alt Hacker NewsAnd this is why you always encrypt the drive with software. All of these methods seem to put a lot of faith into the drive controller doing what it claim it does, which you can never be all that sure about. Even Microsoft-backed Bitlocker would help here.
Replies
Bitlocker can rely on the SSD encryption, so careful there too.
Indeed, LUKS + F2FS for /home with an external key file imported into initrd solves a lot of issues.
Primarily, when an SSD slowly fails the sector replacement allotment has already bled data into read-only areas of the drive. As a user, there is no way to reliably scrub that data.
If the drive suddenly bricks, the warranty service will often not return the original hardware... and just the password protection on an embedded LUKS key is not great.
There are effective disposal methods:
1. shred the chips
2. incinerate the chips
Wiping/Trim sometimes doesn't even work if the Flash chips are malfunctioning. =3
100%. If you’re not encrypting your drive, along with a strong password, you’re fucking around.
Physical destruction as the only sure way? When your hardware is stolen, good luck physically destroying it.
For SATA SSDs i've used the hdparm secure erase and then verified that dd | hexdump is all zeros. That was good enough for me.