Need a motherboard that will allow the most NVME external drives as possible.

[JWNoctis]

For the record, you do NOT "wipe" SSDs. That is not effective due to the way data is written to SSDs and due to how wear-leveling and TRIM functions work. You must use a "Secure Erase" app to ensure all previously saved data on a SSD is no longer viable.

Only hard drives can be "wiped".

To add to that, most SSDs are self-encrypting, meaning that you only need to throw away the encryption key (using an app) and data is no longer readable. Note, I'm not talking about encryption like BitLocker.

I've been led to understand that "Secure Erase" actually is the instruction to the drive to throw away that encryption key, though whether that is actually "secure" is open to definition, depending on your requirements and, in the end, threat profile.

I think "3 pass DOD wipe" has long been superseded as a standard. Really Important stuff now gets pulverized.

 

[azrael]

I've been led to understand that "Secure Erase" actually is the instruction to the drive to throw away that encryption key, though whether that is actually "secure" is open to definition, depending on your requirements and, in the end, threat profile.

I think "3 pass DOD wipe" has long been superseded as a standard. Really Important stuff now gets pulverized.

Yes, on SSDs it's usually the Secure Erase feature that just throws away the encryption key and it is *very* secure. The data is still there, of course, but without the encryption key it's completely useless. I believe AES encryption is usually used.

 

[Massdeth]

A few of these could help: https://www.amazon.com/Syba-Interface-Bandwidth-Bifurcation-Controller/dp/B08L8J3MBT It has the bifurcation chip built in and you may even be able to run 2 m.2's per slot on the card with a dongle.

 

[P4-630]

I would check at least 50~100 of those NVMe's with Crystal disk info to see how much % life they have left, before I would splurge any amount of money in this project...

GL.

 

[Assimilator]

An Intel or AMD platform that has a fair number of PCIe x16 slots that are mechanically x16, as many of these as you have PCIe slots, enough of these to match your drive count (3 slots = 24 drives = 2 enclosures), cables to match, and bob's your auntie.

You'll just be running `diskpart clean all` to trigger Secure Erase which should take almost no time for each drive, so I agree that hot-swapping is your best bet. A PCIe NVMe M.2 card would require you to shut down and restart the machine between runs to swap out drives, which would likely take more time than actually erasing them...

 

[R-T-B]

Yes, on SSDs it's usually the Secure Erase feature that just throws away the encryption key and it is *very* secure. The data is still there, of course, but without the encryption key it's completely useless. I believe AES encryption is usually used.

Until Quantum comes out, which is why threat profile matters.

 

[bloodybastard69]

I've been led to understand that "Secure Erase" actually is the instruction to the drive to throw away that encryption key, though whether that is actually "secure" is open to definition, depending on your requirements and, in the end, threat profile.

I think "3 pass DOD wipe" has long been superseded as a standard. Really Important stuff now gets pulverized.

This is all new info for me. The company that supplied the NVME's is requiring the 3 pass DOD wipe with documentation. Is there a better, more secure way to "sanitize" them. A way that we would be able to prove to the company that the data is actually not retrievable. Or the only way to be sure is actually physically destroying the drive?

 

[JWNoctis]

This is all new info for me. The company that supplied the NVME's is requiring the 3 pass DOD wipe with documentation. Is there a better, more secure way to "sanitize" them. A way that we would be able to prove to the company that the data is actually not retrievable. Or the only way to be sure is actually physically destroying the drive?

Yes, on SSDs it's usually the Secure Erase feature that just throws away the encryption key and it is *very* secure. The data is still there, of course, but without the encryption key it's completely useless. I believe AES encryption is usually used.

If memory serves, DOD style wipes are from the age of low-density spinners, where a single zeroing will still leave forensically recoverable data. It has not been relevant for a while, not ever since it is discovered that even overwriting mechanical hard disks several times still sometimes left whole sectors of recoverable data, which could be for any reason from reallocation and other mechanisms, to the threats of malware and theoretically, rogue firmware.

None of these are relevant to SSDs, which have wear leveling and overprovisioning, and no amount of rewrites would guarantee that all sectors would be erased and rewritten. Trusting Secure Erase in this context is implicitly also trusting the drive manufacturer to have implemented the function and the algorithms correctly, and to have left no backdoors.

Of course, either might well not actually matter, depending on your threat profile. As to company policy, IMHO it's likely more advantageous to just follow them, whether they make sense or not, unless you are in place to make changes. I'd recommend looking deeper into this matter yourself, rather than trusting random strangers on the 'net.

 

[Klemc]

If he has 5000 SSD, not all will have same specs like overprovisionning...

 

[Shrek]

The company that supplied the NVME's is requiring the 3 pass DOD wipe with documentation.

If they require 3 pass DOD, that is the requirement; it would be counterproductive to even bring up talk of an alternative.

IMHO it's likely more advantageous to just follow them, whether they make sense or not ...

Agreed

 

[evernessince]

As bill pointed out you don't do a 3 pass wipe on SSDs or more specifically you shouldn't. That's just wasting their endurance and does nothing over NVMe's built in sanitize command. With SSDs simply deleting the mapping table or encryption key is enough to render all data on the drive non-viable. I'd also stick with one of the software suits designed to handle data sanitization like DBAN or KillDisk as you mentioned you intend to use. Other pieces of software may have a "secure erase" or wipe feature but often times this will only be designed for HDDs in that it'll do x number of writes over the data.

I've been playing around with external USB enclosures for the past week. They are very unreliable and inconsistent. And unless I have them plugged into a Thunderbolt connection, very slow. The other problem is most of them have trouble detecting the serial number of each drive which I need for documentation. It's a pain having to input the serial numbers manually in KillDisk.
Surprisingly the best luck I've had with external wiping was on an M2 Mac Mini using a Thunderbolt 4 hub.

Yes, I've also found that sometimes they prevent me from issuing sanitize or secure erase commands as well. My sample size is small though, I only have 2 external docks. I'm sure there has to be some kind of external enclosure that is reliable that is used by people who do this a lot. It can be very time consuming to install and uninstall M.2 drives if you are doing a lot of them.

To add to that, most SSDs are self-encrypting, meaning that you only need to throw away the encryption key (using an app) and data is no longer readable. Note, I'm not talking about encryption like BitLocker.

It should be noted that most consumer SEDs don't enable encryption until the user turns it on. Encryption on windows, both software and hardware, in handled by BitLocker. You can see Crucial's guide for enabled encryption on SEDs here: https://www.crucial.com/support/articles-faq-ssd/setup-ssd-encryption-via-bitlocker

Many people will assume their data is safe when in fact encryption might be entirely disabled.

I've been led to understand that "Secure Erase" actually is the instruction to the drive to throw away that encryption key, though whether that is actually "secure" is open to definition, depending on your requirements and, in the end, threat profile.

I think "3 pass DOD wipe" has long been superseded as a standard. Really Important stuff now gets pulverized.

The actual implementation of secure erase varies a bit from vendor to vendor and depends on the drive's feature set. A different command is issued for a SATA SSD for example as compared to a NVMe SSD. More info on that here: https://www.killdisk.com/manual/index.html#erase-concepts.html

A SED with encryption enabled could indeed just delete the encryption key and that would be acceptable. A drive with encryption disabled might just delete the mapping table and mark all blocks for deletion.

This is all new info for me. The company that supplied the NVME's is requiring the 3 pass DOD wipe with documentation. Is there a better, more secure way to "sanitize" them. A way that we would be able to prove to the company that the data is actually not retrievable. Or the only way to be sure is actually physically destroying the drive?

NIST 800-88 indicates that either secure erase or sanitize meet acceptable purge methods. Doing a drive wipe that simply overwrites doesn't actually delete all the data on an SSD:

"The mapping layers, and how the flash controller manages memory allocation, pretty much ensure that either erasing or performing a conventional hard drive type of secure erase won’t ensure all data is overwritten, or even erased at all."

User Manual

That said if the company that is supplying the drives requires a specific approach, it's unlikely that you'll have much sway if they are a government organization or any company of size. I wouldn't attempt to go down that rabbit hole unless you are dealing with an small business or individual that perhaps doesn't know better. Anythign bigger has far too much inertia.

 

[bug]

If memory serves, DOD style wipes are from the age of low-density spinners, where a single zeroing will still leave forensically recoverable data. It has not been relevant for a while, not ever since it is discovered that even overwriting mechanical hard disks several times still sometimes left whole sectors of recoverable data, which could be for any reason from reallocation and other mechanisms, to the threats of malware and theoretically, rogue firmware.

Spot on, those wipes were designed to deal with the magnetic properties of a HDD. It's been updated to deal with other mediums, but still does very little for SSDs: https://www.bitraser.com/blog/dod-wiping-the-secure-wiping-standard-to-get-rid-of-data/

Because of how SSDs relocate blocks internally, you can't even be sure you're touched all of them.

 

[Assimilator]

A "DoD wipe" is simply erasing a drive in accordance with the DoD 5220.22-M standard, which was published in 1995 - basically in prehistoric times by computer hardware standards. Any company telling you to use this on SSDs is run by incompetent clowns, because running a DoD wipe on an SSD will unnecessarily consume an entire drive's worth of writes from the NAND while potentially not even touching all the blocks. The people who design SSDs created various commands for securely destroying data stored on NAND devices without having to completely overwrite said NAND, and NIST 800-88 - published in 2014 - is fully aware of SSDs and how to properly erase them. Refer to page 36, "Flash Memory-Based Storage Devices: Purge".

Note that that "Flash Memory-Based Storage Devices: Clear" explicitly calls out the above issues with performing a DoD wipe on an SSD.

 

[Shrek]

BitRaser is DoD 5220.22-M Compliant Drive Wiping Software
claims "erasure from HDDs/SSDs"

KillDisk: Disk Eraser, Wiper & Sanitizer - Erase HDD/SSD/USB/NVMe Securely
"allows you to destroy all data on Hard Disks, Solid State Disks (SSD)"


If the customer specifies a 3 pass DOD wipe, that is the requirement.

 

[azrael]

It should be noted that most consumer SEDs don't enable encryption until the user turns it on. Encryption on windows, both software and hardware, in handled by BitLocker. You can see Crucial's guide for enabled encryption on SEDs here: https://www.crucial.com/support/articles-faq-ssd/setup-ssd-encryption-via-bitlocker

Many people will assume their data is safe when in fact encryption might be entirely disabled.

I specifically do not mean Windows (Bitlocker) encryption. Most SSDs I know of do automatically encrypt the drive for the sole reason that throwing away the encryption key to wipe the drive does not impact the wear on the drive.

 

[evernessince]

I specifically do not mean Windows (Bitlocker) encryption. Most SSDs I know of do automatically encrypt the drive for the sole reason that throwing away the encryption key to wipe the drive does not impact the wear on the drive.

The data is encrypted but no actual verification is done to ensure the user has permission to access said data. There is nothing restricting anyone from accessing said encrypted data by default which defeats the purpose of the encryption in the first place. I was pointing out in my comment how this can be misleading to people as they assume their data is protected when encrypted but in this case it might as well not be encrypted at all unless they go out of their way to actually setup the encryption.

 

[R-T-B]

Nearly all drives that actually support encryption are always running it, its just a matter of whether the controller is set to ask you for a passphrase before handing over the Media Encryption Key (MEK). In the out of the box state, it just hands it right over.

Erasing/Reseting the MEK is the foundation of an ATA enhanced secure erase command.

 

[Shrek]

Erasing/Reseting the MEK is the foundation of an ATA enhanced secure erase command.

So, the information remains present, just not accessible?

All the more reason a DOD wipe might be specified.

 

[bug]

So, the information remains present, just not accessible?

All the more reason a DOD wipe might be specified.

Yeah, it's as accessible as a bitcoin wallet without a password.

It's AES-256, which is post-quantum safe: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Quantum_attacks

 

[Shrek]

But who knows about quantum attacks by future machines so I can see the need to delete the information.

 

[chrcoluk]

Yes, on SSDs it's usually the Secure Erase feature that just throws away the encryption key and it is *very* secure. The data is still there, of course, but without the encryption key it's completely useless. I believe AES encryption is usually used.

I thought secure erase worked by zapping all the sectors to 0 value, hence the warnings often given it will increment erase cycle by one doing it. Does it work differently now then by preserving the data and just wiping the key?

 

[Assimilator]

But who knows about quantum attacks by future machines so I can see the need to delete the information.

That's not how anything works.

I thought secure erase worked by zapping all the sectors to 0 value, hence the warnings often given it will increment erase cycle by one doing it. Does it work differently now then by preserving the data and just wiping the key?

That's not secure erase.

 

[Shrek]

That's not how anything works.

So, a quantum computer of the future could not break AES-256?

Advanced Encryption Standard - Wikipedia
"AES-256 is considered to be quantum resistant..."

 

[ir_cow]

Current encryption is quantum computer safe up to the bit length. 8-qbits does a lot and is working. 128 is the current focus.

 

[Shrek]

I actually feel that error correction will be the Achilles' heel of quantum computing, but now I drift off-topic.