Backblaze Dispels SSD Recycling and Disposal Myths

Discussion in 'HardForum Tech News' started by Megalith, Mar 16, 2017.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    13,004
    Joined:
    Aug 20, 2006
    The backup company is offering advice on how to securely recycle or dispose of your old SSDs. There is certainly nothing too mind-blowing here—as you may have already guessed, physical destruction by means of shredding or encrypting the entire drive works great. I found it interesting that they advised against zeroing out a drive, however.

    Physically destroying the SSD by shredding it into small particles is the absolutely safest, most foolproof method for safe and secure disposal. Unfortunately, it’s also the most expensive. Prices on devices designed for SSD shredding start in the thousands. If your business has the budget, a number of companies make shredding devices especially designed to physically destroy SSDs. Security Engineered Machinery, Phiston, and Garner are popular SSD shredder makers. It’s important to check the specs of any potential shredder to make sure the shred size is small enough to actually destroy the memory chips on your SSD, however. The shred width should be 1/2 inch or less if you want to make sure the chips get properly mashed up.
     
  2. Zeroing works fine*

    *The devil is in the details- if a block gets desginated as bad (failed checksum/write) then that block will not get zero'd unless you use specially designed software specific to that drive. And that is very hard to get a hold of. But chances are the data in those "bad blocks" is corrupt and incomplete already. But all it takes is a few bytes sometimes for your competition to get what they need. So it's a risk. But a small one.
     
    captaindiptoad and AceGoober like this.
  3. xaustinx

    xaustinx [H]Lite

    Messages:
    70
    Joined:
    Aug 4, 2004
    it's amazing to me that people still don't know things like this 6 years after the initial research about this was published. ah well
     
    captaindiptoad likes this.
  4. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,557
    Joined:
    Mar 4, 2013
    I have told my lawyer friends that the only way to be sure on spinning disks is to melt the platters and stir the results. Given enough money and time, data could be recovered even from a platter full of holes. See nothing here that indicates that melting a SSD won't achieve the same result. Just don't inhale the vapors generated during the process.
     
    captaindiptoad likes this.
  5. bildad

    bildad Gawd

    Messages:
    729
    Joined:
    Jun 28, 2004
    You can't just use a cloth to wipe it?
     
    DF-1, Krazy925, jeremyshaw and 10 others like this.
  6. WhoBeDaPlaya

    WhoBeDaPlaya 2[H]4U

    Messages:
    2,485
    Joined:
    Dec 16, 2002
    Have these people never heard of the ATA secure erase command?!
     
    Snowdog likes this.
  7. piscian18

    piscian18 [H]ardForum Junkie

    Messages:
    11,021
    Joined:
    Jul 26, 2005
    So a hammer is a no go?
     
  8. Sulphademus

    Sulphademus Limp Gawd

    Messages:
    354
    Joined:
    Mar 18, 2010
    That was one thing I liked about the old IBM Deathstar drives, the platters would shatter immediately when drilling through the drive.
     
    captaindiptoad likes this.
  9. PaulP

    PaulP Gawd

    Messages:
    776
    Joined:
    Oct 31, 2016
    I worked for HGST for a couple of years, so I have some experience in this area. I can tell you that if you put holes in the platters and/or warp them, it will be very difficult to recover any useful data from them. I'm not saying that bits couldn't still be recovered, but with how close the tracks are and all the ECC and other encoding, it would take a massive (very expensive) effort to recover data sectors on the undamaged parts. Then you would still have to sort out what that data belongs to, which would be difficult given that the file system would be damaged as well. As a practical matter, only governments and maybe a few large corporations, have the resources to mount such a project, and they wouldn't do that unless they knew the data was worth it. For the data from the average person or business, it is just not worth it.
     
  10. DPI

    DPI Nitpick Police

    Messages:
    10,960
    Joined:
    Apr 20, 2013
    Still perplexed at how anyone cares what Backblaze thinks, or how they've become any kind of authority on storage when their business sits atop a landfill of shucked external cases.

    I guess perception really is reality.
     
  11. Ryokurin

    Ryokurin [H]ardForum Junkie

    Messages:
    10,560
    Joined:
    Aug 14, 2001
    That's a possibility, but the real problem is wear leveling. There's always going to be blocks that won't be written to if you fill the drive to allow the chips to all be worn to a consistent state. Unless whatever you are using is smart enough to advise the firmware to clear the excess space you have no idea what's left on the drive and is likely readable.
     
  12. nutzo

    nutzo [H]ardness Supreme

    Messages:
    7,380
    Joined:
    Feb 15, 2004
    Just pull the circuit board out and hit each chip with a hammer until it breaks.

    If that's not secure enough, then the drive should have been encrypted to protect the data.
     
    Xrave and Seventyfive like this.
  13. PhaseNoise

    PhaseNoise [H]ard|Gawd

    Messages:
    2,009
    Joined:
    May 11, 2005
    Correct. What the drives present to the OS and what really happens are quite different things. Writing "all zeros" has no assurance the drive is all zeros.

    This is why the crypto approach works. Many drives do this invisibly. When you "secure erase" the drive, it regenerates its internal crypto key. All existing data is now gone because you no longer have the key.
     
  14. xorbe

    xorbe [H]ardness Supreme

    Messages:
    6,006
    Joined:
    Sep 26, 2008
    " I found it interesting that they advised against zeroing out a drive, however."

    You want to write random incompressible data, no surprises here.
     
    jeremyshaw, bman212121 and Monkey God like this.
  15. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,557
    Joined:
    Mar 4, 2013
    Agreed, BUT when I was just starting in my IT career, back when 5.25" floppies were all the rage, I read a report about a suspected drug dealer who prior to having the search warrant executed on him, cut a floppy into a pile of small pieces. The investigators spent 6 months and several hundred thousand dollars recovering most of the data. They reconstructed the floppy to determine where each piece went, then put each piece on a clear plastic disk and hand turned the piece under a R/W head. The recovered bits were loaded into a database and sorted into the proper order. Enough data was recovered to make the case against the guy. Since then I have had a distrust of the effectiveness of incomplete destruction as a security measure. Especially for lawyers and others who may not know everything their clients are involved in and have a legal obligation to prevent disclosure.
     
  16. Doesn't quite work this way. All drives have a reserve capacity that is only used for bad cell blocks. That capacity is ONLY tapped into when a cell block fails. Wear leveling occurs across the active blocks, not the reserve blocks.

    So an entire disk fill would do the job pretty nicely. But as I said, bad blocks would not be overwritten.
     
  17. This research is based on deleting single files. If you fill the drive up with garbage, the file will have no option but to be erased (Provided it wasn't duplicated from a failed cell write) And SSD do garbage cleanup and wear leveling actions in the background. Given enough time the SSD might prepare the cell for another write by zeroing out contents. This enhances performance as all cells have to be rezero'd before write.
     
  18. dgz

    dgz [H]ardness Supreme

    Messages:
    5,396
    Joined:
    Feb 15, 2010
    Yes, yes. But your even your most average person becomes super important after a few drinks so it would be worth it
     
    vividshock likes this.
  19. likeman

    likeman Gawd

    Messages:
    605
    Joined:
    Aug 17, 2011
    seems little wasteful to destroy them (unless they are Not self encrypting drives but you should not be using them for sensitive data) , when a secure erase ATA command does the job perfectly fine assuming the SSD is a self encrypting drive, the keys are cleared and regenerated (that alone renders the data unrecoverable) and then it trims all flash blocks in one large wipe and page area is wiped as well (if you're paranoid use a intel SSD)

    secure erase works fine mostly on non encrypted drives but there is a Very small risk of data retrieval (page area and NAND is reset so unlikely but not impossible)
     
    Snowdog and WhoBeDaPlaya like this.
  20. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,707
    Joined:
    Feb 3, 2014
    I work for a public sector, we are supposed to try and sell off or donate as much of our old equipment as we can, what I have been doing for used but still functional drives is zero writing them then swapping the control cards on them with another identical model. They are then donated to build PC's for needy families, libraries, etc ... I have not yet had to donate off any of the SSD's so I don't know what I will do with them but they are so far outlasting the PC's they are being installed into so I have just been moving them from the Old Laptops to the New ones because nobody wants to go from an SSD back to a mechanical drive it and those who have always complain the new computer is slower than the old one.
     
    ZeqOBpf6 likes this.
  21. {NG}Fidel

    {NG}Fidel [H]ardness Supreme

    Messages:
    6,287
    Joined:
    Jan 17, 2005
    This is very true.
    Tell my management that...
     
    Sulphademus likes this.
  22. WhoBeDaPlaya

    WhoBeDaPlaya 2[H]4U

    Messages:
    2,485
    Joined:
    Dec 16, 2002
    I don't know about solid state drives, but here's the [ H ]ard way of disposing of [ H ]ard drives...

     
  23. sir-gold

    sir-gold Gawd

    Messages:
    931
    Joined:
    Jan 19, 2006
    IBM only made glass HDs for a few years (1999-2003). Before that, they were all aluminum platters (I worked in the aluminum platter plating area in 99, and glass platters were still in the early-production stage at the time)

    Did you by any chance work in Rochester MN?
     
  24. vr.

    vr. 2[H]4U

    Messages:
    3,456
    Joined:
    Mar 30, 2010
    Why is anyone worried about herculean efforts for data recovery? We've moved into the age where people just make shit up.
     
  25. Xrave

    Xrave [H]ardness Supreme

    Messages:
    7,053
    Joined:
    Jun 29, 2004
    I would just remove the SSD cover and drill through each of the flash chips. Then could follow-up with a hammer smash for good measure.
     
  26. Snowdog

    Snowdog [H]ardForum Junkie

    Messages:
    9,476
    Joined:
    Apr 22, 2006

    Yeah, I remember when this came up ages ago for mechanical drives. 5 minutes of searching and reading showed that "Secure Erase" existed exactly for this reason, and it functioned perfectly, and yet people kept doing all their silly write 00 alternating with FF multiple times or other nonsense.

    Secure erase and re-purpose. Done. If you are kind of paranoid, research if their any issues with SE on your particular drive.

    If you are ultra paranoid about your sick porn collection, or illegal activities, I guess you can go all medieval and grind your drive to dust...

    I usually use my HDD's till they fail, then take them apart for the Magnets. I don't bother doing any damage to the platters. I only have one SSD and it hasnt' failed yet...
     
    drescherjm likes this.
  27. krotch

    krotch [H]ardness Supreme

    Messages:
    4,509
    Joined:
    Aug 12, 2004
    I'd assume hitting it with a blowtorch would work. Most things don't like fire.
     
  28. DocSavage

    DocSavage 2[H]4U

    Messages:
    2,409
    Joined:
    Dec 18, 2002
    I think a sledge hammer would be fun.
     
  29. krotch

    krotch [H]ardness Supreme

    Messages:
    4,509
    Joined:
    Aug 12, 2004
    20 ton press isn't too expensive either. Can get one for $150. Also use it for other things like...car wheel bearings or something
     
    DocSavage likes this.
  30. Sulphademus

    Sulphademus Limp Gawd

    Messages:
    354
    Joined:
    Mar 18, 2010
    Ah, well that explains them then.
    My boss at the time got tired of hearing me smashing old drives with a hammer and bought a degausser which he put several floors away in an empty office where facilities kept extra furniture (it was kinda loud).
     
  31. DocSavage

    DocSavage 2[H]4U

    Messages:
    2,409
    Joined:
    Dec 18, 2002
    That'll be great for when I get 6" offset wheels!
     
  32. Burticus

    Burticus [H]ardness Supreme

    Messages:
    4,112
    Joined:
    Nov 7, 2005
    At my old job's datacenter we had a hydraulic press that would punch a large hole in the drive. Man that thing was loud.

    Seems so wasteful, I mean if you do a DBAN wipe off 1 drive out of a raid set, is anyone going to get anything usable off it? Nah.

    Current job has just set policies in place for drive replacements..... no more RMA. I foresee a giant box of hard drives filling up waiting to be melted/shredded/exploderized. Where's the T2 metal melting pool when you need it?
     
    DocSavage likes this.
  33. cyberguyz

    cyberguyz Gawd

    Messages:
    694
    Joined:
    Aug 28, 2014
    $1000 for an SSD shredder? Hell, pop the board out and a good whack with a 20oz hammer at each of the chips will shred the drive just fine. Nobody's gonna be getting anything valuable off that.

    It wasn't all that long ago you had to wear an anti-static strap when handling bare electronics to keep from frying them with the static electricity you get walking across a carpet.
     
  34. DocSavage

    DocSavage 2[H]4U

    Messages:
    2,409
    Joined:
    Dec 18, 2002
    All of this permanent damage is rather wasteful. SSDs do enough housecleaning that a standard reformat will make your data unrecoverable after a few minutes.
     
  35. WhoBeDaPlaya

    WhoBeDaPlaya 2[H]4U

    Messages:
    2,485
    Joined:
    Dec 16, 2002
    sudo hdparm --user-master dick --security-set-pass balls /dev/sda
    sudo hdparm --user-master dick --security-erase balls /dev/sda

    BAM! Done in under 5 minutes.

    I do this for all my SSDs ~once a year just to refresh them.
     
  36. DocSavage

    DocSavage 2[H]4U

    Messages:
    2,409
    Joined:
    Dec 18, 2002
    Ever accidentally get the wrong /dev? :D
     
    Sulphademus likes this.
  37. Jim Kim

    Jim Kim 2[H]4U

    Messages:
    3,544
    Joined:
    May 24, 2012
    The article contained good information. Backblaze is one of the companies I mention when people ask about backing up.

    Their hdd reliability statistics, while not perfect, provide much needed insight into hdd failures and models you might want to avoid.
     
  38. DocSavage

    DocSavage 2[H]4U

    Messages:
    2,409
    Joined:
    Dec 18, 2002
    (I only ask because you're deleting your sda)
     
  39. WhoBeDaPlaya

    WhoBeDaPlaya 2[H]4U

    Messages:
    2,485
    Joined:
    Dec 16, 2002
    Heh, never. To avoid any Mr Magoos, I unplug every other non-optical SATA device :D

    [​IMG]
     
    DocSavage likes this.
  40. Decibel

    Decibel 2[H]4U

    Messages:
    3,807
    Joined:
    Nov 10, 2000
    Well this is timely... My hard drive shredder was installed yesterday.