PSA: SSDs Are Difficult To Securely Eraseby Devin Coldewey, crunchgear.com
February 22nd 2011
If you’re in a business that handles sensitive information, or are just conscientious about your privacy, you might want to read this study on SSD erasure. As you know, there are ways of erasing traditional magnetic hard drives that are more or less totally irreversible. Writing all zeros, writing garbage, zeroing again, and so on. After a few cycles it’s fresh and clean.
SSDs are a different beast, though, and right now it looks like most SSDs aren’t really equipped to fully delete data. The issue lies in the fact that the system driver that lives on your computer sends data to the SSD to be written, and the SSD’s onboard controller writes it… but where your system thinks it is and where the SSD controller actually writes it don’t really match up.
Think of it like a coat check. You go and drop off your coat and a few of your friends’ coats as well. As far as you’re concerned, your coats are “at the coat check.” But in reality the coat is at position X, indicated by whatever’s on the ticket, and the coat check people really know where your data is. In a similar way, your computer knows where your data is, but doesn’t actually know (and can’t know, since these on-SSD systems aren’t standardized yet) where exactly it is on the SSD. And for some reason when it tries to erase things securely, it doesn’t erase where that data is, only where it thinks it is.
Something like that, anyway. The end result is that it’s very difficult to erase SSDs by the old method. The solution? Encrypt your drive from the start and then lose the key when you need to erase. They may fix this in the future, but for now that’s your best bet.
Shared from Read It Later