Home page logo

basics logo Security Basics mailing list archives

Re: Wiping of Flash based Media.
From: xgermx <xgermx () gmail com>
Date: Thu, 24 Apr 2008 10:21:11 -0500

Additionally, after wiping the drive, you could use TrueCrypt to
encrypt it. (adding another layer of security)

On Wed, Apr 23, 2008 at 9:20 PM, MaddHatter
<maddhatt+securitybasics () cat pdx edu> wrote:
"Worrell, Brian" <BWorrell_isdh.IN.gov> said (on 2008/04/23):

The DoD hard drive wipe seems to be okay (not perfect I know.) for
 >removing sensitive data from a hard drive, but do you think it is
 >acceptable for an SSD or other Flash based storage?
 >If a DoD wipe is not good, what are your thoughts on something that is,
 >or would work?

 Your approach will depend on your level of paranoia. As usual, the
 truly schizophrenic will only be happy with complete destruction (and
 not entirely without good reason). Modern high density Flash devices
 use wear-leveling. This means at any time the device could decide that
 block A (a random chunk of memory, probably several megabits large)
 is about to go belly-up, so it will move the data in block A to block Z
 (and remap A->Z). It won't erase block A, just sort of forget that it
 ever existed. You have no idea what potentially sensitive data was in
 block A before it got decommissioned. A sufficiently knowledgeable and
 determined attacker will be able to recover much of the data from block A,
 even after the device has otherwise ceased to function.

 An attacker might also be able to determine the relative stress seen
 by each cell. Erasing (usually, changing to a 11 state) is a stressful
 operation in Flash and causes measurable degradation. Cells that are
 frequently erased will appear different than cells that have been erased
 infrequently. Whether that's sensitive information depends on application
 and on details of the device operation (which you have to assume the
 attacker would know).

 If you're not quite that worried, overwriting once with zeroes, then
 ones, then zeroes is likely good enough. You could do ones, zeroes, ones
 -- what's relevant is that every single cell has been set to both its
 maximum and minimum state. Recovering any old data from the user-accessible
 (i.e. not decommissioned) blocks at that point is highly improbable.
 The variation in the state of the cells after such an operation is driven
 by process variation and intrinsic effects that swamp whatever historical
 state could plausibly remain.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]