Re: Wiping of Flash based Media.

[xgermx <xgermx () gmail com>]

Additionally, after wiping the drive, you could use TrueCrypt to
encrypt it. (adding another layer of security)

On Wed, Apr 23, 2008 at 9:20 PM, MaddHatter
<maddhatt+securitybasics () cat pdx edu> wrote:
> "Worrell, Brian" <BWorrell_isdh.IN.gov> said (on 2008/04/23):
>
> > The DoD hard drive wipe seems to be okay (not perfect I know.) for
>  >removing sensitive data from a hard drive, but do you think it is
>  >acceptable for an SSD or other Flash based storage?
>  >
>  >If a DoD wipe is not good, what are your thoughts on something that is,
>  >or would work?
>
>
>  Your approach will depend on your level of paranoia. As usual, the
>  truly schizophrenic will only be happy with complete destruction (and
>  not entirely without good reason). Modern high density Flash devices
>  use wear-leveling. This means at any time the device could decide that
>  block A (a random chunk of memory, probably several megabits large)
>  is about to go belly-up, so it will move the data in block A to block Z
>  (and remap A->Z). It won't erase block A, just sort of forget that it
>  ever existed. You have no idea what potentially sensitive data was in
>  block A before it got decommissioned. A sufficiently knowledgeable and
>  determined attacker will be able to recover much of the data from block A,
>  even after the device has otherwise ceased to function.
>
>  An attacker might also be able to determine the relative stress seen
>  by each cell. Erasing (usually, changing to a 11 state) is a stressful
>  operation in Flash and causes measurable degradation. Cells that are
>  frequently erased will appear different than cells that have been erased
>  infrequently. Whether that's sensitive information depends on application
>  and on details of the device operation (which you have to assume the
>  attacker would know).
>
>  If you're not quite that worried, overwriting once with zeroes, then
>  ones, then zeroes is likely good enough. You could do ones, zeroes, ones
>  -- what's relevant is that every single cell has been set to both its
>  maximum and minimum state. Recovering any old data from the user-accessible
>  (i.e. not decommissioned) blocks at that point is highly improbable.
>  The variation in the state of the cells after such an operation is driven
>  by process variation and intrinsic effects that swamp whatever historical
>  state could plausibly remain.