2

I know DBAN can be used to securely wipe HDDs, and I know that it cannot be used to securely wipe SSDs.

What about flash drives? It is my understanding that SSDs use flash memory, but that they move the data around whereas flash drives (as in small thumb drives/memory sticks) do not. I know DBAN can NOT securely erase a SSD, but will it securely erase a flash drive?

And yes I know it reduces the lifespan of the flash drive, I don't care about that

Thank you

Improve this question
3
  • 2
    Even a tiny microSD card has a FTL controller on it, that moves data around: bunniestudios.com/blog/?p=3554
    – A.B
    Commented Feb 17, 2018 at 3:33
  • Fascinating link. From my reading of the article though, this is used for mapping out "factory bad" blocks, rather then moving data around - while I'm sure its technically possible for this to happen using the given chip, the article implies the reverse is more typical - partially bad chips are recycled onto new flash drives.
    – davidgo
    Commented Feb 17, 2018 at 4:17
  • I actually pondered linking only the picture of the opened microSD where the controller is apparent. It's not talked about, but like on other flash devices, it will also perform wear levelling (which moves unrelated data around when receiving writes) and accept TRIM/DISCARD if the host supports it (ie: the microSD is not connected through an USB interface but for eg a SDIO bus), last two mean it will use available space as overprovisionning to work better.
    – A.B
    Commented Feb 17, 2018 at 11:01

1 Answer 1

Reset to default
1

Provided the flash drive does not have bad sectors with data in them, and is not provisioned the same way SSD's are (and they most likely are not over-provisioned), its safe to use DBAN - although DBAN does overdo things (ie multiple passes when 1 would suffice).

FWIW, DBAN - with multiple passes - will do a fairly good job of wiping an SSD as well. (If your adversary is a government department or equivalently, funded, the only way to be fairly sure absolutely none of your data will be recoverable is to use FDE prior to putting any data on the drive, or - if you trust it - to use storage which has FDE built in to the drive).

I realize what I've written above may be controvertial - please raise concerns in comments before downvoting me - but to summarise my key contentions -

  1. This idea of multiple passes came about many, many years ago from a guy called Peter Gutman (who I've met) - "The Gutmann Method", and was a mechanism to wipe data off any type of drive available at the time. Even Gutmann advised that you did not need to run all the passes - but which ones depended on the drives of the time (more then 20 years ago). Subsequently drives have increased in density to the point that its believed that 1 pass of zeros is sufficient to make it impossible to recover data, although there is a week argument for 1 pass of random or pseudorandom data. (For the sake of clarity, I'm assuming that meaningful data is 1 byte or more - the error rate when I last looked was something like 25% per BIT last I looked many years ago.

  2. The reason why a single pass on an SSD is not adequate is because of wear levelling. Writing multiple passes of random data will defeat this mechanism.

Improve this answer
6
  • I wanted to sugges that even though we don't know what the drive will actually do when we say overwrite something, we can be fairly confident that it doesn't have the option to use space set aside for over-provisioning. I tried finding an over-provisioned flash drive and couldn't... good enough?
    – Louis Waweru
    Commented Feb 17, 2018 at 3:46
  • @Louis - Maybe we are talking cross purposes. My contention is that for SSD's when you overwrite the disk multiple times, because you are overwriting more then 1 disks worth of space, the overwrites are going to be pushed into the space which has been overprovisioned. (This was to address the statement in the question that you cant use DBAN securely erase an SSD.
    – davidgo
    Commented Feb 17, 2018 at 3:59
  • 1
    I'm with you. I also think it's safe to assume USB flash drives don't ship with extra storage for wear leveling, and so we can also assume overwriting the entire drive really does overwrite everything.
    – Louis Waweru
    Commented Feb 17, 2018 at 4:05
  • @Louis I wouldn't be that confident: since USB flash drives can't accept TRIM/DISCARD through the USB API, actually especially since, they do need overprovisionning, because once the flash disk is full (eg the filesystem on it is full) without overprovisionning it couldn't do wear levelling anymore. When you can issue TRIM/DISCARD commands, it doesn't require as much overprovisionning
    – A.B
    Commented Feb 17, 2018 at 11:13
  • 2
    @Louis Have a look at en.wikipedia.org/wiki/USB_mass_storage_device_class - They typically identify as USB Attached SCSI, and use a cut down version of the SCSI transparent command set - I believe that the commands it uses are used by both SCSI and SATA disks.
    – davidgo
    Commented Feb 18, 2018 at 2:24

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .