Is there a way to truly secure-erase a SSD?

[odinsride]

I have an SSD I would like to sell, but I have been reading lots of contradicting information online about securely erasing it. Some people say it's fine to just to a 7-pass wipe or secure wipe in Gparted (forget the exact terminology). Other things I've read say there's no way to be certain that an SSD is completely securely erased and it's better not to sell them if they ever contained sensitive data. Is this just paranoia or is there something more to it?

What's your experience?

 

[Phynaz]

Use the vendor provided secure erase utility.

 

[odinsride]

It didn't come with any utility for that (it's an older OWC ssd I used in my old Mac)

 

[rsutoratosu]

I been running dban on a 256gb ssd for 3 weeks now, its on 99 count custom and I'm on my second set of 99 count. Each time I use a different erase method.

The only problem is you might wear it out

 

[Old Hippie]

Is this just paranoia or is there something more to it?

Yep and many seem to be afflicted with the same thing.

 

[odinsride]

I just chatted with OWC support and they recommended this:

1. Erase the SSD
2. Fill the drive with non-sensitive data (I can probably use dd for this)
3. Erase the SSD

They said writing 0s as you would to an HDD is not suitable for an SSD.

 

[razel]

OWC support was vague. What exactly did they mean by 'Erase the SSD'?

Regardless, go with what Phynaz said. Use a secure erase utility from the vendor. If they don't have one, 'secure erase' is a command standard. I usually use parted magic bootable ISO, but it is a command line utility contained within parted magic.

Regardless of how you do it. Make sure it is issuing a 'secure erase' command and not writing zero's or one's to the drive.

If you are REALLY that paranoid, then incinerate it. Now spread the ashes across different time zones from an airplane in the air. There will be no questions asked at that point.

 

[Essence_of_War]

I just chatted with OWC support and they recommended this:

1. Erase the SSD
2. Fill the drive with non-sensitive data (I can probably use dd for this)
3. Erase the SSD

They said writing 0s as you would to an HDD is not suitable for an SSD.

Def not suited for their SSDs since they use SandForce controllers that will compress the living daylights out of a stream of 0s

 

[code65536]

My HDD/SDD erasure scheme:

1) Write randomly-generated data to the disk until it's full (just create a file and write until it runs out of space).
2) Delete the partition.

The likelihood of someone scrounging a disk for data, after the partition has been deleted, is extremely low.

The likelihood of someone expending the massive amount of forensic resources that are needed to try to recover tiny fragments of data (keeping in mind that if any can be recovered by painstakingly analyzing residual charges or whatnot, that there is going to be a stupendous amount of noise in the signal that anything recovered is almost certainly worthless) is virtually zero.

So, yes, people who advocate insanity like 7-pass erasures are high on paranoia. Nobody in their right mind is going to go through that kind of effort to scrape out a few badly-mangled bits unless the data is extremely valuable and the attacker knows that it's extremely valuable. So unless you have data that's worth millions or are trying to keep top-secret foreign government files from the NSA, a simple 1-pass fill with random data (the randomness is to counter any compression or deduplication mechanisms that may be in place) is more than enough.

 

[bigi]

What's wrong with HD low level format tool or dban???

 

[PliotronX]

HDDErase will securely erase without incurring a lot of writes like DBAN or others would and reduce the life of the SSD and it is very fast by comparison.

 

[Coup27]

Samsung and Intel drives come with vendor utilities to secure erase the SSD. Failing that, drives can be secure erased using the standard secure erase command from something like PartedMagic or a live Linux Distro. OCZ used to have a guide on how to secure erase an SSD using a live Ubuntu CD. I dunno where it is now but I'm you can locate it with a bit of searching.

 

[Phynaz]

HDDErase will securely erase without incurring a lot of writes like DBAN or others would and reduce the life of the SSD and it is very fast by comparison.

That application is not sufficient to erase an SSD. It is only meant for hard drives.

 

[PliotronX]

That application is not sufficient to erase an SSD. It is only meant for hard drives.

That is not true. It is more of a pain in the ass to run but uses the same function that hdparm does. Quickly googling found out DBAN is no bueno for SSD. PartedMagic (bootable hdparm) be a better choice than HDDErase but uses the same secure erase function.

 

[glugglug]

What's wrong with HD low level format tool or dban???

Full format is just going to write 0's to most clusters. TRIM spec actually says that successfully TRIMed clusters should return 0's. A smart firmware trying to reduce the writes would treat a write full of 0's the same as a TRIM -- mark the space as "unused" so it doesn't need to be rewritten on the next read/modify/write cycle of the block, removing it from the logical->physical mapping, but not really overwrite/erase the data on the flash chips. Theoretically someone could either remove the flash chips and use their own circuit board for recovering the data, or create an alternate drive firmware that lets you read the raw flash blocks instead of using the logical->physical mapping on the drive.

 

[Phynaz]

That is not true. It is more of a pain in the ass to run but uses the same function that hdparm does. Quickly googling found out DBAN is no bueno for SSD. PartedMagic (bootable hdparm) be a better choice than HDDErase but uses the same secure erase function.

Seriously, you are going to use a forum post as proof?

You can't use tools designed to erase an HDD on an SDD do to reallocation.

 

[PliotronX]

Seriously, you are going to use a forum post as proof?

You can't use tools designed to erase an HDD on an SDD do to reallocation.

You've not read it, you're right that the same tools should not be ised and i am elaboratibg on that. DBAN will not securely erase an SSD because of wear leveling and unnecessarily decreases the life of the SSD. Secure erase function has been implemented into SSD firmware so that all charged cells are set to 1. DBAN will not do this.

Just because I'm too lazy to quote the post with relevant information does not mean the data is invalid. Check it out please your SSDs will thank you.

 

[_Rick_]

Seriously, you are going to use a forum post as proof?

You can't use tools designed to erase an HDD on an SDD do to reallocation.

HDDs also reallocate.

Protip: never write data that you cannot show someone else on a disk unencrypted.

Still, SSDs and the ATA erase command should do a good job of cleaning it up.

 

[Hellhammer]

Seriously, you are going to use a forum post as proof?

You can't use tools designed to erase an HDD on an SDD do to reallocation.

HDDErase works for SSDs too, we have used it for our reviews.

 

[Daedalus685]

I've always been partial to disk-a-part

 

[razel]

I've always been partial to disk-a-part

:thumbsup: Almost as cheap as flying to different countries to spread NAND chip ashes. At least if you fly to certain parts of asia, you really can have a lot of 'phun' for cheap... just avoid Japan, it's expensive as f--k. Not that'd I'd know. I'm juss sayin'.

 

[PliotronX]

:thumbsup: Almost as cheap as flying to different countries to spread NAND chip ashes. At least if you fly to certain parts of asia, you really can have a lot of 'phun' for cheap... just avoid Japan, it's expensive as f--k. Not that'd I'd know. I'm juss sayin'.

That is such a funny image, blowtorching NAND chips and dumping ashes in different countries (except for Russia and China, can't trust NAND ashes over there).

 

[John Connor]

http://howto.cnet.com/8301-11310_39-20115106-285/how-to-securely-erase-an-ssd-drive/