Is Secure Erase for SSD similar to zeroing a HDD?

pinoy

Limp Gawd
Joined
Dec 8, 2010
Messages
447
I'm reading a lot of contradicting info on Secure Erase. Does it truly delete data so it's unrecoverable even with the use of a Recovery software? I tried Samsung's Secure Erase yesterday and it completed the process in one second or less. I thought that was suspiciously fast. Zeroing out a harddrive takes hours but with the SSD it was nearly instantaneous.
 
The difference is that, unlike a mechanical hard drive, SSD controllers will lie. It's actually one of their primary functions.

When you 'secure erase' a SSD, it effectively marks all the NAND as deleted and then runs the TRIM command. The net effect of this is that if you ask the controller to tell you what data is in X spot on the drive, it'll see that it's been TRIM'd and will say "0" even if some other data is still actually present.

On a mechanical drive, if you manually ask "hey what is present in spot X" it'll give you whatever data is there; there is not a mechanism where the drive will 'lie' to you.

SSDs lie about other things too. You may ask for the data at spot X on a SSD, but in reality the drive might have silently stored the data that should be at spot X over in spot Y instead, because spot X has been rotated out for wear leveling. On a mechanical drive this would be catastrophic because of the physically spinning disk and seek times, but on a SSD with no moving parts there is no such thing as seek times or fragmentation, so storing data scattershot across the drive or moving bits here and there are of no consequence. However, Windows and other OSes still talk to SSDs as if they were mechanical drives, and so SSD controllers will 'pretend' to operate like a mechanical drive for compatibility's sake, and just lie their faces off when it suits them. As a result, even if you do manually write zeros to the whole drive, you can never quite be certain on a SSD that you actually got all the data, since when you say "write 0 to X" it will may silently instead perform the action "write 0 to Y" and leave X in its current state, which may or may not contain data.
 
SSDs usually store data encrypted. If the Secure Erase function makes the SSD controller forget the encryption key then that is considered good enough.

Do note that overwriting HDDs and SSDs with zeroes is not a secure way to completely erase them. Drive defect management may have mapped bad storage areas away from control of the OS, but which may still contain recoverable data. With SSDs, "overwriting" data simply writes into another location, while overwritten areas marked for garbage collection.
 
I'm reading a lot of contradicting info on Secure Erase. Does it truly delete data so it's unrecoverable even with the use of a Recovery software? I tried Samsung's Secure Erase yesterday and it completed the process in one second or less. I thought that was suspiciously fast. Zeroing out a harddrive takes hours but with the SSD it was nearly instantaneous.
what your seeing is correct for samsung ssds

on a Samsung SSDs Secure erase will return as completed quite quickly but actually it's doing a Garbage Collection(GC) Trim wipe queued up witch is a background task on samsung SSDs, so the ssd will return as secure erased very quickly

on commercial/enterprise SSD secure erase/TRIM is a Low priority GC operation so read and write performance will Drop to the guaranteed QOS speed for about 2-5 minutes (like 250mb write and 400mb read for about 2-5 minutes ish) , normal samsung ssds will just keep doing it when ssd is idle (as consumer SSDs do GC when ssd is idle for more than 1ms or so)

if you use a secure erase that is a true erase on a SSD and HDD (as all space including protected areas are erased), the diferance is an HDD has to actually Write to every single LBA block (unless its a SED as they don't even bother writing zeros to every LBA block because the encryption keys have been erased the data is not recoverable)

(note Samsung specific) SSDs just send a mass background garbage collection TRIM command to the NAND and resets the page table (if the disk has built in encryption it will also reset the built in encryption keys)

Other SSDs don't usually use GC to Que up the TRIM command so secure erase and Trim commands take significantly longer as the SSD does not return completed until it has actually finished the secure erase or TRIM (like my toshiba xg3 and crucial MX500 actually locks up the system a little if i delete a 200GB file and then run a defrag optimise on it)
 
The difference is that, unlike a mechanical hard drive, SSD controllers will lie. It's actually one of their primary functions.

When you 'secure erase' a SSD, it effectively marks all the NAND as deleted and then runs the TRIM command. The net effect of this is that if you ask the controller to tell you what data is in X spot on the drive, it'll see that it's been TRIM'd and will say "0" even if some other data is still actually present.

On a mechanical drive, if you manually ask "hey what is present in spot X" it'll give you whatever data is there; there is not a mechanism where the drive will 'lie' to you.

SSDs lie about other things too. You may ask for the data at spot X on a SSD, but in reality the drive might have silently stored the data that should be at spot X over in spot Y instead, because spot X has been rotated out for wear leveling. On a mechanical drive this would be catastrophic because of the physically spinning disk and seek times, but on a SSD with no moving parts there is no such thing as seek times or fragmentation, so storing data scattershot across the drive or moving bits here and there are of no consequence. However, Windows and other OSes still talk to SSDs as if they were mechanical drives, and so SSD controllers will 'pretend' to operate like a mechanical drive for compatibility's sake, and just lie their faces off when it suits them. As a result, even if you do manually write zeros to the whole drive, you can never quite be certain on a SSD that you actually got all the data, since when you say "write 0 to X" it will may silently instead perform the action "write 0 to Y" and leave X in its current state, which may or may not contain data.
it's called wear leveling and virtual LBA mapping to NAND location (it's not a lie)

if a secure erase has been issued page area is reset and nand is Trimmed (and encryption keys if it has it is reset) within 2 minutes the ssd will be like new (excluding past wear to nand)

note Samsung specific ques the Secure erase as part of the Idle GC operation so it will return as completed but TRIM operation will still be running in the background

Secure erase gets loosely used with software that uses the word incorrectly as secure erase when it actually means its Writing zeros (which isn't a secure areas)

i normally use the samsung or intel enterprise tools to do real secure erase (normally works with most disks and if it's plugged into my HBA card secure erase lock is not enabled so can do it form inside windows)
 
it's not a lie
Depends on the perspective, I suppose.

It's a lie from the perspective of "show me the data at address X" and address X is not actually a fixed location on the drive, yet the drive happily says "sure, the data at X is whatever". I didn't say it was *bad* - it's completely necessary for backwards compatibility - but the controller *is* lying. It's just a good lie :)
 
Zeroing a HDD is not what it was, and the idea of it now is not what it actually usually is and has not been for a long time. Zeroing an SSD will take, easily, far less time due to blowing out electrons and the translation layer of the flash in comparison to physical heads, and sectors. If data is securely removed on any medium is always up for debate even with particular methods for data overwriting obscurity and elimination. This is why most HDD's (even SDD's), when security is a priority, are eliminated physically via shredding, or other means. There is always a measure, a countermeasure, and a counter-counter measure. Get used to it, and anyone that thinks that something is "secure X, Y" doesn't know what they are talking about. Only eliminating the physical object-I am meaning dust to dust-WILL be secure for the item only. That still doesn't mean other means up to that point of data storage are not a data trail.

Just to note, there have been parts of HDD platters that were partially available after much physical damage to the whole drive. Extraction of the bits was capable even for a small portion of it, and enough to gather information needed, wanted, etc. So, just think about that. There are businesses for recovery, and governments for espionage.....data is power. Getting that power is a sort of new level of warfare. Information has always been part of warfare, that is.
 
If data is securely removed on any medium is always up for debate even with particular methods for data overwriting obscurity and elimination. This is why most HDD's (even SDD's), when security is a priority, are eliminated physically via shredding, or other means. There is always a measure, a countermeasure, and a counter-counter measure. Get used to it, and anyone that thinks that something is "secure X, Y" doesn't know what they are talking about.

For hard drives (mechanical), the entire theory of how easy it is to recover 'deleted' data is based on two things, one true on one not. First and truthfully, just pressing 'delete' or 'quick format' we all know doesn't actually remove the data and so it is trivially easy to recover data with consumer level software. Secondly and quite falsely, folks have long labored under the presumption that data can be recovered from a hard drive that has had all of its data zeroed out, thanks in large part to a 1996 research paper that somewhat makes that claim. That research paper is one of the primary drivers behind the "multiple pass wipe" recommendations for sanitizing hard drives. However, that research paper was fundamentally flawed and has since been thoroughly debunked and, in addition, even if the original paper was valid the methods it used would be several orders of magnitude more difficult with modern mechanical hard drives due to huge increases in track density.

On a mechanical drive, it is actually very simple; write zeros to the entire drive one time, and it is 99.9% (or more) unrecoverable. That 0.1% (or less) chance is there to represent the unknown capabilities of state level actors; perhaps the CIA or NSA has some classified method nobody in the private sector is privy to. If your data is *so* valuable or *so* confidential that a sub-0.1% chance of recoverability represents an unacceptable risk, then drive reusability should be completely off the table, drives should be written zeros and then physically destroyed and disposed of *by you or under your direct supervision*, since I would wager that the odds of your disks being improperly disposed of by other humans at a third party disposal company (due to human error or maliciousness) are higher than the odds of data being recovered from a zeroed drive.

For SSDs, use of their built-in secure erase functions are the best you can do due to how the controller masks the physical structure of NAND from the end users. With that said, writing zeros twice to the entire drive using a traditional zeroing utility will likely accomplish your goals as well, since essentially no drives include a spare area or cache large enough to accommodate two full drive writes.
 
Oh, I get you. And the actuality of you needed to describe, sure take your time if you want to for others. You are flogging a dead horse with me, and if you cannot extrapolate that then, perhaps, I should not give you the credit I actually do. Look in my statement above. It is more synergistic than you may realize.

The point of it all is the very fact of how someone "thinks" and the education echoing of the "security" of it all-WINDOWS 10, LINUX.....pffff. I love the writing zeros though before destruction, when you are eliminating the physical entity itself-talking pixie dust here. Hey, we are waiting to smelt the drives. What are you doing? Oh, I am writing zeros. Oh, but the security issues right there...hmn. As in the people with the data-most compromise happens from within.

My point, as usually, is to point out particular things rather than argue the usual cognitive dissonance of security. Kind of like, hey we have chips all encrypted and a super protective fucking cypher you can get past. Oh, really give me some liquid nitrogen. I want people to break past the idiotic paradigms that have been created about security, and start to wake up with how insecure everything is. BTW, every been to the spy museum in D.C.? You might want to.
 
Oh, I get you. And the actuality of you needed to describe, sure take your time if you want to for others. You are flogging a dead horse with me, and if you cannot extrapolate that then, perhaps, I should not give you the credit I actually do. Look in my statement above. It is more synergistic than you may realize.

The point of it all is the very fact of how someone "thinks" and the education echoing of the "security" of it all-WINDOWS 10, LINUX.....pffff. I love the writing zeros though before destruction, when you are eliminating the physical entity itself-talking pixie dust here. Hey, we are waiting to smelt the drives. What are you doing? Oh, I am writing zeros. Oh, but the security issues right there...hmn. As in the people with the data-most compromise happens from within.

My point, as usually, is to point out particular things rather than argue the usual cognitive dissonance of security. Kind of like, hey we have chips all encrypted and a super protective fucking cypher you can get past. Oh, really give me some liquid nitrogen. I want people to break past the idiotic paradigms that have been created about security, and start to wake up with how insecure everything is. BTW, every been to the spy museum in D.C.? You might want to.

I'm not quite sure what I just read.
 
On a mechanical drive, it is actually very simple; write zeros to the entire drive one time, and it is 99.9% (or more) unrecoverable.
As I wrote, this is not necessarily true due to drive defect management. There can be parts of the drive which are mapped out of OS control but which can still contain easily recoverable data if you gain access to the drive firmware. This is why only physical destruction ensures complete unrecoverability of data.

The only way to avoid having to shred a mechanical drive with confidential data is to never write anything unencrypted to it in the first place. If you then forget your encryption key, your data is safely gone.
With that said, writing zeros twice to the entire drive using a traditional zeroing utility will likely accomplish your goals as well, since essentially no drives include a spare area or cache large enough to accommodate two full drive writes.
Depends. Modern flash controllers may outsmart you and deduplicate, or notice that the new data is the same as the overwritten one.
 
For hard drives (mechanical), the entire theory of how easy it is to recover 'deleted' data is based on two things, one true on one not. First and truthfully, just pressing 'delete' or 'quick format' we all know doesn't actually remove the data and so it is trivially easy to recover data with consumer level software. Secondly and quite falsely, folks have long labored under the presumption that data can be recovered from a hard drive that has had all of its data zeroed out, thanks in large part to a 1996 research paper that somewhat makes that claim. That research paper is one of the primary drivers behind the "multiple pass wipe" recommendations for sanitizing hard drives. However, that research paper was fundamentally flawed and has since been thoroughly debunked and, in addition, even if the original paper was valid the methods it used would be several orders of magnitude more difficult with modern mechanical hard drives due to huge increases in track density.

On a mechanical drive, it is actually very simple; write zeros to the entire drive one time, and it is 99.9% (or more) unrecoverable. That 0.1% (or less) chance is there to represent the unknown capabilities of state level actors; perhaps the CIA or NSA has some classified method nobody in the private sector is privy to. If your data is *so* valuable or *so* confidential that a sub-0.1% chance of recoverability represents an unacceptable risk, then drive reusability should be completely off the table, drives should be written zeros and then physically destroyed and disposed of *by you or under your direct supervision*, since I would wager that the odds of your disks being improperly disposed of by other humans at a third party disposal company (due to human error or maliciousness) are higher than the odds of data being recovered from a zeroed drive.

For SSDs, use of their built-in secure erase functions are the best you can do due to how the controller masks the physical structure of NAND from the end users. With that said, writing zeros twice to the entire drive using a traditional zeroing utility will likely accomplish your goals as well, since essentially no drives include a spare area or cache large enough to accommodate two full drive writes.
This!

Makes me laugh when I see folks recommend a 8x over write on a 8TB HDD. "Yeah but I want to put it on Ebay sometime before the end of the year!"

One run of data fill and done.
 
8x over write on a 8TB HDD
Especially when the data they are protecting is like... family photos or something. Even if the "recover-from-write-zeros" methods actually worked they involve disassembling the drive to its platters and placing them under vacuum in a scanning tunneling microscope. Nobody is going to buy random drives from random people on eBay and plop them in incredibly expensive equipment for what amounts to a fishing expedition just *hoping* the drive they bought has some important data on it. It's one thing if you're a credit bureau full of PII records and you dump your hard drives in a bin out back labeled "Hard drives with credit info get put here" - maybe someone would undertake effort to recover data from those drives. Random disk on eBay? Even if someone is fishing for PII, they'd be doing it with a simple fast software sweep and not any of the methods that *might* be able to recover an overwritten drive.
 
Especially when the data they are protecting is like... family photos or something. Even if the "recover-from-write-zeros" methods actually worked they involve disassembling the drive to its platters and placing them under vacuum in a scanning tunneling microscope. Nobody is going to buy random drives from random people on eBay and plop them in incredibly expensive equipment for what amounts to a fishing expedition just *hoping* the drive they bought has some important data on it. It's one thing if you're a credit bureau full of PII records and you dump your hard drives in a bin out back labeled "Hard drives with credit info get put here" - maybe someone would undertake effort to recover data from those drives. Random disk on eBay? Even if someone is fishing for PII, they'd be doing it with a simple fast software sweep and not any of the methods that *might* be able to recover an overwritten drive.

Oh but this is just the forum to still get those diehards that beleive otherwise or somehow think themselves 'special' in some way.
 
if your selling a HDD try to do a real ata secure erase, if you can't work out how to secure erase, then do Write zeros from start to end of the disk (don't do this on a SSD as there is easier way to do it)

for SSD, if you can work out how to do a real ata secure erase do that,, if you can't, set the disk to MBR type and create one whole NTFS partition and then run defrag Optimize on it (that will issue a Trim command to all LBA blocks in free space) and then open diskpart select the correct disk (list disk, select disk x) and type clean (warning this command has no confirmation make sure correct disk is selected) to reset the disk to new state/ready to use state
 
Back
Top