On Tue, February 9, 2016 16:05, Chris Murphy wrote: > On Mon, Feb 8, 2016 at 11:18 PM, John R Pierce <pierce@xxxxxxxxxxxx> > wrote: >> On 2/8/2016 9:54 PM, Chris Murphy wrote: >>> >>> Secure erase is really the only thing to use on SSDs. >>> Writing a pile of zeros just increases wear (minor negative) >>> but also doesn't actually set the cells to the state required >>> to accept a new write, Secure erase of an SSD, or any solid state device, is problematic. See: http://www.techrepublic.com/article/erasing-ssds-security-is-an-issue/ The CSE requires physical destruction of these devices through pulverisation or incineration. See: https://cse-cst.gc.ca/en/system/files/pdf_documents/itsg06-eng.pdf The USDOD leaves disposal protocols to the individual commands. Essentially, due to the way data is stored on SSDs, it is impossible to access every memory cell during a software driven wipe; no matter how many passes are made. The possibility of significant fragments of residual data remaining is always greater than zero. However, if you entirely encrypt an SSD, BEFORE adding any confidential material, then secure destruction is assured by 'forgetting' the key. But encrypting an SSD after the material is put on it is not sufficient. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailto:ByrneJB@xxxxxxxxxxxxx Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos