×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Confidential Data Not Safe On Solid State Disks

timothy posted more than 2 years ago | from the tim-wants-targets-you-want-privacy-win-win dept.

Data Storage 376

An anonymous reader writes "I always thought that the SSD was a questionable place to store private data. These researchers at UCSD's Non-Volatile Systems Laboratory have torn apart SSDs and have found remnant data even after running several open source and commerical secure erase tools. They've also proposed some changes to SSDs that would make them more secure. Makes you think twice about storing data on SSDs — once you put it on, getting it off isn't so easy."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

376 comments

Nuke it from orbit (2, Funny)

ColdWetDog (752185) | more than 2 years ago | (#35236160)

It's the only way to be sure.

Re:Nuke it from orbit (1)

Anonymous Coward | more than 2 years ago | (#35236346)

I use a TrueCrypt volume inside a TrueCrypt volume. It offers enough protection for my private data and is still more than fast enough for my needs.

Re:Nuke it from orbit (0)

Anonymous Coward | more than 2 years ago | (#35236588)

But what if someone invents time travel? Then no data will be secure!!

Re:Nuke it from orbit (3, Funny)

DigiShaman (671371) | more than 2 years ago | (#35236592)

Or in a microwave. That seems to destroy the gates on the chip. 10 seconds on High should be enough. Just be sure to only place the PCB and not the entire drive as they can contain lots metal.

I think I'm safe (5, Funny)

lxw56 (827351) | more than 2 years ago | (#35236594)

I challenge anyone to find my MicroSD card. I've conducted extensive security audits to verify that no attacker, even one with inside information, can gain electronic or physical access to the disc.

Try a furnace! (0)

Anonymous Coward | more than 2 years ago | (#35236164)

It's easy to get the data off; it's just hard to get the data off and keep the disk usable.

"...getting it off isn't so easy." (-1)

Anonymous Coward | more than 2 years ago | (#35236174)

Just like my wife.

Re:"...getting it off isn't so easy." (0)

Locke2005 (849178) | more than 2 years ago | (#35236358)

Don't know about you, but I don't have any problem getting your wife off!

Re:"...getting it off isn't so easy." (0)

Anonymous Coward | more than 2 years ago | (#35236414)

Don't know about you, but we don't have any problem getting your wife off!

Re:"...getting it off isn't so easy." (0)

Anonymous Coward | more than 2 years ago | (#35236480)

Don't know about you, but after the paper bag fell off, getting me off your wife was easy!

Encrypt it.... (0)

Anonymous Coward | more than 2 years ago | (#35236194)

done.

Re:Encrypt it.... (1)

mosb1000 (710161) | more than 2 years ago | (#35236632)

Someone once told me that I should use RSA encryption because it was developed by the NSA. I thought to myself "why would the NSA produce and give away an encryption algorithm they can't break". I concluded that they wouldn't. So yeah, probably not secure.

My secure erase method still works! (3, Funny)

MetalliQaZ (539913) | more than 2 years ago | (#35236198)

1 electric drill, 1 work bench, and some bored interns.

Re:My secure erase method still works! (3, Funny)

loshwomp (468955) | more than 2 years ago | (#35236612)

And here I thought you were going to bore holes in the SSDs. Boring holes in the interns is just cruel.

Re:My secure erase method still works! (0)

Anonymous Coward | more than 2 years ago | (#35236648)

Best. Pun. Ever.

Blend it... (2, Funny)

Goffee71 (628501) | more than 2 years ago | (#35236202)

... try reading anything from the ensuing dust.

you mean reading the entrails? (3, Funny)

G3ckoG33k (647276) | more than 2 years ago | (#35236762)

You couldn't possibly seriously mean we should start reading the entrails? That is soo medieval.

How about (4, Insightful)

Anrego (830717) | more than 2 years ago | (#35236204)

Encrypting it?

Is taking data off really an issue anyway. If it's confidential data, destroy the disk when you need to dispose of it. Not repurposing or re-selling hardware with sensitive information on it sounds like a no-brainer.

Re:How about (1)

timeOday (582209) | more than 2 years ago | (#35236518)

I don't know why all vendors haven't adopted hardware full disk encryption [ibm.com]. This has become an absolute must in my opinion. And compared to software-based encryption, it works so well, and seamlessly - the bios asks for the passphrase at boot time, and after that it's transparent to the OS and doesn't degrade performance either. I would certainly appreciate some security researchers throwing their efforts into validating or debunking these.

Re:How about (0)

Anonymous Coward | more than 2 years ago | (#35236564)

and you trust this hardware crypt to not have a backdoor?

Re:How about (2)

Guspaz (556486) | more than 2 years ago | (#35236606)

SandForce SSD controllers encrypt all data as it hits the SSD. That does nothing to protect against plugging the drive into a computer and using it (a secure delete would handle that), but it *does* protect against people accessing the NAND chips directly. That and the fact that SandForce drives use compression/deduplication/other tricks and properly support secure erase would make it exceedingly difficult to recover data.

Re:How about (1)

Private Baldrick (643008) | more than 2 years ago | (#35236578)

Encryption is a solution that would work. However one of the main reasons for people using SSDs is the performance boost. (Software) Encryption would give a (slight) overhead which might cancel out the benefits of the drive.

Also you need to encrypt the drive FROM THE START. Once data is put down unencrypted in the drive it is potentially retrievable even if you've then encrypted the volume on top.
(Hate to use wikipedia as a resource but... http://en.wikipedia.org/wiki/Solid-state_drive#Comparison_of_SSD_with_hard_disk_drives [wikipedia.org] )

So your encryption choices are either software encryption right from the first build or an SSD with hardware based encryption built in (which is available but not sure how common it is).

Re:How about (1)

mysidia (191772) | more than 2 years ago | (#35236598)

Instead of using a SSD use an array of SSDs; with array pairs randomly chosen from a massive pile.

When writing a block, XOR it by a random number of equal size.

Write the random bits to one SSD, write the XOR'ed result to the other SSD.

Then the data cannot be derived from either SSD alone, and neither alone gives you any better chance of getting the data than if you just had a bunch of random bits.

I call this RAID -1 (RAID negative 1), or the opposite of redundant mirroring. That is... without both disks, you have nothing.

Now then... you can call one disk the 'data disk' and the other disk the 'key disk'. The key disk can be written to one time, during initial provisioning of the array, and never needs to be written to again. Therefore instead of being an actual "SSD" the "Key SSD" can be some type of inexpensive read-optimized write-once memory.

It could even be a little chip that gets plugged into the "data SSD" and acts like a read-only secondary hard disk.

When you need to replace your primary SSD because it has run out of write cycles, that's no problem... just DD it to a shiny new SSD, and insert. Put the same "key SSD" in place. All you need to do is ensure the "key SSD" is at least as large in size and has at least as many random bits as the data SSD has capacity.

The old data SSD is worthless and completely unreadable without the "key disk", and there's no reason to destroy it, as long as the "key SSD" remains secure

As for the "key SSD"... there is no reason to ever get rid of it, since it can be re-used without issue, it will never run out of write cycles, because it's never written to under normal operation. Since it can basically be a big hardwired ROM chip, using inexpensive burned fuse links, write-once PROM, it probably costs $10 or less.

If you do choose to get rid of the key SSD... you can make the chance of someone ever putting together the data ssd and the matching key SSD less than lottery odds.

If it's a cheap key device, just melt down the key device and send it for recycling, with minimal ecological damage compared to scrapping large volumes of SSDs.

Treat it like any other secure system (2)

Brett Buck (811747) | more than 2 years ago | (#35236212)

The solution is the same as hard drives in any secure system - use it, and when you are done, destroy it. Say you get 3 years out of an SSD, the cost of replacing it is trivial over the long haul. Nobody serious about security erases conventional platter HDs and hopes that's good enough.

Re:Treat it like any other secure system (1)

TooMuchToDo (882796) | more than 2 years ago | (#35236282)

Exactly. When we recycle computer gear (several tons a year), we wipe the drives first but then I go to the recycling/smelting facility and watch them shred the drives (we have an agreement with the vendor). Trust but verify.

Re:Treat it like any other secure system (2)

somersault (912633) | more than 2 years ago | (#35236360)

"Trust but verify"? Verification results from the exact opposite of "trust" :p You're right to verify, but saying stuff like that sounds silly..

Re:Treat it like any other secure system (3, Insightful)

causality (777677) | more than 2 years ago | (#35236512)

"Trust but verify"? Verification results from the exact opposite of "trust" :p You're right to verify, but saying stuff like that sounds silly..

Verification is after-the-fact. Prior to that, the vendor could still do something dishonest like fail to deliver on its promises. You're trusting them not to do that as indicated by your willingness to do business with them in the first place. Verification is an attempt to check against not only dishonesty on their part but also well-intentioned mistakes that wouldn't strictly be issues of trustworthiness.

It's sort of like when I deposit cash at a bank. If I tell them "this is 200 dollars, please put it into my account" they are going to count the money. I don't take that as an accusation that I am trying to deceive them, because it isn't. It's a standard practice because multiple pairs of eyes are more likely to catch both honest mistakes and deliberate deception. That's an example of "trust but verify".

It's not really so silly and it's far less extreme than "I want to be involved in each step of the process so I can watch your every move". That would be distrust.

Re:Treat it like any other secure system (1)

Archangel Michael (180766) | more than 2 years ago | (#35236580)

Trust should never be absolute.Trust is an analog scale, not a digital bit.

Trust but verify is prudent behavior. This is why we pull ever Nth item off a production line, to test and verify that it is worthy of the trust we've placed in the process as a whole.

Re:Treat it like any other secure system (0)

Anonymous Coward | more than 2 years ago | (#35236746)

Trust. Truth. Fact. Sure, they're all shades of grey if you play that game.

But the phrase "trust but verify" has always been and will always be obvious political doublspeak.

Leave it to the Generals, C-level officers, and press releases. The phrase is used when everyone knows there is a significant lack of trust but you don't want to hurt feelings by saying it.

It's just sad when the IT or security crowd buys into this political correctness.

Re:Treat it like any other secure system (1)

Onuma (947856) | more than 2 years ago | (#35236390)

Well said. Just like destroying COMSEC in the military -- you can have the two privates complete and sign the blocks for destruction, but the supervisor should always be verifying. After all, it is his ass if things turn up missing.

Re:Treat it like any other secure system (5, Insightful)

Solandri (704621) | more than 2 years ago | (#35236392)

From what I've seen, it's not the end-of-life disposal of drives which leads to this type of data leak. It's when a drive dies under warranty and you send it to the manufacturer for a replacement. Since it's non-functional, you can't erase it. Since you need to return it without any signs of abuse for a warranty replacement, you can't destroy it.

The manufacturer usually just fixes it, and sells it as a refurb / sends it out as a replacement drive for others which have failed under warranty. They just do a quick format, or sometimes even don't bother formatting, before sending the fixed drive out. Meaning the new recipient of your old drive has all your data.

Re:Treat it like any other secure system (0)

Anonymous Coward | more than 2 years ago | (#35236406)

If Batman can trace fingerprints from exploding bullets, I wouldn't be so sure.

Re:Treat it like any other secure system (4, Informative)

jittles (1613415) | more than 2 years ago | (#35236434)

The lack of security of SSD's is not new! So unoriginal, in fact, that Truecrypt.org [truecrypt.org] doesn't even recommend that you encrypt an SSD drive!

Re:Treat it like any other secure system (1)

jp102235 (923963) | more than 2 years ago | (#35236538)

Wait...what??? So they(SSD's) lack security, so truecryot reccomends AGAINST encryption? Shouldn't they brcrdccomending the opposite?

Re:Treat it like any other secure system (1)

Nadaka (224565) | more than 2 years ago | (#35236540)

Truecrypt recommends you encrypt everything... twice. Even your grocery list.

Encryption (2, Insightful)

Fackamato (913248) | more than 2 years ago | (#35236224)

It doesn't matter if you can get hold of ALL of the data, if it's encrypted you're fucked. Nothing to see here, move along.

Re:Encryption (1)

Anonymous Coward | more than 2 years ago | (#35236582)

It doesn't matter if you can get hold of ALL of the data, if it's encrypted you're fucked. Nothing to see here, move along.

That depends on how good the encryption is, whether or not you can recover the decryption key from RAM, or swap, or brute force, guess it, whether or not the machine is powered on and the drive is mounted already when you seize the device, whether or not you can compel the owner of the device to cough up the decryption key (either legally, or illegally), the kind of encryption used and whether or not it has flaws, whether or not the drive started out decrypted and was encrypted later (because then there may still be unencrypted parts on the SSD), and whether or not their backdoors put into the encryption software.

   

Re:Encryption (1)

amiga3D (567632) | more than 2 years ago | (#35236738)

What's secure encryption today may, a few years down the road, be trivial to break. Best to destroy the drive whether it be mechanical or digital. Most of the time a 3 year old drive is worth a fraction of what it cost new.

Encrypt the data (1)

rcb1974 (654474) | more than 2 years ago | (#35236226)

Solution: Don't copy any data to an SSD unless you're copying it into an encrypted volume.

for the truly paranoid (2)

Seggybop (835060) | more than 2 years ago | (#35236230)

I thought we'd already agreed that the only way to be really sure that your data is gone is to physically destroy the drive. If you've got data that's really so sensitive that someone's going to spend serious resources to extract it, the actual price of a drive is nothing. Smash it and call it good.

wipes are vendor specific (4, Informative)

gad_zuki! (70830) | more than 2 years ago | (#35236246)

I know OCZ has its own wipe utility and I believe intel too. Using wiping software designed for mechanical disks makes absolutely no sense and the results from this study are 100% predictable. Oh your Gutmann wipe pattern for circa1991 MFM drives doesn't wipe SSDs? You don't say! If you needed to securely wipe one, use the proper tool.

That said, it would be nice if there was some standard way of doing this.

Re:wipes are vendor specific (2)

mlts (1038732) | more than 2 years ago | (#35236372)

What would be nice is to have the ATA erase command standardized, so this can be easily done.

Command gets handed to the drive controller, controller does the erasing the right way, where on a hard drive, it zeroes out sectors, even the ones on the bad sector relocation table, and sectors marked as bad. On a SSD, it zeroes out everything regardless of the status with regards to wear leveling.

Even better would be having the drive controller encrypt all data, storing the key as a value in NVRAM. Then when it gets handed an erase command, it replaces the key stored with one randomly generated.

Even better would be to have the drive controller to have its own free space bitmap. After being zeroed, if a sector is read without being written to, the controller returns just zeroes, regardless of the actual data present. If the sector was written to, the controller marks it as used in the bitmap and then returns the sector's data on subsequent writes. This way, an erase command can be almost immediate (flagging everything in the bitmap as free), and outside of yanking the controller and looking at the platters/cells, there is no way to retrieve the data that was erased. Bonus points if the controller zeroed out data in the background.

Re:wipes are vendor specific (0)

Anonymous Coward | more than 2 years ago | (#35236560)

There already is a standard ATA command for this (ENHANCED SECURITY ERASE UNIT). My question is, did the drive implement it properly, and if so, why didn't the researchers use it? Because I didn't RTFA, I have no idea.

Re:wipes are vendor specific (1)

mlts (1038732) | more than 2 years ago | (#35236668)

The problem is that the ATA commands are there, except there are no utilities available or maintained today that can use them. There used to be a tool called HDDErase, but it requires MS-DOS and a floppy drive for use.

Re:wipes are vendor specific (3, Funny)

causality (777677) | more than 2 years ago | (#35236634)

Using wiping software designed for mechanical disks makes absolutely no sense and the results from this study are 100% predictable.

If people were never surprised by predictable things the entire news industry would take a nosedive and be reduced to a shadow of its current self. It'd fuck up the economy!

Re:wipes are vendor specific (1)

mysidia (191772) | more than 2 years ago | (#35236682)

That said, it would be nice if there was some standard way of doing this.

Wouldn't it be even cooler if they made it part of the ATA [kernel.org] standard itself, so you could send a single disk command to immediately commit to secure destruction of the entire volume.... such that even if someone powered down in the middle of an erase and powered the drive back up, the circuit boards inside the drive would just continue the committed physical media secure erase rather than respond to any further read commands, or enable any type of inquiries/recovery efforts?

How is that different than spinning disks? (1)

jklovanc (1603149) | more than 2 years ago | (#35236256)

It is a commonly known fact that the only way to ensure data is never retrieved from a physical disk whether spinning or SSD is to physically destroy the drive. All other methods short of that have flaws and some data can be retrieved.

Re:How is that different than spinning disks? (2)

firesyde424 (1127527) | more than 2 years ago | (#35236308)

You know, I've never understood this one. If you have written a zero to every sector on the hard drive, including the hidden space, how in the world is it possible to recover any data at all?

Re:How is that different than spinning disks? (3, Informative)

Zironic (1112127) | more than 2 years ago | (#35236386)

It's because the bits in the harddrive aren't actually binary but rather values that are intepreted as 1 or 0. For instance a value of 0.6 would be interpreted as 1 and 0.4 would be 0.

This means that if you look at the exact value rather then the interpretation you can make a guess at what values it has been before.

Re:How is that different than spinning disks? (1)

Archangel Michael (180766) | more than 2 years ago | (#35236714)

If you write out 0s to a disk, and the disk EVER read back a 1 because it was 0.6 then the disk has larger problems than what you're suggesting. You couldn't ever rely upon the bits stored. And by "ever" I mean EVER.

The newer drives, if you wrote 0s out, the density of the data on the platter is so high that it is virtually impossible to recover any data. So writing out 0s is and should be acceptable for 99.99% of the drives. If you are that scared of what is on your drive, just put it into a Magnetic Pulse Machine (Degausser) and then grind it up.

Re:How is that different than spinning disks? (2)

blueg3 (192743) | more than 2 years ago | (#35236740)

This means that if you look at the exact value rather then the interpretation you can make a guess at what values it has been before.

In theory, maybe. In practice, it's simply not possible. The conventional wisdom that you need to overwrite multiple times, or with patterns, or with random noise, or anything other than just a single pass of zeros is nothing but a myth.

Re:How is that different than spinning disks? (3, Informative)

Rashkae (59673) | more than 2 years ago | (#35236436)

By scanning the surface of the platter with specialized equipment, it's possible to detect residual magnetization 'around' the area written by the drive head and determine where there used to be a bit. Actually using this technique to recover anything outside of a laboratory experiment (where the drive was only written to and erased with 0's once) is a myth, however. No one does this, not even CTU.

Re:How is that different than spinning disks? (1)

TheCarp (96830) | more than 2 years ago | (#35236572)

Even so, has it even been demonstrated in a lab environment on a disk manufactured in the past decade or so? I was under the impression (from other discussions) that the "area around" that which is written has become so small as to render this pretty much impossible.

Re:How is that different than spinning disks? (1)

click2005 (921437) | more than 2 years ago | (#35236442)

I didn't RTFA but I'm guessing the wear levelling on SSDs messes up the 'every sector' part. Some sectors get wiped multiple
times while others dont get touched. Writing all zeros is also bad as the magnetic fields from previous data can still be read
(not easily but it is possible). Most modern secure wipes do multiple runs of all zeros, all ones and random data many times.

Re:How is that different than spinning disks? (3, Informative)

gstoddart (321705) | more than 2 years ago | (#35236530)

You know, I've never understood this one. If you have written a zero to every sector on the hard drive, including the hidden space, how in the world is it possible to recover any data at all?

Essentially, residual magnetism [wikipedia.org] and other sciency-bits.

Suffice it to say, simply writing a bunch of zeros doesn't erase all traces of what was on. With old school HDs, you needed to write random data to each location multiple times -- there's a DoD spec for doing it (DoD 5220.22-M).

I believe the article is saying that it doesn't seem to work with SSDs.

Re:How is that different than spinning disks? (2)

bitslinger_42 (598584) | more than 2 years ago | (#35236730)

It is important to note the section on feasibility in that Wikipedia link... Peter Gutmann did the original (public sector) research on recovering overwritten data on MFM hard drives with very low byte densities (by today's standards). Peter revisited the subject [auckland.ac.nz] and found that a single overwrite pass, even if only zeroing out every bit, was sufficient to defeat the technique on "modern" drives (i.e. drives larger than 15GB and made in the past 5-7 years).

Re:How is that different than spinning disks? (1)

Guspaz (556486) | more than 2 years ago | (#35236732)

No, it wouldn't work, but only because SSDs are copy-on-write by nature, and have large amounts of spare space hidden from the OS. However, using an SSD's built-in secure erase functionality, which triggers an erase cycle on every single block of the SSD, would be sufficient; a flash cell with no electrons in the floating gate isn't going to reveal any secrets.

It should be noted that the multiple rewrites thing is only require for "old school" HDDs. Modern magnetic HDs only need a single pass (as referenced by the wikipedia article that you cite).

Re:How is that different than spinning disks? (0)

Anonymous Coward | more than 2 years ago | (#35236630)

Depends on the level of threat you're defending against - if you're defending against someone with normal level resources (i.e., communicating over the normal access ports), it's not possible.

If you're defending against someone with a mangetic-force-microscope, then it it is possible as they can read residual magnetic fields. Whether your local law enforcement authority and / or other organisations have access to this or would use it on your particular case is another question.

One thing though - reducing the platters to slag is often vastly faster than zeroing every sector (minutes instead of hours); and can be done even if the drive is otherwise non-functional.

SSDs shake things up because 1, the chips are standard so you don't need a magnetic force microscope, just something to drive the chips directly, and 2, the 'drive' that the computer sees is something of an emulation; the true layout on flash can be different due to wear levelling and suchlike and vast tracks might not be accessed at all when written with zeros. If the attacker bypasses the firmware and directly reads from the flash chips (not especially difficult if crack open the case and you think about it), who knows what they could find?

(Or if the attacker knows some undocumented 'raw read sectors' or something in the firmware?)

Because things are really analog not digital ... (1)

perpenso (1613749) | more than 2 years ago | (#35236662)

You know, I've never understood this one. If you have written a zero to every sector on the hard drive, including the hidden space, how in the world is it possible to recover any data at all?

Because digital is just a convenient abstraction for our analog reality. Here's a gross simplification. A bit is just a magnetic blob on a large plane of magnetic media. When a read/write head returns to a particular spot it does not return to exactly that same position, close but not exact. As the platter spins and it lays down a track of these magnetic blobs it may write the new track a little bit to the side of the old track. This partly motivates wiping software writing data seven or more times, it wants to increase the likelihood of getting the old data.

Try this: Take two hilighters, one yellow and one a darker color. Draw a yellow line. Now draw on top of that line with the other color. See any pure yellow peeking through on the edges? That yellow is like the area where data recovery people will use highly specialized equipment to read "overwritten" data.

Re:How is that different than spinning disks? (0)

Anonymous Coward | more than 2 years ago | (#35236774)

Various forms of physical scanning of the drive. While it makes the data unreadable for the standard drive electronics, more sophisticated devices exist which can read the magnetic 'stripes'/residual voltage imprints on the cells (for flash based stuff), and potentially determine, depending on the level of ambiguity, what the most probable long term state of that bit was, and by doing this come to a relatively high probability of what the byte/block/sector/etc contained, data-wise.

Now actually going across multiple gigabytes or terabytes, etc of information and managing to recover useful information seems a bit far fetched, that doesn't mean there aren't advanced forensic tools written capable of doing this. While I'm sure China for example has the manpower to recover terabytes of data, by hand if necessary, I just don't see the manpower being there to do this for most other governments without ridiculously comprehensive software, and probably dozens or hundreds of systems chewing over the recovered data in order to find the proper way to reassemble it.

Re:How is that different than spinning disks? (1)

Roskolnikov (68772) | more than 2 years ago | (#35236716)

Wear leveling for flash....

my 120GB OCZ disk has 128GB of space, 8 reserved for dead cells and for wear leveling.

so write 120GB of data to the disk (fill it) remove a text file full of passwords, fill the disk.

the result (if all cells have the same number of uses) would/could be that the SSD in the interest of wear leveling will take lower used cells from the reserve
and leave the cells that I just erased unused.

but heres the problem.

1. all secure data should be, well, secure, encrypted or otherwise
2. this makes a lot of assumptions about the state of the drive, its possible but its going to very difficult (if at all feasible) for anyone but professionals from pulling data off.

if your worried about this and choose not to encrypt running a traditional disk wipe with 3 or 7 pass, wear leveling should still scramble the remaining bits so long as you fill the disk.

Chicken Little was right.

what, you don't have a firepit? (1)

swschrad (312009) | more than 2 years ago | (#35236290)

excellent tool for neutering storage. build up a roaring fire with about 6 inches of coals, and then toss the hard disk into it. retrieve in morning, dump in trash. done.

Re:what, you don't have a firepit? (1)

ColdWetDog (752185) | more than 2 years ago | (#35236356)

excellent tool for neutering storage. build up a roaring fire with about 6 inches of coals, and then toss the hard disk into it. retrieve in morning, dump in trash. done.

Don't be so sure [universetoday.com] of that.

And now, data recovery experts announced they were able to salvage scientific data from a charred hard drive.

Said hard drive deorbited on the Columbia.

What NASA sent to Kroll Ontrack was almost unrecognizable as a hard drive. Jon Edwards, a senior clean room engineer at the company said that the circuit board on the drive was burned beyond recognition and that all its components had fallen off. Every piece of plastic on the 400 MB Seagate hard drive had melted, and the chips were burned.

Re:what, you don't have a firepit? (2)

tragedy (27079) | more than 2 years ago | (#35236602)

Sure, but the drive casing probably didn't break open. It would have been made of aluminum, most likely, which isn't the best heat sink, but is better than nothing. The heat it was exposed to was probably intense but brief. So, the platters inside the drive were probably only exposed to a small amount of heat for a short period of time. The overnight fire that the grandparent post referred to would be hundreds of times longer and probably hotter too.

Pure crap (0)

Anonymous Coward | more than 2 years ago | (#35236304)

If you use the proper erase methods (solid state or other) then it doesn't matter. If you need to destroy the data simply put it on a cookie sheet and put it in the over on broil for 30 minutes.

Re:Pure crap (1)

eagl (86459) | more than 2 years ago | (#35236526)

If you use the proper erase methods (solid state or other) then it doesn't matter. If you need to destroy the data simply put it on a cookie sheet and put it in the over on broil for 30 minutes.

Wifey hates the smell of burning plastic in the oven. Don't ask me how I know this.

Just don't do secure data (1)

Murdoch5 (1563847) | more than 2 years ago | (#35236306)

Okay so it's not so secure, for secure data use secure highly encrypted mediums. If you encrypt the data on the SSD does it matter how much is left, if you end up with encrypted data how can anyone use it with no clue on how it was encrypted, for going good crackers and hackers. I'd assume there not pulling off full data, just fragmented data so that's even harder to put together.

dd (1)

hwk_br (570932) | more than 2 years ago | (#35236322)

Didn't RTFA, but how dding zeros to the device?
dd if=/dev/zero of=/dev/sdb should work on everything...
I remember something about a prize for recovering data from a zeroed HD...

Re:dd (3, Informative)

Zironic (1112127) | more than 2 years ago | (#35236430)

According to RTFA they can recover almost 100% of the data from a 0'd HD, 90% of the data from a randomed HD and 1-10% from a HD that has run extremely extensive random HD passes (Like Gutmann)

This is due to SDD's working differently then the standard HD's.

Re:dd (1)

Anonymous Coward | more than 2 years ago | (#35236496)

I assure you, a single pass of writing zeros to any drive isn't a secure way of erasing data. Even multiple passes of /dev/urandom will only make it extremely difficult for all but the most determined person(s).

truecrypt (5, Insightful)

SharpFang (651121) | more than 2 years ago | (#35236344)

encrypt the data before writing. at no point in its existence will it appear anything but white noise to unauthorized parties.

Re:truecrypt (1)

pentalive (449155) | more than 2 years ago | (#35236756)

The "unauthorized parties" will use a $5.00 wrench to beat you until you tell them the password or as in the case of Great Britain, throw you in jail until you remember it.

Confidential data not safe on unencrypted storage (0)

Anonymous Coward | more than 2 years ago | (#35236394)

What are you doing? Why are you writing confidential data to unencrypted storage?

Data recovery (1)

Lorien_the_first_one (1178397) | more than 2 years ago | (#35236410)

I guess what concerns me the most about SSDs is data recovery. Is that any harder on SSDs than regular disks? Or is data recovery a moot point since there are no moving parts?

Re:Data recovery (1)

dgatwood (11270) | more than 2 years ago | (#35236586)

Well, it's a wash, based on the last stats I read. (I forget where I read the article.) With SSDs, you have no moving parts, which makes them much, much more reliable in portable devices (laptops, iPods, and so on). However, you have many more solder joints to crack, so you have a much greater chance of a thermally-induced failure than you would with a hard drive.

The real advantage of SSDs as far as data recovery goes is that you don't need a clean room to work on them. The majority of failures in electronics are caused by broken solder joints on the board, which can be repaired by anyone who owns proper reflow soldering tools.

The one place where SSDs are at a disadvantage is that a board failure on a hard drive can be repaired by swapping the boards in many cases, whereas a board failure on a SSD requires actually diagnosing the board, and in the worst case, unsoldering the flash parts and soldering them to a new board. Even still, the whole "anybody with reflow tools" rule makes that not nearly as bad as it sounds.

Certainly a lie (0)

Anonymous Coward | more than 2 years ago | (#35236444)

No doubt.

done (0)

Anonymous Coward | more than 2 years ago | (#35236452)

dd if=/dev/urandom of=/dev/sda

It is difficult (2)

crow (16139) | more than 2 years ago | (#35236454)

You can't do a secure erase from software, because data may still exist in blocks that were remapped by the firmware due to errors or for write leveling. When you write to an SSD, the new data goes in a free block, and the old block is marked free. To do a real secure erase, you have to work with the SSD firmware, and even then, you can't be sure if data may still exist on bad blocks that can't be written to.

So the only way to be sure is to physically destroy it, and flash is reliable enough that it's difficult to be certain that you've truly destroyed it.

So as everyone else is saying, the only good solution is to encrypt everything, and don't store the keys in flash.

Secure erase option (1)

eagl (86459) | more than 2 years ago | (#35236510)

A couple whacks with a hammer still works great. Remove the circuit board from the case, give each chip a little love tap with a ball peen hammer. Problem solved without waiting hours for the thing to "secure erase".

Concerned about losing resale value? Security costs money, period. If you want real security, sometimes you have to take some financial responsibility and accept the loss of resale value in exchange for real security. Price of doing business.

Once you put it on... (1)

fahlesr1 (1910982) | more than 2 years ago | (#35236532)

"Makes you think twice about storing data on SSDs — once you put it on, getting it off isn't so easy."

My 12 gauge begs to differ. Pull!

Technique for recovery (1)

DieNadel (550271) | more than 2 years ago | (#35236534)

For once I've read the paper :-)

But I could not find a description of the technique utilized to recover the files.

They say that an "advanced hacker" will be able to recover the files, but I'd like to know how.

I have a cheap solution... (0)

Anonymous Coward | more than 2 years ago | (#35236556)

bring the hammer down!

Overwrite (0)

Anonymous Coward | more than 2 years ago | (#35236568)

Simple solution: overwrite.

Re:Overwrite (1)

compro01 (777531) | more than 2 years ago | (#35236754)

The problem is that doesn't work due to wear leveling. The virtual area you're overwriting isn't necessarily the same physical area that holds the data you want gone. Even wiping the entire thing doesn't do it, thanks to spare blocks.

Summary (5, Informative)

Orgasmatron (8103) | more than 2 years ago | (#35236620)

Block storage devices have more capacity than they report. Magnetic disks keep a small reserve of unallocated blocks as a hedge against blocks that fail in use. SSDs keep a much larger reserve because they can only erase in increments that are relatively large compared to their block size.

If you overwrite a sector on a magnetic disk, you will almost always destroy all traces of the old data. The exception is when the drive thinks the old sector has failed or is about to fail, in which case you get an entirely new sector, and your old data is still (possibly) on the old sector. Attacks using magnetic force microscopes to read data from track fringes were possible a decade ago, but there is no reason to think it is possible on a modern drive.

If you overwrite a sector on a SSD, the SSD gives you a whole new block from a list of free blocks, and adds the address of the old block to the list of deleted blocks. Blocks are moved from the deleted list to the free list when the SSD has some free time, or when one is really needed. There is currently no mechanism to force the SSD to actually erase a sector.

This is all known, and there are mechanisms built into the specs to provide a secure erase. What their research is showing, however, is that these mechanisms don't always work. A number of them are buggy, and at least one just plain lies, claiming to have done the secure erase, but actually just doing the normal pointer update trick just like any other write.

Secure Erase (0)

Anonymous Coward | more than 2 years ago | (#35236664)

I actually own an SSD myself. As I understand it, the drive is encrypted by default, and the "Security Erase" method simply drops the internal encryption key from the drive. Without that encryption key, all the previous data is encrypted using AES-128 which would just appear to be white-noise.

I don't understand why this method wouldn't work, unless the unit leaks that key?

Good thing? (1)

LoudMusic (199347) | more than 2 years ago | (#35236712)

This sounds like a good thing to me. Better chances of getting data back from failed hardware. Or getting data from a device that a numbskull disgruntled employee thinks they've intentionally ruined.

If you actually WANT to destroy the data, others here have mentioned the proper methods. I like to rely on the .45 at high velocity, but open flames work well too.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...