Ubuntu – What do you use to wipe an SSD short of a hammer

ssd

So it's been stated in other questions that you can't wipe / secure erase an SSD with the same tools that you use to wipe a regular hard drive. This was for two reasons, the first was that you could wear out the drive if you do it regularly and the second was that it actually is ineffective at overwriting old data. The first I get as it pertains to TRIM and "wear leveling" etc., the second I don't. Be that as it may, what would you use to securely erase an SSD, assuming the above?

Best Answer

Honestly, I'm not buying into either premise.

First, I'm not sure what is meant by regularly but I can't imagine wiping an SSD often enough to wear it out. I have several systems with SSD drives that I use daily and some of them I have wiped occasionally.

Second I see no problem with using dd or dc3dd to wipe an SSD. If there is concern over the wear levelling algorithm leaving data behind in "spare" sectors, several runs should do the trick. How many runs are "secure" will certainly be a matter of opinion.

Recommended:

dc3dd wipe=/dev/sdX where sdX is the drive (ex. sda, sdb, sdc,). You can also specify pattern=HEX (write HEXadecimal value to every byte of the output) textpattern=TEXT (write the string TEXT repeatedly to the output)

Alternately:

You can blast a drive full of zeros (fast) or random or semi-random data (more secure)with dd as follows:

sudo dd if=/dev/zero of=/dev/sdX where sdX is the drive (ex. sda, sdb, sdc,) changing /dev/zero to /dev/random or /dev/urandom will change to filling the with random data instead of zeros

Note: I read some test results that indicate that The dc3dd tool can be used for a variety of forensic tasks (e.g., disk imaging or wiping media for reuse).

In all the test cases run against dc3dd version 7.0.0, all visible sectors were successfully overwritten. Sectors hidden by an HPA (FMP-03-HPA and FMP-03-DCO-HPA) were also overwritten; however, sectors hidden by a DCO were not removed (FMP-03-DCO and FMP-03-DCO-HPA). By design, the tool does not remove either Host Protected Areas (HPAs) or DCOs. However, the Linux test environment used (Ubuntu 10.04 LTS) automatically removed the HPA on test drives, allowing sectors hidden by an HPA to be overwritten by the tool.

Test case source: conducted for the U.S. National Institute of Justice by the Office of Law Enforcement Standards of the National Institute of Standards and Technology.

The version I use is 7.1.164