

Erase your disk: Secure and fast. - damln
http://www.damln.com/log/fast-disk-secure-erase/

======
martinp
I'm pretty sure SSDs can't be securely erased the same way as traditional
drives. This is mainly due to the inherit characteristics of flash memory and
the way that the firmware writes data to the NAND (wear-leveling, TRIM etc. is
unpredictable).

ATA secure erase is the recommended method last I checked.

------
bradleyland
No offense to Damian, but be very careful about accepting the assertion that
something is secure. I'm not a security expert, but I am part of the way
through the Matasano cyrpto challenges, and my #1 take-away has been that what
you _think_ is a secure design rarely is when held to a high level of
scrutiny.

The approach the author has taken here would appear to suffer from similar
weaknesses present in block ciphers (e.g., AES ECB). The context here is not
specifically encryption, but recovering data from "wiped" drives shares some
aspects with encryption. Specifically, statistical analysis of the drive
state.

Repetition of a block of data will allow an attacker to exploit that pattern
in developing statistics about the data that was there before.

In other words, writing a repeating string of random bits is no more secure
than writing all zeros.

------
wulczer
I thought most disks nowadays support Secure Erase, so there's no need to futz
around with dd.

<https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase>

------
lenazegher
>As you probably read in advanced security blogs, 7 passes on a disk is a
strong erasing option

Is there a single confirmed case of anyone, anywhere recovering any data from
a disk that has been overwritten with 0s with dd?

~~~
accatyyc
I wonder the same thing. How can 7 random passes be any more secure than 1
pass with random 0's? This must be one of the IT worlds biggest (false) myths.

I mean, If there are (recoverable) traces of the previous data after one pass,
how can I be sure that my newly written data isn't corrupt? 1 bit should be 1
bit, right?

Please, can anyone demystify this myth, or is it just something everyone
accepts?

------
blutack
Darik's Boot & Nuke is my usual goto.

<http://www.dban.org/>

------
TazeTSchnitzel
I should make a REST API providing a secure erase service. Simply send your
bytes in the POST body and a set of bytes to erase them with is returned!

------
fleitz
If you really want to erase your drive quickly encrypt it with an external
key... Erase the key, erase the drive.

~~~
damln
Probably the best way. But what about an old hard drive we used 4 years ago
without encryption?

