PSA: SSDs Are Difficult To Securely Erase (Update: Well, They Can Be)

Next Story

New Final Cut Pro Is Real, And It's Spectacular (And It's Expected Spring 2011)


Update: As some have pointed out (thanks Robert and others), it’s not that SSDs are fundamentally difficult to erase exactly, but that methods well-known as ways to securely delete data are ineffective. Lenovo and Intel, among others, offer tools specifically designed for securely deleting drives, so be sure to avail yourselves of their solutions if you find yourself in need of irreversible erasure.

If you’re in a business that handles sensitive information, or are just conscientious about your privacy, you might want to read this study on SSD erasure. As you know, there are ways of erasing traditional magnetic hard drives that are more or less totally irreversible. Writing all zeros, writing garbage, zeroing again, and so on. After a few cycles it’s fresh and clean.

SSDs are a different beast, though, and right now it looks like most SSDs aren’t really equipped to fully delete data. The issue lies in the fact that the system driver that lives on your computer sends data to the SSD to be written, and the SSD’s onboard controller writes it… but where your system thinks it is and where the SSD controller actually writes it don’t really match up.

Think of it like a coat check. You go and drop off your coat and a few of your friends’ coats as well. As far as you’re concerned, your coats are “at the coat check.” But in reality the coat is at position X, indicated by whatever’s on the ticket, and the coat check people really know where your data is. In a similar way, your computer knows where your data is, but doesn’t actually know (and can’t know, since these on-SSD systems aren’t standardized yet) where exactly it is on the SSD. And for some reason when it tries to erase things securely, it doesn’t erase where that data is, only where it thinks it is.

Something like that, anyway. The end result is that it’s very difficult to erase SSDs by the old method. The solution? Encrypt your drive from the start and then lose the key when you need to erase. They may fix this make this more intuitive in the future, but for now that’s your best bet.

The full study can be found here (PDF).

[via TechWorld and Lifehacker]

blog comments powered by Disqus