SSD Security?

Gorrillasnot · May 26, 2012

I am researching building a new PC in the not so distant future.
Lots of folks rave about how fast SSDs are compared to a conventional hard drive so I have been reading up on the pros and cons.
Me being somewhat of the tinfoil hat wearer type it concerns me when I read that it's hard to securely wipe a SSD and nearly impossible to wipe individual files.
Maybe the info I was reading is outdated and there are newer solutions I dont know.

On old school drives I cleared cache, temp files, etc with CCleaner, wiped drives using a 3 pass DOD wipe with a bootable disc I made with window washer, and wiped individual files with a 3 pass wipe using windows washer in the XP days and file shredder in windows 7.

what do u all use to complete the same tasks using a SSD?

thanks

Edit: oops I just realized this probably should of been posted in the memory and storage section. I apologize.

mfenn · May 26, 2012

An SSD uses a conceptually similar same lazy allocation and deletion strategy as an HDD, so a typical multi-pass wipe will work just fine for cleaning the whole drive. What you can't be sure about is that a given LBA always maps to the same physical block (in fact, it almost never will) so individual file shredding tools are of limited use.

Of course, hammer remains the only way to really be sure.

VirtualLarry · May 26, 2012

No, multi-pass wipes will not work. There is an area (spare area, overprovision), that is inaccessible to user LBAs. Once data is written there, and mapped out, it is not accessible to wipe.

However, most SSDs support "Secure Erase", which in theory, wipes the drive clean.

ViRGE · May 27, 2012

VirtualLarry said:
However, most SSDs support "Secure Erase", which in theory, wipes the drive clean.

Specifically, most modern SSDs support on-drive AES encryption. To make it easy to enable security and/or to wipe the drive, they just have AES turned on at the factory with no access restrictions on the key. Secure Erase tosses the key, so there's no way to recover the data. Technically it's not deleted, but the end result is the same.

mfenn · May 27, 2012

VirtualLarry said:
No, multi-pass wipes will not work. There is an area (spare area, overprovision), that is inaccessible to user LBAs. Once data is written there, and mapped out, it is not accessible to wipe.

However, most SSDs support "Secure Erase", which in theory, wipes the drive clean.

Yes, a multi-pass wipe will work. The spare area is not a fixed portion of the drive, it is a set percentage of the blocks that are not mapped to any LBA. The blocks that make up the spare area cycle in and out of the pool of user-accessible blocks as blocks are written, so if you do multiple passes, you will touch every flash block in the drive.

corkyg · May 27, 2012

There are some new wrinkles in SSD security, but, not for the faint hearted. These are coming from an outfit called Runcore. Here are a couple of examples"

http://www.runcore.com/en/RC-SSDnewsdetail-262.html

http://www.myce.com/news/runcore-xapear-ssd-features-rfid-security-sms-deletion-61708/

Gorrillasnot · May 30, 2012

How about a hybrid drive or using a small ssd for cache? would that be safer or not really worth the money for what performance increase it gives?

I have the need for speed so I may just take my tinfoil hat off and go full ssd anyway.
In a modern PC it just seems like a conventional hdd will always be a bottleneck.

ViRGE · May 30, 2012

phatTweaker said:
How about a hybrid drive or using a small ssd for cache? would that be safer or not really worth the money for what performance increase it gives?

I have the need for speed so I may just take my tinfoil hat off and go full ssd anyway.
In a modern PC it just seems like a conventional hdd will always be a bottleneck.

On paper it would be less secure. A full SSD is going to be the most secure thing out there. A full SSD also makes a great deal more sense from a performance perspective.

VirtualLarry · May 31, 2012

mfenn said:
Yes, a multi-pass wipe will work. The spare area is not a fixed portion of the drive, it is a set percentage of the blocks that are not mapped to any LBA. The blocks that make up the spare area cycle in and out of the pool of user-accessible blocks as blocks are written, so if you do multiple passes, you will touch every flash block in the drive.

This is not true. Due to wear-leveling, the drive may "recycle" some of the previously-written blocks multiple times, before it hands out the other blocks.

I would be very surprised if the scenario you paint is somehow "guaranteed" to be true. I don't think that it is.

mfenn · May 31, 2012

VirtualLarry said:
This is not true. Due to wear-leveling, the drive may "recycle" some of the previously-written blocks multiple times, before it hands out the other blocks.

I would be very surprised if the scenario you paint is somehow "guaranteed" to be true. I don't think that it is.

If you're doing passes over the entire LBA space, there is nothing to recycle other than blocks from the spare area. That's why multiple sequential write passes restore a drive to like-new condition.

Search

SSD Security?

Gorrillasnot

Senior member

mfenn

Elite Member

VirtualLarry

No Lifer

ViRGE

Elite Member, Moderator Emeritus

mfenn

Elite Member

corkyg

Elite Member | Peripherals

Gorrillasnot

Senior member

ViRGE

Elite Member, Moderator Emeritus

VirtualLarry

No Lifer

mfenn

Elite Member

TRENDING THREADS