I understand traditional methods don’t work with modern SSD, anyone knows any good way to do it?

  • Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    English
    arrow-up
    2
    ·
    6 months ago

    “Best” depends on your needs.

    I’m not sure if filling up the entire drive is necessary. Nothing wrong with doing a dd if=/dev/urandom of=/dev/nvme1 to randomise the drive itself, but I don’t think most people are affected by the kind of information you can derive from what sectors are/aren’t written to.

    Writing zeroes to every bit is useless because of the automatic remapping; it mostly serves to wear down the device if you use decent encryption. There are only so many write+erase cycles each cell can go through before it breaks, so I try to avoid doing large writes on purpose. Try a secure erase from either your UEFI GUI, but good encryption prevents the need for a full format.

    Personally, I let my drives fill up over time. I trust LUKS enough to handle the encryption, and I don’t think anyone who’s going to be buying this SSD off me is going to send it off to a forensic data lab to analyse what the average size of the files I worked on was. So, my personal approach:

    1. Buy a drive from a reputable brand with no known obvious firmware bugs (Sandstorm, anyone?)
    2. Encrypt the drive
    3. Throw out backup key(s)
    4. Issue secure erase command