Gregory's ServerCompliance is the root of all evil. So, you want to destroy the SSD? Drill all SSDs. Destroyed finally. All data is safe. Let’s go home.
The SSDs:
 148 comments
 @nixCraft I worked with a piece of military kit many years ago that didn't have a built-in secure erase (or zeroise, as we used to call it). Instead, there was a red sticker on the back of it and users were instructed to apply the muzzle of a pistol to the red dot and fire one round directly through the flash chip. i had a mate ran a computer recycling business. He offered a Premium Secure Data Deletion service. 16 yr old son with a big fucking hammer! 😂 @HereToChewGum @tryst @nixCraft my prefered solution was an old TIG Welding machine with 200A wand a foot padle. You can run tousands/hour and the temprature erases every part of storage left. @nixCraft It looks like empty space, but that's actually where the data is stored: it's filled with cloud particles. Drilling a hole allows the data to escape. :meow_googlytrash:   @nixCraft My "favorite" (reason to want to commit murder) is when a person or corporation is trying to destroy their data before selling a laptop, so they just drill random holes through the entire laptop. Only to still miss the hard drive half the time, leaving it ironically the only salvageable part.  @OpenComputeDesign @nixCraft they’ll learn not to do that very quickly the first time they drill through a lipo cell @nixCraft Er, NIST says "Shred, Disintegrate, Pulverize, or Incinerate by burning the device in a licensed incinerator" to destroy an SSD. This is hilarious but compliance isn't *as* terrible IF the standards aren't bullshit. https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-88r1.pdf    Just today I saw screenshots of a ebay listing for a MacBook with holes drilled through the soldered-down flash chips and the motherboard underneath them. But at least all other parts work I suppose? And it might even still be able to boot from external storage. @nixCraft@mastodon.social this is especially frustrating since the secure erase command for SSDs is pretty much anti forensic  @nixCraft EDIT: Been answered. I would imagine even if they had hit the board if they miss the chip itself they risk that some expert could recover data from it anyway. I don't know much about it, but isn't the old fashioned write 10x or so still effective even on SSDs? I know things get remapped and wear cycling even has reserved parts, but enough writes of random data should fully clear it eventually, right? (Though not sure if 10x is right or not with SSDs. That's from magnetic media.)  @nazokiyoubinbou @nixCraft there is a point of overwrites where every flash cell has been changed. But, that costs loads of disk wear. Instead, one can issue a data secure erase command to drop all data, that even restores some write performance @4censord @nixCraft I know about erasing blocks, yeah. But I presume we're talking about extreme measures when someone goes as far as to actually drill holes in it. In theory it's possible to recover old data from erased cells -- or at least so I've heard. Presumably the idea here is to ensure that is no longer possible. Sure is wasteful as heck to drill it IMO. @nazokiyoubinbou @nixCraft the secure erase thing uses encryption to prevent data recovery. https://wiki.archlinux.org/title/Self-encrypting_drives @nazokiyoubinbou @4censord @nixCraft Technically, TRIM erases pages. Pages on a flash chip can contain several blocks. Erasing a single flash page is basically the voltage spike, but to only the one page and for a shorter time. The chip-level erase lasts longer in part to make sure everything gets fully saturated. Different trigger and different scale of effect, but it’s the same mechanism.  @4censord  @4censord @nazokiyoubinbou @nixCraft This only works on SSD drives that supports this feature. @nazokiyoubinbou @nixCraft well, the reserved parts oft the SSD are often not accessible via the normal SSD data controller. So rewrite often works not 100%.  @nazokiyoubinbou @nixCraft Maybe I’m missing something, but with SSDs it’s just better to encrypt the content of the drive. Destroying the key then effectively erases the data. @melgu @nixCraft I mean someone going extreme enough to drill through them is presumably assuming that an attacker might be able to extract data, so I would assume they would not trust encryption to be absolute either. (There are also other side effects like performance loss if it uses a complex enough encryption to be worthwhile.) Either way though, a full cell erase should be sufficient. No need to be super wasteful and destructive. @nazokiyoubinbou @nixCraft Isn’t drive encryption / decryption done in hardware these days anyways? @nazokiyoubinbou @nixCraft I did? I was only talking about the performance loss due to the encryption. All your points are valid, though. @melgu @nazokiyoubinbou @nixCraft I don't see that flushing the key is particularly future proof. The data remains only whilst the encryption remains strong. @nazokiyoubinbou @nixCraft Overwriting 10x is only sensible for (very) old hard disks or floppy disks with wide tracks. Current hard drives pack tracks so close that writing one may impact neighbouring tracks. So overwritung the complete disk once (e.g. 'dd bs=1M </dev/zero >/dev/sdX' on linux) will do the trick. On SSDs, due to wear leveling algorithms parts of data may survive overwriting in spare sectors but reading date from there will be hard. @nazokiyoubinbou Full disk encryption with e.g. LUKS also is a good first line of defense. @nazokiyoubinbou @nixCraft Use disk encryption from the start and without the key all data on the disk looks random.  @nixCraft The only way to be 100% sure the data is destroyed is to eat the drives. Eat them.  @the_q@mastodon.social @nixCraft@mastodon.social what if you poop out the bits    @nixCraft I explained that no amount of erasing or formatting will do, but after drilling, the drives could be safely disposed of. I never explained what exactly makes the hole so secure. I never told them that things may work differently twenty years later 🤔 I would not trust that if one is a criminal. A lot of data could potentially be recovered.  When Fujitsu had HDD issues around 2000, and a lot were returned under warranty, they had a guy sitting in the parking lot hitting them with a hammer and throwing them in a big skip bin. Sure, the circuit board were cracked, but they could be changed quickly. The data on the platters was still intact.  @SuperMoosie @nixCraft quitter 😜  Aren't there shredding services made specifically for harddrives? But lemme guess, OP's company is too cheap for even that.  My first thought: Don't you need to drill ALL of the chips? My next thought: Don't you need to drill ANY of the chips?!  @nixCraft I've destroyed disks in my log burner in the past. The thing easily gets hot enough to melt aluminium so data destruction is assured :) @nixCraft that procedure isn't for destroying data, it's to prove to the manufacturer that you've destroyed the SSD so that you receive an RMA replacement but keep the drive. Destruction happens afterwards.  Might work as an anti-theft measure for stored drives. Thief sees hole, assumes is bad, leaves in drawer.     @nixCraft   @nixCraft If you watched Mr Robot another good approach is to disassemble pry off the memory chips and throw them in the microwave, i typically disassemble use a hammer and sandpaper for platter disk based drives @nixCraft what if you missed the cheap USB thumb drive with the drill hole?     @nixCraft@mastodon.social bruh @nixCraft Lessons learned: drill at several places, best near the connector - at least for this type. Old boss, years ago, told people to destroy old CDs by scratching the back with a knife. Like that was going to help. They weren't LP 33 1/3rds I even showed him that the computer read the data just fine afterwards. Wouldn't listen. @nixCraft @nixCraft Encryption is not security: not because it's technically insurmountable, but because there's usually someone holding a gun to your head asking for your password. So destruction makes sense... However, m.2 are easier to destroy: lining them up on train tracks might be a solution. One warning. Do not try this at home!  @nixCraft Drilling a HDD makes sense. (Taking them apart and stripping the magnets is so much more fun though) But drilling an SSD????? That sounds like a typical german thing to do. "We've done it always like that"  @nixCraft Fortunately I have access to facilities that permit the "Give 'em both barrels!" approach. @nixCraft Why do you want to destroy such valuable equipment?! Why don't you just encrypt them, and throw away the encryption key afterwards? Decrypting afterwards is practically impossible. Producing this equipment took a lot of energy and CO2, which is wasted if you just destroy it. @nixCraft Why do you want to destroy such valuable equipment?! Why don't you just encrypt them, and throw away the encryption key afterwards? Decrypting afterwards is practically impossible. Producing this equipment took a lot of energy and CO2, which is wasted if you just destroy it.   @nixCraft ROFLMAO! The only safe method is to fully encrypt all SSDs from the start of the use and then use   @nixCraft What's the bet this was a drill in a jig set up for a traditional hard drive?  |
Image is from the bird site https://x.com/_inforea/