I understand traditional methods don’t work with modern SSD, anyone knows any good way to do it?

  • otp@sh.itjust.works
    link
    fedilink
    arrow-up
    6
    arrow-down
    3
    ·
    7 months ago

    If you want to keep/sell the drive…

    1. Fill up the rest of the usable space
    2. Encrypt the drive
    3. Throw away the encryption key/password
    4. Hard format (writing zeroes to every bit, sorry if that’s the wrong term

    Is that the best strategy? Or is anything outside of 2 and 3 redundant?

    • Brkdncr@lemmy.world
      link
      fedilink
      arrow-up
      8
      ·
      7 months ago

      You can’t fill the drive. The drive decides when to use its buffered free storage blocks. It’s at the hardware level and only the Secure Erase command will clear it.

      • otp@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        Right, I read some more of the comments and realized that’s what some of the “unreported space” is used for. Makes sense, thanks!

      • _edge@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        7 months ago

        You fill up the usable space. Or the visible space. No one will disamble the device and read from the raw storage.

    • Skull giver@popplesburger.hilciferous.nl
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      “Best” depends on your needs.

      I’m not sure if filling up the entire drive is necessary. Nothing wrong with doing a dd if=/dev/urandom of=/dev/nvme1 to randomise the drive itself, but I don’t think most people are affected by the kind of information you can derive from what sectors are/aren’t written to.

      Writing zeroes to every bit is useless because of the automatic remapping; it mostly serves to wear down the device if you use decent encryption. There are only so many write+erase cycles each cell can go through before it breaks, so I try to avoid doing large writes on purpose. Try a secure erase from either your UEFI GUI, but good encryption prevents the need for a full format.

      Personally, I let my drives fill up over time. I trust LUKS enough to handle the encryption, and I don’t think anyone who’s going to be buying this SSD off me is going to send it off to a forensic data lab to analyse what the average size of the files I worked on was. So, my personal approach:

      1. Buy a drive from a reputable brand with no known obvious firmware bugs (Sandstorm, anyone?)
      2. Encrypt the drive
      3. Throw out backup key(s)
      4. Issue secure erase command