On Tue, February 9, 2016 16:05, Chris Murphy wrote:> On Mon, Feb 8, 2016 at 11:18 PM, John R Pierce <pierce at
hogranch.com>
> wrote:
>> On 2/8/2016 9:54 PM, Chris Murphy wrote:
>>>
>>> Secure erase is really the only thing to use on SSDs.
>>> Writing a pile of zeros just increases wear (minor negative)
>>> but also doesn't actually set the cells to the state required
>>> to accept a new write,
Secure erase of an SSD, or any solid state device, is problematic.
See:
http://www.techrepublic.com/article/erasing-ssds-security-is-an-issue/
The CSE requires physical destruction of these devices through
pulverisation or incineration. See:
https://cse-cst.gc.ca/en/system/files/pdf_documents/itsg06-eng.pdf
The USDOD leaves disposal protocols to the individual commands.
Essentially, due to the way data is stored on SSDs, it is impossible
to access every memory cell during a software driven wipe; no matter
how many passes are made. The possibility of significant fragments of
residual data remaining is always greater than zero.
However, if you entirely encrypt an SSD, BEFORE adding any
confidential material, then secure destruction is assured by
'forgetting' the key. But encrypting an SSD after the material is put
on it is not sufficient.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3