On Tue, February 9, 2016 16:05, Chris Murphy wrote:
On Mon, Feb 8, 2016 at 11:18 PM, John R Pierce pierce@hogranch.com wrote:
On 2/8/2016 9:54 PM, Chris Murphy wrote:
Secure erase is really the only thing to use on SSDs. Writing a pile of zeros just increases wear (minor negative) but also doesn't actually set the cells to the state required to accept a new write,
Secure erase of an SSD, or any solid state device, is problematic.
See: http://www.techrepublic.com/article/erasing-ssds-security-is-an-issue/
The CSE requires physical destruction of these devices through pulverisation or incineration. See: https://cse-cst.gc.ca/en/system/files/pdf_documents/itsg06-eng.pdf
The USDOD leaves disposal protocols to the individual commands.
Essentially, due to the way data is stored on SSDs, it is impossible to access every memory cell during a software driven wipe; no matter how many passes are made. The possibility of significant fragments of residual data remaining is always greater than zero.
However, if you entirely encrypt an SSD, BEFORE adding any confidential material, then secure destruction is assured by 'forgetting' the key. But encrypting an SSD after the material is put on it is not sufficient.
-
James B. Byrne