[koliber]

Can someone explain to me how doing a low-level write of all zeroes to the disk is not effective, but rewriting the data in encrypted form is effective?

Let's say I have a 100Gb SSD disc and it contains 25Gb of files. If I read in my unencrypted files, encrypt them and write them back to the SSD, they won't necessarily end up in the same physical place as the unencrypted files. Won't the unencrypted files still be there, in unreferenced sectors (do SSD's have sectors?).

I would imagine that writing all zeroes at a low level would do a better job of removing data that is already there.

[michaelt]

The encryption relies on you using (and trusting) the drive's built in encryption function.

Most SSDs with built in encryption don't directly encrypt the data with your password - they encrypt the data with a random password, then encrypt that random password with your password. They do this so you can change your password without having to re-encrypt all the data on the disk (which would be slow, and could cause data loss if there was a failure during the re-encrypt process).

Even when you haven't set a password set on your drive, most SSDs encrypt all the data on the actual flash chips (including reserved space, unused space and spare/reallocated sectors) and just store the random password is unencrypted on the same drive. By activating the on-drive encryption, the random password gets encrypted - making your data unrecoverable.

Of course, on-drive SSD encryption is all unauditable closed source stuff. And the cops have complained much more about iPhone encryption than SSD encryption. Make of that what you will.

[LogicX]

My naive understanding is that SSDs have portions of memory that go bad. They then use other, reserved portions of memory. As a result, not all of the memory is exposed for access to the host OS, only the on-drive controller sees the full picture. As a result, you may (at this time) believe youve taken a certsin action, but the reality is that the controller has likely not done what you expect. This is how you may think you've erased everything, but in reality, have not.

[londons_explore]

The controller stops you accessing some parts of the drive, but it also stops the attacker from reading those same parts.

Only a very advanced attacker is likley to be able to read those reserved sectors and be able to reconstruct data from them.

I'd say you are safe from everyone except the drive manufacturer, state actors, and people with more than $50k to gain from extracting info.

[theandrewbailey]

The idea is to always use your drive with encryption from the start, so that no "plaintext" data is ever written, ever. When your physical garbage collection happens, rekey or reformat.

Depending on the drive, this is pretty easy. TCG OPAL drives are required to write encrypted data to the media 100% of the time. Seems that you can rekey the drive easily:

https://github.com/Drive-Trust-Alliance/sedutil/wiki/PSID-Re...

[tinus_hn]

An SSD, like a SD card is actually a computer that accesses a large amount of unreliable storage and presents it as a smaller amount of reliable storage.

It is impossible to reason about the way the storage actually works because it is completely invisible.

If you write a large amount of zeroes, the disk may well only write one sector of zeroes and use some index to show it all over the disk. You'll never know.

If there is a bug in the firmware or someone uploads a different firmware to the controller, it might be possible to retrieve the data you thought was overwritten.

The only way to be sure that the data cannot be retrieved is by encrypting it with a key that is stored in a place where it can be removed.

[crottypeter]

I think the idea is that you never save anything to the disk unencrypted.

Zeroing out is not entirely secure because at the hardware level a newly zeroed bit might be distinguishable from a bit that was already zero.

[mbreese]

Building on what LogicX said... SSDs have a translation layer that converts the logical read/writes to the physical flash storage. So, low-level writes (from the OS's perspective) won't necessarily line up with what is physically written. I think that in theory if you wrote 5-10X the size of the drive, you might be able to write zeros to each of the flash pages, but I don't think you'd be able to confirm that.