Tim's blah blah blah

Securely wiping SSDs

(Updated: )

Wiping data carriers can protect personal data when reselling these. Since SSDs have quite some error-handling and buffering logic, these are more difficult to wipe.

I document my best-known method here. TL;DR: as commenters pointed out, ideally use OS-level encryption, then throw away the key. Alternatively, built-in security erasing via hdparm, combined with shred.

Securely wiping data carriers

Securely wiping SSDs is more difficult because the SSD ’thinks’ for itself on when to write or delete data, not always obeying the user commands to optimise performance or durability. Below are some means to (partially) overcome this.

See more info on this here:

Preparation

For the below commands I made a Lubuntu Live CD (lubuntu.net) using unetbootin (github.io) on my Mac (10.14). I chose Lubuntu because it’s a complete distro but with 1GB more manageable than Ubuntu at 3GB. If the 1GB is still too big, one could use Damn Small Linux or other flavour.

shred

Simple yet (moderately) effective, shred(1) (die.net) overwrites files or devices. For example:

sudo shred -n 1 -z /dev/sda1

to wipe a disk randomly once, then overwrite with zeros. Note that this comes with the caveats mentioned above, and is not definitive. I added this in my wiping sequence because it at least helps a bit (bad reason, I know).

Built-in security measures

SSDs appear to have built-in security measures to encrypt or wipe them. Not sure how this works, so whether you trust this is up to you. My Samsung SSD had this feature. For example:

DBAN - Darik’s Boot and Nuke

This one doesn’t work anymore (for me). After having some trouble making a bootable USB stick, the prompt fails because it cannot find /proc/cmdline somehow. It seems the software is now sold as commercial version and the free version is unmaintained.

#Linux #Security