[Ariez]

I was under the impression that if you do not encrypt an SSD from the first use, then any attempt at overwriting with 0s is futile, as well as any other method to securely delete the files. The files will be easily recovered.

This guy seems to say the opposite, in that the files are "simply not there anymore", contrary to everything I've read: who's right here?

[notacoward]

The big problem with erasing SSDs is that when you think you're overwriting something you're actually writing new blocks (because of the translation layer). How many iterations do you have to do before you're certain to have actually hit every physical block? Nobody knows. Maybe infinite. Non-zero data blocks might not be readable through the flash drive's front-end interface, but they're still sitting there on the actual NAND chips. That's why secure erase was added (and even that seems to be less than fully trustworthy).

[m4rtink]

One iteration of grinding the drive to fine powder/melting it down should be enough. Anything else might be insufficient.

[gowld]

That's a good way to erase a disk, but horrendously expensive if all you want to erase is a single file.

[gruez]

> The files will be easily recovered.

Not really “easily”. At the very least you’ll need a modded flash controller that can bypass the flash translation layer. Also, on SSDs with TRIM support you’re also racing against the garbage collector which will erase any unused (ie. deleted) blocks.

[blattimwind]

In practice all SSDs are always encrypted because they use the encryption to whiten the data written to them. That's why "Secure Erase" takes less than a second on SSDs, it doesn't erase anything but the key.

[Marsymars]

Yes, but in practice, this encryption isn't competently implemented. Hence why MS stopped supporting hardware-accelerated BitLocker.

https://twitter.com/SwiftOnSecurity/status/11774296582599270...

[red_phone]

They still support it, it’s just not the default any longer for drives that report the capability.

[Marsymars]

Thanks for the correction - I expect that support is just a temporary state of affairs though. I used hardware accelerated BitLocker for a few years, and had my systems break multiple times due to BitLocker-related regressions when MS pushed updates. I can't imagine it's going to get more attention now that's it's never enabled by default.

[amarshall]

With the caveat that this occurs in proprietary firmware which is non-trivial to audit. There have also been vulnerabilities discovered in the encryption features of disk firmware.

[e12e]

But AFAIK this isn't true for all solid state storage, like cheap USB memory keys. These would generally also benefit from log structured filesystems - but really should be encrypted too.

(which is one great promise of zfs on linux/openzfs - cross-platform encrypted removable storage).

[nemo1618]

Interesting! Do you happen to know which encryption algorithm is used? I would think that, if the only goal is whitening (as opposed to robust security), a fairly weak algorithm would be used, or perhaps a strong algorithm with a reduced number of rounds.

[sigstoat]

the hardware is going to use AES because their ASIC vendor will have well tested AES IP that they can just throw down on the chip. any other algorithm would require massive development effort for zero benefit.

and by using AES they can probably claim to satisfy some security standards that will make their marketing people happier.

[dspillett]

It would need to be a fairly good algorithm to provide good "whitening", but they could be using a small or easy to guess/derive keys especially if the primary purpose is just whitening rather than security.

[theandrewbailey]

The algorithm probably depends on the drive, but AES-256 is common due to hardware acceleration. Read a SSD spec sheet sometime, it will likely mention it, along with supporting TCG Opal (the self encrypting drive standard).

[sliken]

Depends on the drive. Some setup a password when initialized and the SATA secure erase command zero's the password. So you can technically read all the old data (or if the firmware blocked you, you could by directly accessing the chips), but you would end up with encrypted data, not the original bits.

That's why the secure erase takes seconds and not drive size/bandwidth seconds.

[ZoomZoomZoom]

>>The files will be easily recovered.

From my limited second-hand experience, it's the complete opposite. Data recovery services can't reassemble data from memory blocks of dead SSDs.