6
2
Given that an SSD does wear leveling, does the Secure Empty Trash on the menu in MacOSX really work? Is something special being done force overwrites to the same physical block of flash and bypass the wear leveling algorithms built into the SSD?
progrmr
Posted 2009-12-17T21:20:15.360
Reputation: 276
3
SSD wear levelling poses a prickly problem for secure deletion. Wear levelling is a low level algorithm working in the drive that randomises where data is written. This happens independent of the OS.
By design, wear levelling spreads out multiple writes to the same file across a flash drive. This keeps a file (like a log or page file) from wearing out a specific part of the memory. This keeps your SSD from failing prematurely, but it also makes it almost impossible to overwrite a specific block of memory.
Your best bet, if the data is that important, is to use a block or file level encryption (like TrueCrypt).
2Nice answer but it doesn't answer this particular question. – progrmr – 2011-07-31T11:49:00.340
The answer is basically, because of wear leveling, secure delete probably does not work on SSDs. – Alan Shutko – 2013-09-20T02:06:16.027
0
Yes, it really works with all of the usual caveats predating or precluding SSDs.
It's another question all together if the Empty Trash Securely acts as a TRIM substitute (at least for files going through the TrashCan process) for Macs still running OS versions 10.6.7 and prior - which do not have TRIM support at all. Although in a version or two prior 10.6.8 the OS would at least tell you if your drive supported TRIM. But that's somewhat of a different issue.
Yes, when you empty the trash securely from 10.7, 10.8 and 10.9 versions of OS X, it overwrites enough of the original file to be considered an actual "secure erase". Secure however is a relative term and the way SSDs work to actually 100% securely erase anything from them you will need to format/wipe the drive with a 7-pass secure erase which is the DOD (Department of Defense) standard.
You're just asking about the Trashcan, but you have to keep in mind that when most applications save files, they will (non-securely) delete the old file and just save a completely new copy. Also there OS X's defragmentation, which when it consolidates files will leave old fragments scattered around the drive. There are also other scenarios like Version Updates, Time Machine Local Snapshots, Autosave, Resume, File Caches, Leftover Swap, ect. which will leave potentially private data on the disk. Thus the 7x Wipe comes into play.
I watched a video once where a security expert demonstrated the very best method of securely disposing of old hard-drives. Cheap, fast, and works 100%: He pulled out a hammer and smashed it to bits. :)
Tessy
Posted 2009-12-17T21:20:15.360
Reputation: 1
1do you have any sources to back up your answer? – Keltari – 2013-09-20T01:45:01.253
So basically, because of the ways SSDs work with wear leveling, and defraying, secure erase really won't work unless you write the whole drive. – Alan Shutko – 2013-09-20T02:07:41.907
See also http://superuser.com/questions/22238/how-to-securely-delete-files-stored-on-a-ssd
– Tommy Knowlton – 2009-12-18T21:37:34.663