
I grilled my local hardware security friend who said you should never trust the secure delete feature in ssd . In general it has been found insecure. As mentioned the "Large grinder" seems like the only way to be sure. On Sat., Mar. 23, 2024, 10:50 Giles Orr via talk, <talk@gtalug.org> wrote:
I have, for many years, used "Darik's Boot and Nuke" on a USB stick to securely wipe spinning hard disks. It takes a long time, but I mostly understand and trust the process.
I'm now at the point that I have to wipe and dispose of SSDs, and I'm feeling a bit shaky on the methodology. Here's what I did:
# hdparm -I /dev/sdX
Looked for enabled/locked/frozen in the output ... I won't go into making sure those are toggled correctly, but that appears to be needed. This also lists what appears to be info about doing a wipe on the drive:
6min for SECURITY ERASE UNIT, 60min for ENHANCED SECURITY ERASE UNIT
Then, set a password (why? but seems to be needed):
# hdparm --user-master u --security-set-pass foobar /dev/sdX
Last, run the wipe:
# hdparm --user-master u --security-erase-enhanced foobar /dev/sdX
Doing something like `dd if=/dev/sdX bs=5M count=5 | strings` (or sending it to `less`) definitely shows that it's changed from something organized to something full of identical characters. But I've never seen this wipe process take more than 60 seconds, which makes me wonder about the `hdparm` declaration about the time required for a secure wipe.
So I guess the big question is: should I trust this process? Do we really think it's securely wiped? Or should I be taking a hammer to the chips on the SSD because that's the only way to ensure it's fully wiped?
-- Giles https://www.gilesorr.com/ gilesorr@gmail.com --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk