SSDs, factory resets, and why you probably need encryption

After the story came out about factory resets not adequately clearing flash memory in phones and tablets, one of my college buddies asked me if a similar problem exists in SSDs.

Depending on the SSD, it definitely can.

Many SSDs have a secure erase function. But overwriting the SSD enough times to guarantee all the data was erased would shorten the life of the chips, so what they do instead is encrypt the data with AES encryption. Then, when you issue a secure-erase command (usually using a utility provided by the manufacturer), it throws out the old AES key and generates a new one. The old data is still there, but it’s reduced to gibberish.

Theoretically AES can be cracked, but realistically, it will be a couple of decades before it’s practical, especially for someone who isn’t a spy agency for a select few powerful nations. Some people believe AES has been broken and some believe it has not. I think since the NSA is still actively stealing keys, that suggests it is not.

The problem occurs when a drive lacks an encryption feature–very inexpensive drives like the Crucial BX100 leave it out. Drives like a BX100 are very difficult to erase securely.

I wouldn’t have any problem with reselling a drive that has secure erase functionality and built-in encryption. I doubt I’ll be reselling my BX100 though.

 

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux