25 December 2010

As more and more computers come fitted with SSD disks it’s important for everyone to realise that traditional erasing techniques simply won’t work with this technology. For example the Secure Delete option provided by Apple’s OSX works by overwriting the location of the file numerous times with random data. With an SSD though, thanks to wear-leveling, it is actually very unlikely that these writes will happen on top of each other - much more likely is having the original file and several “overwrites” on the disk.

This happens because SSD technology has a very simple flaw. Each bit on the disk can only change state around 10,000 times. In newer (and more expensive) drives this can be 50,000 or more. Older drives might be able to cope with as little as 5,000 writes. This would very quickly wear out a disk even in normal daily use. To get around this, SSD drives use wear-leveling. This means that whilst the operating system thinks it’s writing to the same location as before, the SSD drive itself is writing the data somewhere else. On a large disk, this means that the time between writes on a particular bit could be very large and therefore over the life of the disk it is unlikely that a given bit will fail due to overuse.

An additional compounding factor is that SSD drives often have buffer space. This means that should a bit fail, it can be replaced with one of these spare bits and the drive can continue and full capacity. These buffers can be up to 10% of the drive size which greatly reduces problems if a particular bit did get overused.

Okay so now that we know how SSD drives work, we can see why overwriting data won’t solve the problem - basically it’s not possible to overwrite the data from the operating system - the physical locations of data on the disk do not match the logical locations that the operating system itself sees. This actually invalidates pretty much all of the secure delete / erase facilities provided by operating systems today.

There is a solution though. Newer disks support the ATA ERASE command. This is a hardware level command that writes every single bit on the drive back to zero. This includes the buffer space. It can also do this very quickly - an SSD drive can securely erase itself in a couple of minutes. However there is a cost - you will lose one of your 10,000 writes on EVERY bit on the disk.

I’m planning to write up an article that goes into more depth on this topic and provide a howto on how to accomplish secure erasure quickly and easily. Stay tuned!



blog comments powered by Disqus