Asklemmy

43159 readers

1789 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
[email protected]: a community for finding communities

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago

MODERATORS

[email protected]

111

How do I wipe a modern SSD to prevent data recovery? (lemmy.world)

submitted 3 months ago by [email protected] to c/[email protected]

72 comments fedilink hide all child comments

I understand traditional methods don’t work with modern SSD, anyone knows any good way to do it?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 23 points 3 months ago* (last edited 3 months ago) (1 children)

For all average user requirements that just involve backups, PII docs, your sex vids, etc (e.g. not someone who could be persecuted, prosecuted, or murdered for their data) your best bet (other than physical destruction) is to encrypt every usable bit in the drive.

Download veracrypt
Format the SSD as exFAT
Create a new veracrypt volume on the mounted exFat partition that uses 100% of available space (any format).
open up a notepad and type out a long random ass throwaway password e.g. $-963,;@82??/@;!3?$.&$-,fysnvefeianbsTak62064$@/lsjgegelwidvwggagabanskhbwugVg, copy it, and close/delete without saving.
paste that password for the new veracrypt volume, and follow the prompts until it starts encrypting your SSD. It'll take a while as it encrypts every available bit one-by-one.

Even if veracrypt hits a free space error at the end of the task, the job is done. Maybe not 100%, but 99.99+% of space on the SSD is overwritten with indecipherable gibberish. Maybe advanced forensics could recover some bits, but a) why the fuck would they go to that effort for a filthy commoner like yourself, and b) what are the chances that 0.01% of recoverable data contains anything useful!?! You don't really need to bother destroying the header encryption key (as apple and android products do when you wipe a device) as you don't know the password and there isn't a chance in hell you or anyone else is gonna guess, nor brute force, it.

[+] [email protected] 21 points 3 months ago* (last edited 3 months ago) (2 children)

[deleted]

[–] [email protected] 2 points 3 months ago (2 children)

If you want to keep/sell the drive...

Fill up the rest of the usable space
Encrypt the drive
Throw away the encryption key/password
Hard format (writing zeroes to every bit, sorry if that's the wrong term

Is that the best strategy? Or is anything outside of 2 and 3 redundant?

[–] [email protected] 9 points 3 months ago (2 children)

You can’t fill the drive. The drive decides when to use its buffered free storage blocks. It’s at the hardware level and only the Secure Erase command will clear it.

[–] [email protected] 2 points 3 months ago

Right, I read some more of the comments and realized that's what some of the "unreported space" is used for. Makes sense, thanks!

[–] [email protected] -1 points 3 months ago (1 children)

You fill up the usable space. Or the visible space. No one will disamble the device and read from the raw storage.

[–] [email protected] 2 points 3 months ago

Then why do that when you can do a secure erase in seconds?

[–] [email protected] 1 points 3 months ago (1 children)

a) why the fuck would they go to that effort for a filthy commoner like yourself, and b) what are the chances that 0.01% of recoverable data contains anything useful!?!

Nobody is gonna bother doing advanced forensics on 2nd hand storage, digging into megabytes of reallocated sectors on the off chance they to find something financially exploitable. That's a level of paranoia no data supports.

My example applies to storage devices which don't default to encryption (most non-OS external storage). It's analogous to changing your existing encrypted disks password to a random-ass unrecoverable throwaway.