this post was submitted on 27 Apr 2024
112 points (96.7% liked)

Asklemmy

43895 readers
900 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

I understand traditional methods don’t work with modern SSD, anyone knows any good way to do it?

top 50 comments
sorted by: hot top controversial new old
[–] Kyrgizion@lemmy.world 65 points 6 months ago (6 children)

Physical destruction. It's the only way to be 100% sure.

[–] SkaveRat@discuss.tchncs.de 26 points 6 months ago (2 children)

Nuke it from orbit. Only way to be safe

[–] PerogiBoi@lemmy.ca 22 points 6 months ago (1 children)

β¬†οΈβž‘οΈβ¬‡οΈβ¬‡οΈβ¬‡οΈ

[–] EisFrei@lemmy.world 8 points 6 months ago

A fellow enjoyer of democracy

*Presses b

load more comments (1 replies)
[–] OmanMkII@aussie.zone 7 points 6 months ago

For secure data destruction, either pay for it to be done properly, or create your own way of doing it. A decent sized drill bit can do all the work for you, at the cost of a new drive of course.

load more comments (4 replies)
[–] captain_aggravated@sh.itjust.works 49 points 6 months ago (2 children)

If it's really an issue where "if the data on this SSD falls into the wrong hands, lives will be ruined" sort of thing, my favorite data security tool for this job is a bench grinder. Difficult to put the data back together when the flash chips are powder scattered throughout 14 different shop surfaces and at least two lungs.

[–] Adalast@lemmy.world 6 points 6 months ago

I prefer thermite. Recover my data from a messy contaminated slag heap.

[–] SidewaysHighways@lemmy.world 6 points 6 months ago

Be careful with lung butter though. Been betrayed before

[–] kotauskas@lemmy.blahaj.zone 46 points 6 months ago (1 children)

A special feature known as SSD secure erase. The easiest OS-independent way is probably via CMOS setup – modern BIOSes can send secure erase to NVM Express SSDs and possibly SATA SSDs.

[–] User_already_exist@lemmy.world 8 points 6 months ago (4 children)

Did this already, it took 1 second for a 2TB drive. Would you trust that?

[–] mark3748@sh.itjust.works 21 points 6 months ago

It is the only approved method for data destruction for the several banks and government agencies I support. If they trust it, I trust it.

I have checked a couple of times out of curiosity, after a secure erase the drive is as clean as if it had been DBANed. Sometimes things are standards because they work properly.

[–] WhatAmLemmy@lemmy.world 21 points 6 months ago* (last edited 6 months ago)

Most SSD/flash secure erase methods involve the storage having full disk encryption enabled, and simply destroying the encryption key. Without the encryption key the data can't be deciphered even with the correct password, as the password was only used to encrypt the encryption key itself. This is why you can "factory reset" an iPhone or Android in seconds.

[–] KISSmyOSFeddit@lemmy.world 7 points 6 months ago

Yes. SSDs are different from HDDs.

[–] muntedcrocodile@lemm.ee 42 points 6 months ago (2 children)

Encrypted volume and burn the encryption key

[–] Winbombs@lemmy.world 16 points 6 months ago (1 children)

This is how storage services attest to a secure wipe.

load more comments (1 replies)
load more comments (1 replies)
[–] Unyieldingly@lemmy.world 31 points 6 months ago (1 children)
[–] Catsrules@lemmy.ml 4 points 6 months ago (1 children)

Does it have to be from orbit?

What if the drive is not on a planet?

[–] Aussiemandeus@aussie.zone 3 points 6 months ago

Then you need to aim really well and time your orbit

[–] bloodfart@lemmy.ml 30 points 6 months ago (1 children)

Call the devices secure erase functionality.

here’s how to do it to sata and pata devices

I don’t do some of the checking and testing in that article, I just do β€”security-erase-enhanced and unless it fails it’s fine.

You could also encrypt the contents and delete the key.

[–] TedZanzibar@feddit.uk 11 points 6 months ago (1 children)

This is the correct answer. Due to wear levelling, a traditional drive wipe program isn't going to work reliably, whereas most (all?) SSDs have some sort of secure erase function.

It's been a while since I read up on it but I think it works due to the drive encrypting everything that's written to it, though you wouldn't know it's happening. When you call the secure erase function it just forgets the key and cycles in a new one, rendering everything previously written to it irrecoverable. The bonus is that it's an incredibly quick operation.

Failing that, smash it to bits.

[–] Dark_Arc@social.packetloss.gg 8 points 6 months ago* (last edited 6 months ago)

And if you're hiding from a nation state ... don't trust that, smash it to bits and dispose of them at different trash collection locations πŸ™‚

[–] WhatAmLemmy@lemmy.world 23 points 6 months ago* (last edited 6 months ago) (1 children)

For all average user requirements that just involve backups, PII docs, your sex vids, etc (e.g. not someone who could be persecuted, prosecuted, or murdered for their data) your best bet (other than physical destruction) is to encrypt every usable bit in the drive.

  1. Download veracrypt
  2. Format the SSD as exFAT
  3. Create a new veracrypt volume on the mounted exFat partition that uses 100% of available space (any format).
  4. open up a notepad and type out a long random ass throwaway password e.g. $-963,;@82??/@;!3?$.&$-,fysnvefeianbsTak62064$@/lsjgegelwidvwggagabanskhbwugVg, copy it, and close/delete without saving.
  5. paste that password for the new veracrypt volume, and follow the prompts until it starts encrypting your SSD. It'll take a while as it encrypts every available bit one-by-one.

Even if veracrypt hits a free space error at the end of the task, the job is done. Maybe not 100%, but 99.99+% of space on the SSD is overwritten with indecipherable gibberish. Maybe advanced forensics could recover some bits, but a) why the fuck would they go to that effort for a filthy commoner like yourself, and b) what are the chances that 0.01% of recoverable data contains anything useful!?! You don't really need to bother destroying the header encryption key (as apple and android products do when you wipe a device) as you don't know the password and there isn't a chance in hell you or anyone else is gonna guess, nor brute force, it.

[–] PM_Your_Nudes_Please@lemmy.world 23 points 6 months ago (1 children)

Are you considering using the drive afterwards? Because β€œtoss it in a microwave for like 5 minutes” is always a valid answer if you’re not worried about reusing it.

[–] Dark_Arc@social.packetloss.gg 4 points 6 months ago (1 children)

Presumably there's a risk of damaging the microwave?

load more comments (1 replies)
[–] Brkdncr@lemmy.world 21 points 6 months ago (2 children)
  • Secure erase using the drive OEMs tool.
  • If you were using something like bitlocker then simply dump the key.
  • Wood chipper or some other form of absolute physical destruction.
load more comments (2 replies)
[–] sylver_dragon@lemmy.world 20 points 6 months ago (4 children)

This article covers several methods. Personally, I'd look for a BIOS based tool first, as that would be free and easiest. After that, the Diskpart Clean All command is probably fine for anything other than Top Secret data which a government based threat actor would be willing to put a lot of resources into recovering. If it's just your tax documents and porn archive, no one is going to care enough to dig out anything which that command might have left behind.

load more comments (4 replies)
[–] protokaiser@lemmy.world 15 points 6 months ago

I hear thermite is good at destroying things.

[–] Boomkop3@reddthat.com 15 points 6 months ago

A microwave oven should do the trick

[–] ininewcrow@lemmy.ca 13 points 6 months ago
[–] nutsack@lemmy.world 12 points 6 months ago

i know this isn't what is being asked, but disk level encryption is cool

[–] CyberDine@lemmy.world 10 points 6 months ago* (last edited 6 months ago) (1 children)

NSA requires the use of a industrial shredder that can grind the components into pieces less than 2mm.

https://ameri-shred.com/portfolio-items/2mm-ssd-solid-state-drive-hammer-mills/

If you can't do that, you should incinerate the drive at over 700 degrees.

As far as wiping goes, a 3 pass overwrite alternating 0s and 1s is good enough as long as it's done over the entire drive, not just the partition.

BCWipe is good enough for this

load more comments (1 replies)
[–] SomeBoyo@feddit.de 7 points 6 months ago (2 children)

doesn't just overwriting the data work?

[–] Scholars_Mate@lemmy.world 30 points 6 months ago

No. Modern SSDs are quite sophisticated in how they handle wear leveling and are, for the most part, black boxes.

SSDs maintain a mapping of logical blocks (what your OS sees) to physical blocks (where the data is physically stored on the flash chips). For instance, when your computer writes to the logical block address 100, the SSD might map that to a physical block address of 200 (this is a very simplified). If you overwrite logical block address 100 again, the SSD might write to physical block address 300 and remap it, while not touching the data at physical block address 200. This let's you avoid wearing out a particular part of the flash memory and instead spread the load out. It also means that someone could potentially rip the flash chips off the SSD, read them directly, and see data you thought was overwritten.

You can't just overwrite the entire SSD either because most SSDs overprovision, e.g. physically have more storage than they report. This is for wear leveling and increased life span of the SSD. If you overwrite the entire SSD, there may be physical flash that was not being overwritten. You can try overwriting the drive multiple times, but because SSDs are black boxes, you can't be 100% sure how it handles wear leveling and that all the data was actually overwritten.

[–] kotauskas@lemmy.blahaj.zone 14 points 6 months ago (2 children)

No, "overwritten" data doesn't actually get erased right away due to wear levelling. As SSDs get esoterically smart with how they prevent unnecessary erase operations, there's no way to be sure without secure erase.

load more comments (2 replies)
[–] potentiallynotfelix@lemmy.ml 5 points 6 months ago

If it's really sensitive shit, you should beat the shit out of it with a sledgehammer and make sure you got all the nand modules(see diagram online), then throw parts of it into a large body of water, deeper the better

[–] Brkdncr@lemmy.world 4 points 6 months ago (1 children)

So many people here responding with outdated misinformation.

[–] KISSmyOSFeddit@lemmy.world 5 points 6 months ago (1 children)

Whoever might need, for whatever reason, to write on a parchment sheet which had already been written, should take some milk and should put the parchment in it for one night’s time. As soon as it is taken out, it should be strewn with flour in order that it not be wrinkled after it begins to dry, and so as to be kept under pressure until it dries out. After it is done, the parchment will regain its former quality, shining and lucid, by means of pumice stone and chalk.

load more comments (1 replies)
[–] Bytemeister@lemmy.world 4 points 6 months ago

Smash it to pieces, melt it down into a blob and drop it down a borehole at the nearest quarry

[–] diskmaster23@lemmy.one 3 points 6 months ago (1 children)
load more comments (1 replies)
load more comments
view more: next β€Ί