I understand traditional methods don’t work with modern SSD, anyone knows any good way to do it?

  • WhatAmLemmy@lemmy.world
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    2
    ·
    edit-2
    6 months ago

    For all average user requirements that just involve backups, PII docs, your sex vids, etc (e.g. not someone who could be persecuted, prosecuted, or murdered for their data) your best bet (other than physical destruction) is to encrypt every usable bit in the drive.

    1. Download veracrypt
    2. Format the SSD as exFAT
    3. Create a new veracrypt volume on the mounted exFat partition that uses 100% of available space (any format).
    4. open up a notepad and type out a long random ass throwaway password e.g. $-963,;@82??/@;!3?$.&$-,fysnvefeianbsTak62064$@/lsjgegelwidvwggagabanskhbwugVg, copy it, and close/delete without saving.
    5. paste that password for the new veracrypt volume, and follow the prompts until it starts encrypting your SSD. It’ll take a while as it encrypts every available bit one-by-one.

    Even if veracrypt hits a free space error at the end of the task, the job is done. Maybe not 100%, but 99.99+% of space on the SSD is overwritten with indecipherable gibberish. Maybe advanced forensics could recover some bits, but a) why the fuck would they go to that effort for a filthy commoner like yourself, and b) what are the chances that 0.01% of recoverable data contains anything useful!?! You don’t really need to bother destroying the header encryption key (as apple and android products do when you wipe a device) as you don’t know the password and there isn’t a chance in hell you or anyone else is gonna guess, nor brute force, it.

      • otp
        link
        fedilink
        arrow-up
        6
        arrow-down
        4
        ·
        6 months ago

        If you want to keep/sell the drive…

        1. Fill up the rest of the usable space
        2. Encrypt the drive
        3. Throw away the encryption key/password
        4. Hard format (writing zeroes to every bit, sorry if that’s the wrong term

        Is that the best strategy? Or is anything outside of 2 and 3 redundant?

        • Brkdncr@lemmy.world
          link
          fedilink
          arrow-up
          9
          ·
          6 months ago

          You can’t fill the drive. The drive decides when to use its buffered free storage blocks. It’s at the hardware level and only the Secure Erase command will clear it.

          • otp
            link
            fedilink
            arrow-up
            2
            ·
            6 months ago

            Right, I read some more of the comments and realized that’s what some of the “unreported space” is used for. Makes sense, thanks!

          • _edge@discuss.tchncs.de
            link
            fedilink
            arrow-up
            1
            arrow-down
            2
            ·
            6 months ago

            You fill up the usable space. Or the visible space. No one will disamble the device and read from the raw storage.

          • otp
            link
            fedilink
            arrow-up
            1
            ·
            6 months ago

            That makes sense. Thank you!

      • WhatAmLemmy@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        2
        ·
        6 months ago

        a) why the fuck would they go to that effort for a filthy commoner like yourself, and b) what are the chances that 0.01% of recoverable data contains anything useful!?!

        Nobody is gonna bother doing advanced forensics on 2nd hand storage, digging into megabytes of reallocated sectors on the off chance they to find something financially exploitable. That’s a level of paranoia no data supports.

        My example applies to storage devices which don’t default to encryption (most non-OS external storage). It’s analogous to changing your existing encrypted disks password to a random-ass unrecoverable throwaway.