure erase. That way, even if the secure erase implementation is completely broken, at least the remaining data should be limited to the spare area of the drive.
For SSDs, it's easier to ensure that the drive you're buying implements encryption at the controller level because then the secure erase option happens nearly instantaneously. Just look for AES-256 in the drive specs. It happens so quickly because all it does is overwrite the encryption key on the controller as opposed to waiting hours for the standard secure erase procedure to complete. At that point all the data is useless.
Can someone explain to me how doing a low-level write of all zeroes to the disk is not effective, but rewriting the data in encrypted form is effective?
Let's say I have a 100Gb SSD disc and it contains 25Gb of files. If I read in my unencrypted files, encrypt them and write them back to the SSD, they won't necessarily end up in the same physical place as the unencrypted files. Won't the unencrypted files still be there, in unreferenced sectors (do SSD's have sectors?).
I would imagine that writing all zeroes at a low level would do a better job of removing data that is already there.
The encryption relies on you using (and trusting) the drive's built in encryption function.
Most SSDs with built in encryption don't directly encrypt the data with your password - they encrypt the data with a random password, then encrypt that random password with your password. They do this so you can change your password without having to re-encrypt all the data on the disk (which would be slow, and could cause data loss if there was a failure during the re-encrypt process).
Even when you haven't set a password set on your drive, most SSDs encrypt all the data on the actual flash chips (including reserved space, unused space and spare/reallocated sectors) and just store the random password is unencrypted on the same drive. By activating the on-drive encryption, the random password gets encrypted - making your data unrecoverable.
Of course, on-drive SSD encryption is all unauditable closed source stuff. And the cops have complained much more about iPhone encryption than SSD encryption. Make of that what you will.
My naive understanding is that SSDs have portions of memory that go bad. They then use other, reserved portions of memory. As a result, not all of the memory is exposed for access to the host OS, only the on-drive controller sees the full picture. As a result, you may (at this time) believe youve taken a certsin action, but the reality is that the controller has likely not done what you expect. This is how you may think you've erased everything, but in reality, have not.
The idea is to always use your drive with encryption from the start, so that no "plaintext" data is ever written, ever. When your physical garbage collection happens, rekey or reformat.
Depending on the drive, this is pretty easy. TCG OPAL drives are required to write encrypted data to the media 100% of the time. Seems that you can rekey the drive easily:
An SSD, like a SD card is actually a computer that accesses a large amount of unreliable storage and presents it as a smaller amount of reliable storage.
It is impossible to reason about the way the storage actually works because it is completely invisible.
If you write a large amount of zeroes, the disk may well only write one sector of zeroes and use some index to show it all over the disk. You'll never know.
If there is a bug in the firmware or someone uploads a different firmware to the controller, it might be possible to retrieve the data you thought was overwritten.
The only way to be sure that the data cannot be retrieved is by encrypting it with a key that is stored in a place where it can be removed.
Building on what LogicX said... SSDs have a translation layer that converts the logical read/writes to the physical flash storage. So, low-level writes (from the OS's perspective) won't necessarily line up with what is physically written. I think that in theory if you wrote 5-10X the size of the drive, you might be able to write zeros to each of the flash pages, but I don't think you'd be able to confirm that.
Thermite sounds a bit excessive for a typical home or office. How about baking in an oven or roasting on a grill? Is modern flash memory fragile enough to be destroyed irreversibly at 230C/450F?
They have to be rated to survive those temperatures for short periods of time during reflow soldering.
Apparently flash memory is rated to last a minimum of 10 hours baking at 125c, or 360 hours at 85c. The decay is exponential, so in theory 30-60min at 230c should do a lot more damage.
But I'm not sure you should rely on it, that 10 hours @ 125c number is for when the bit-errors exceed the capabilities of the ECC. The data will be partially recoverable for much longer. Or you might have some flash which does a lot better than the minimum spec.
How about microwave? Powerful charges at every exposed terminal looks like a nice way to fry some chips. Maybe submerge the whole PCB in a bowl of salt water to prevent sparks flying everywhere...
Well arguably yes. Currently there have been a few cases where judges decided to hold a defendant in contempt of court indefinitely because they claimed to not remember their encryption keys. At least in one of the cases the burden of proof might as well just be if the judge has a hunch.
It's one thing to demand that someone turns over their password but currently AFAIK there's no rigorous proof that the data in question is even encrypted or that the defendant had decrypted it in the past beyond "it was on his computer".
I feel stupid now. I can't be the only one who used shred on a journaled FS without giving it some thought.
It goes against unix philosophy of a simple tool that only does what it is supposed to do, but some warning from shred that you are using it on FS on which it can't be trusted would be nice.
> Physically destroying the SSD by shredding it into small particles is the absolutely safest, most foolproof method for safe and secure disposal.
A blender is just a homebrew variant, the important part is
> make sure the shred size is small enough to actually destroy the memory chips on your SSD, however. The shred width should be 1/2 inch or less if you want to make sure the chips get properly mashed up.
which a blender doesn't exactly guarantee so you can't use it for "mass" destruction as you'll have to inspect the results and possibly re-blend it until you've ensured sub-half-inch pieces.
Blending (specifically in a dedicated blender jar, not one you ever use for food) is the best way to destroy SD cards I've found, and apparently a major fruit company has done this in the past.
It's also a solid excuse to buy a blendtec 800 with sound enclosure for the office -- way quieter than any shredder. And good for making drinks.
Pertaining to this, here are some basic questions I had a hard time finding straightforward answers to, when I last considered built-in SSD encryption a couple of years ago.
- Are the AES keys unique per device?
- Any guarantee that the manufacturer is not keeping a record of serial numbers / AES keys going out the door? (Assuming sealed manufacturer packaging and trust in same when buying.)
- There are some instructions for resetting an AES key after installation. How do I reset an SSD's AES key before installation? Can and how do I use the manufacturer's utility or other means to do so when it is e.g. plugged into an extant system via USB?
- Exact descriptions of how the firmware interacts with BIOS (or UFI, I suppose).
At the moment, I'm trusting to whole-disk software encryption. Not that I have anything particularly concerning to hide (less than most, probably). I considered using the SSD firmware encryption, but I wore out on chasing down such details. Maybe things have improved in this regard, in the meantime, but a few years ago, I didn't manage to chase down clear descriptions and instructions for these things.
writing random data on it, rather than zeroing it out, will avoid block de-duplication and successfully completely fill it up.
Here is a tool written for exactly that (although not intended for securely erasing a drive, it will have that effect too): https://github.com/rentzsch/stressdrive
Do modern SSDs not contain slack space for garbage collection? How can you guarantee that that also gets cleared out aside from "fill the drive with more data than it will fit and pray"
Excuse my ignorance, but couldn't a cell that had exceeded its write limit be cycled out for a spare, thus permanently storing a portion of your data in a way unaccessible to any further writes, random-filled or not?
> Without having the passphrase or encryption key to recover from, any data on that drive is useless to anyone that finds it.
Isn't it widely suspected the TLA's have backdoors to the encryption used SSD makers? eg depending on who you're wanting to keep things private from, using any built in SSD encryption might not be the right approach.
Ha! I've been trashing HDD's and USB sticks using old microwave ovens for decennia now.
It's so simple. Remove the cover, place the ssd in the middle of the oven and blast your data. Ultra cheap, ultra secure.
( But do take personal security precautions )
hdds act as a big metal faraday cage, and the actual magnetic media will probably survive.
USB sticks the actual flash memory chips have input protection diodes and are quite physically small (limiting the voltage across them), so again I wouldn't be surprised if they survived.
Yes, that's why I wrote that you need to remove the _cover_.
Regarding flash memory chips the real worry is to not blast them for too much time, not if the data is purged.
It says encrypting it and throwing the key away is going to make data unrecoverable.
While thats true for now, what happens when tech reaches the point that current encrypted items can be done within milliseconds?
So yes while encrypting it will make it so that the person that wants to extract information out of it can't do it with the current tech, but whenever a breakthrough on that field will happen then that person will be able to decrypt the SSD.
There are several more-or-even-more nasty chemicals that will damage PCBs to various extents. But none of those methods should be undertaken without using either a supplied air full-face mask or a proper fume hood, and all of them leave you with the problem of safely disposing of nasty chemicals at the end. Mechanical destruction is cheaper and safer.
I'm not joking! Full sugar soda is cheap and readily available, it's acidic and it does appear to damage the electronics. In theory at least the sugar should also gum up the innards of HDDs.
TRIM does not guarantee to delete data, it just tells the SSD that it isn't needed anymore (and thus can be deleted or overwritten whenever the SSD wants).
I don't see a need in 99% of cases, when there are perfectly good ways to permanently delete the data and make it unrecoverable, albeit taking a longer time. No doubt I'll get shot to bits for this with various edge cases where it's important that the data is not recoverable, but the environmental cost of people destroying perfectly good drives because they want to upgrade and think that drilling or thermite is the way forward needs to be taken into account. Yes, it's quick to do the drilling, but is it really necessary when a free piece of software will render the same drive usable but without any real chance of access to the data that's on there?
We live in an increasingly throwaway society, but I'm certain that we will be viewed with true disgust by future generations when they see how knowingly profligate we have been with the resources we had access to.