Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[James B. Byrne]

On Thu, May 10, 2018 12:00, m.r...@5-cent.us wrote:
>
>
> On the other hand... static, and unchanging, right, and how many
> minutes of Amazon S3 will it take to break the encryption?

None.  If it is NSA certified there will be a backdoor.

-- 
***  e-Mail is NOT a SECURE channel  ***
Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[m . roth]

Sean wrote:
> Probably too late for consideration at this point, but there are
> Enterprise Class SSDs available with DoD/NSA certified/approved self
encryption
> capability.  The concept is that encryption is a hardware feature of the
> drive, when you want to dispose of it, you throw away the key.  This
> allows vendors to receive broken drives back from GOV/MIL clients
securely so
> that failure methods can be researched.
>
> Dell and EMC have been presenting this to us at storage briefs for a
> couple of years now.
>
On the one hand, it's certainly not too late - we're trying to figure out
what to do *before* it happens, so we don't run around like chickens with
their head cut off when it does.

On the other hand... static, and unchanging, right, and how many minutes
of Amazon S3 will it take to break the encryption?

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[Sean]

Probably too late for consideration at this point, but there are Enterprise
Class SSDs available with DoD/NSA certified/approved self encryption
capability.  The concept is that encryption is a hardware feature of the
drive, when you want to dispose of it, you throw away the key.  This allows
vendors to receive broken drives back from GOV/MIL clients securely so that
failure methods can be researched.

Dell and EMC have been presenting this to us at storage briefs for a couple
of years now.

--Sean


On Thu, May 10, 2018 at 8:00 AM <centos-requ...@centos.org> wrote:

> From: m.r...@5-cent.us
> To: CentOS mailing list <centos@centos.org>
> Cc:
> Bcc:
> Date: Wed, 9 May 2018 11:35:21 -0400
> Subject: Re: [CentOS] OT: hardware: sanitizing a dead SSD?
> James Szinger wrote:
> > Disclaimer: My $dayjob is with a government contractor, but I am speaking
> > as  private citizen.
> >
> > Talk to your organization's computer security people.  They will have a
> > standard procedure for getting rid of dead disks.  We on the internet
> > can't > know what they are.  I'm betting it involves some degree of
> paperwork.
> >
> > Around here, I give the disks to my local computer support who in turn
> > give them the institutional disk destruction team.  I also zero-fill the
> disk
> > if possible, but that's not an official requirement.  The disk remains
> > sensitive until the process is complete.
> >
> Federal contractor here, too. (I'm the OP). For disks that work, shred or
> DBAN is what we use. For dead disks, we do the paperwork, and get them
> deGaussed. SSD's are a brand new issue. We haven't had to deal with them
> yet, but it's surely coming, so we might as well figure it out now.
>
>   mark
>
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[Fred Smith]

On Wed, May 09, 2018 at 09:46:30AM -0400, Stephen John Smoogen wrote:
> On 9 May 2018 at 07:18, Pete Biggs  wrote:
> > On Wed, 2018-05-09 at 13:00 +0200, Leon Fauster wrote:
> >> > Am 08.05.2018 um 21:46 schrieb Stephen John Smoogen :
> >> >
> >> > On 8 May 2018 at 15:34,   wrote:
> >> > > Anyone have any clues about how to sanitize a dead SSD? We haven't had 
> >> > > it
> >> > > yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
> >> > > dead disk gets deGaussed, but what the hell do you do with a SSD?
> >> > >
> >> >
> >> > SSD disks must be shredded as the data has been written over multiple
> >> > sectors many times to 'even the writes'. This allows for even a 'dead'
> >> > disk to be disassembled with 'off-the-shelf' equipment to extract
> >> > items from the dead places. Depending on the data involved, there may
> >> > be different levels of shredding and destruction of shreds required.
> >>
> >>
> >> What would someone use to do this? An industrial blender, circular saw ...?
> >>
> >
> > https://www.youtube.com/watch?v=aE8kwu3dm3o
> >
> > https://www.youtube.com/watch?v=YqW4djlQUoE
> >
> 
> Yes. Depending on the data type, the 'dust' at the other end may need
> to be ground through another machine so that all parts are less than
> some specified size ( I think it was below 0.5 cm x 0.5 cm x0.5cm.)
> Then again depending on the data type, those bits are poured into
> concrete or taken to a specialized chemical incinerator.

Makes sense. I was thinking that some of the flash chips in the
SSD could have survived that machine and would need to be further
processed for some certainty of security.

-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
The Lord detests the way of the wicked 
  but he loves those who pursue righteousness.
- Proverbs 15:9 (niv) -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[Stephen John Smoogen]

On 9 May 2018 at 11:52, John Hodrien  wrote:
> On Wed, 9 May 2018, m.r...@5-cent.us wrote:
>
>> Federal contractor here, too. (I'm the OP). For disks that work, shred or
>> DBAN is what we use. For dead disks, we do the paperwork, and get them
>> deGaussed. SSD's are a brand new issue. We haven't had to deal with them
>> yet, but it's surely coming, so we might as well figure it out now.
>
>
> Does anyone use hdparm's enhanced security erase feature for wiping working
> drives?
>
> Sounds more secure than DBAN/shred, and potentially faster too.  It's not
> something I've used.
>

It really depends on if the drive actually does what the commands say
it does. Most modern drives should do the reset/erase of
sectors/cells.. but if the drive manufacturer decides "well we could
short cut this by having it just read every sector as 0 until written"
and you think you have wiped the data, but it is still there for
physical audit. And we have all seen enough dodgy "well this is the
lowest end drive we are losing money on if we sell it.. unless we cut
corners" to know someone somewhere is going to do that. Which then
will make it probably just an additional step everyone has to do.

1. secure wipe drive
2. run dban/shred for 3-4 wipes.
3. fill out paperwork that you did 1 and 2.
4. secure wipe drive
5. send to industrial shredder.


> jh
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[John Hodrien]

On Wed, 9 May 2018, m.r...@5-cent.us wrote:


Federal contractor here, too. (I'm the OP). For disks that work, shred or
DBAN is what we use. For dead disks, we do the paperwork, and get them
deGaussed. SSD's are a brand new issue. We haven't had to deal with them
yet, but it's surely coming, so we might as well figure it out now.


Does anyone use hdparm's enhanced security erase feature for wiping working
drives?

Sounds more secure than DBAN/shred, and potentially faster too.  It's not
something I've used.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[m . roth]

James Szinger wrote:
> Disclaimer: My $dayjob is with a government contractor, but I am speaking
> as  private citizen.
>
> Talk to your organization's computer security people.  They will have a
> standard procedure for getting rid of dead disks.  We on the internet
> can't > know what they are.  I'm betting it involves some degree of
paperwork.
>
> Around here, I give the disks to my local computer support who in turn
> give them the institutional disk destruction team.  I also zero-fill the
disk
> if possible, but that's not an official requirement.  The disk remains
> sensitive until the process is complete.
>
Federal contractor here, too. (I'm the OP). For disks that work, shred or
DBAN is what we use. For dead disks, we do the paperwork, and get them
deGaussed. SSD's are a brand new issue. We haven't had to deal with them
yet, but it's surely coming, so we might as well figure it out now.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[James Szinger]

Disclaimer: My $dayjob is with a government contractor, but I am speaking
as  private citizen.

Talk to your organization's computer security people.  They will have a
standard procedure for getting rid of dead disks.  We on the internet can't
know what they are.  I'm betting it involves some degree of paperwork.

Around here, I give the disks to my local computer support who in turn give
them the institutional disk destruction team.  I also zero-fill the disk if
possible, but that's not an official requirement.  The disk remains
sensitive until the process is complete.

Jim
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[Mauricio Tavares]

On Wed, May 9, 2018 at 9:46 AM, Stephen John Smoogen  wrote:
> On 9 May 2018 at 07:18, Pete Biggs  wrote:
>> On Wed, 2018-05-09 at 13:00 +0200, Leon Fauster wrote:
>>> > Am 08.05.2018 um 21:46 schrieb Stephen John Smoogen :
>>> >
>>> > On 8 May 2018 at 15:34,   wrote:
>>> > > Anyone have any clues about how to sanitize a dead SSD? We haven't had 
>>> > > it
>>> > > yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
>>> > > dead disk gets deGaussed, but what the hell do you do with a SSD?
>>> > >
>>> >
>>> > SSD disks must be shredded as the data has been written over multiple
>>> > sectors many times to 'even the writes'. This allows for even a 'dead'
>>> > disk to be disassembled with 'off-the-shelf' equipment to extract
>>> > items from the dead places. Depending on the data involved, there may
>>> > be different levels of shredding and destruction of shreds required.
>>>
>>>
>>> What would someone use to do this? An industrial blender, circular saw ...?
>>>
>>
>> https://www.youtube.com/watch?v=aE8kwu3dm3o
>>
>> https://www.youtube.com/watch?v=YqW4djlQUoE
>>
>
> Yes. Depending on the data type, the 'dust' at the other end may need
> to be ground through another machine so that all parts are less than
> some specified size ( I think it was below 0.5 cm x 0.5 cm x0.5cm.)
> Then again depending on the data type, those bits are poured into
> concrete or taken to a specialized chemical incinerator.
>

  Depending on your location, have you considered volcano? =)

>> P.
>>
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>
>
>
> --
> Stephen J Smoogen.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[Stephen John Smoogen]

On 9 May 2018 at 07:18, Pete Biggs  wrote:
> On Wed, 2018-05-09 at 13:00 +0200, Leon Fauster wrote:
>> > Am 08.05.2018 um 21:46 schrieb Stephen John Smoogen :
>> >
>> > On 8 May 2018 at 15:34,   wrote:
>> > > Anyone have any clues about how to sanitize a dead SSD? We haven't had it
>> > > yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
>> > > dead disk gets deGaussed, but what the hell do you do with a SSD?
>> > >
>> >
>> > SSD disks must be shredded as the data has been written over multiple
>> > sectors many times to 'even the writes'. This allows for even a 'dead'
>> > disk to be disassembled with 'off-the-shelf' equipment to extract
>> > items from the dead places. Depending on the data involved, there may
>> > be different levels of shredding and destruction of shreds required.
>>
>>
>> What would someone use to do this? An industrial blender, circular saw ...?
>>
>
> https://www.youtube.com/watch?v=aE8kwu3dm3o
>
> https://www.youtube.com/watch?v=YqW4djlQUoE
>

Yes. Depending on the data type, the 'dust' at the other end may need
to be ground through another machine so that all parts are less than
some specified size ( I think it was below 0.5 cm x 0.5 cm x0.5cm.)
Then again depending on the data type, those bits are poured into
concrete or taken to a specialized chemical incinerator.

> P.
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[Pete Biggs]

On Wed, 2018-05-09 at 13:00 +0200, Leon Fauster wrote:
> > Am 08.05.2018 um 21:46 schrieb Stephen John Smoogen :
> > 
> > On 8 May 2018 at 15:34,   wrote:
> > > Anyone have any clues about how to sanitize a dead SSD? We haven't had it
> > > yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
> > > dead disk gets deGaussed, but what the hell do you do with a SSD?
> > > 
> > 
> > SSD disks must be shredded as the data has been written over multiple
> > sectors many times to 'even the writes'. This allows for even a 'dead'
> > disk to be disassembled with 'off-the-shelf' equipment to extract
> > items from the dead places. Depending on the data involved, there may
> > be different levels of shredding and destruction of shreds required.
> 
> 
> What would someone use to do this? An industrial blender, circular saw ...?
> 

https://www.youtube.com/watch?v=aE8kwu3dm3o

https://www.youtube.com/watch?v=YqW4djlQUoE

P.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[rainer]

Am 2018-05-09 13:00, schrieb Leon Fauster:
Am 08.05.2018 um 21:46 schrieb Stephen John Smoogen 
:


On 8 May 2018 at 15:34,   wrote:
Anyone have any clues about how to sanitize a dead SSD? We haven't 
had it
yet, but we're sure it's coming. Esp. since I'm a federal contractor, 
a

dead disk gets deGaussed, but what the hell do you do with a SSD?



SSD disks must be shredded as the data has been written over multiple
sectors many times to 'even the writes'. This allows for even a 'dead'
disk to be disassembled with 'off-the-shelf' equipment to extract
items from the dead places. Depending on the data involved, there may
be different levels of shredding and destruction of shreds required.



What would someone use to do this? An industrial blender, circular saw 
...?



Lot's of specialized companies in that field.

Some of our customers require a protocol of destruction for disks, with 
serial numbers.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[Leon Fauster]

> Am 08.05.2018 um 21:46 schrieb Stephen John Smoogen :
> 
> On 8 May 2018 at 15:34,   wrote:
>> Anyone have any clues about how to sanitize a dead SSD? We haven't had it
>> yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
>> dead disk gets deGaussed, but what the hell do you do with a SSD?
>> 
> 
> SSD disks must be shredded as the data has been written over multiple
> sectors many times to 'even the writes'. This allows for even a 'dead'
> disk to be disassembled with 'off-the-shelf' equipment to extract
> items from the dead places. Depending on the data involved, there may
> be different levels of shredding and destruction of shreds required.


What would someone use to do this? An industrial blender, circular saw ...?

--
LF

   



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[fred roller]

Like the others have mentioned, shredding is the best.  Esp. since it is
Federal.  DoD spec only considers shredded destroyed afaik.  SSD or not
this was my normal practice for that same reason. HIH.  Extreme is smelting
the drive to molten but that is extremely sensitive data destruction.

Fred
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[Always Learning]

On Tue, 2018-05-08 at 15:46 -0400, Stephen John Smoogen wrote:

> SSD disks must be shredded as the data has been written over multiple
> sectors many times to 'even the writes'. This allows for even a 'dead'
> disk to be disassembled with 'off-the-shelf' equipment to extract
> items from the dead places. Depending on the data involved, there may
> be different levels of shredding and destruction of shreds required.

Do SSDs have an inbuilt destroy mechanism, like hard disks do ?


-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[Rainer Duffner]

> Am 08.05.2018 um 21:34 schrieb m.r...@5-cent.us:
> 
> Anyone have any clues about how to sanitize a dead SSD? We haven't had it
> yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
> dead disk gets deGaussed, but what the hell do you do with a SSD?
> 

If you don’t want to shred, use full-disk-encryption (laptop/pc).

In a server, shredding is probably the sanest option.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[Stephen John Smoogen]

On 8 May 2018 at 15:34,   wrote:
> Anyone have any clues about how to sanitize a dead SSD? We haven't had it
> yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
> dead disk gets deGaussed, but what the hell do you do with a SSD?
>

SSD disks must be shredded as the data has been written over multiple
sectors many times to 'even the writes'. This allows for even a 'dead'
disk to be disassembled with 'off-the-shelf' equipment to extract
items from the dead places. Depending on the data involved, there may
be different levels of shredding and destruction of shreds required.


> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[Albert McCann]

> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of m.roth@5-
> cent.us
> Sent: Tuesday, May 08, 2018 3:35 PM
> To: CentOS <centos@centos.org>
> Subject: [CentOS] OT: hardware: sanitizing a dead SSD?
> 
> Anyone have any clues about how to sanitize a dead SSD? We haven't had it
> yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
> dead disk gets deGaussed, but what the hell do you do with a SSD?

A five pound ball-peen hammer. Or if you're feeling adventurous, a few seconds 
in a microwave oven, but set it up outside, so as not to set off the smoke 
alarms.

A drive grinding machine would do, but those are less fun for just a single 
drive.

--
Experience varies directly with equipment ruined.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[Tom Bishop]

On Tue, May 8, 2018, 2:35 PM  wrote:

> Anyone have any clues about how to sanitize a dead SSD? We haven't had it
> yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
> dead disk gets deGaussed, but what the hell do you do with a SSD?
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos


Most places I know shred them, even if they are not dead.

>
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: hardware: sanitizing a dead SSD?

[m . roth]

Anyone have any clues about how to sanitize a dead SSD? We haven't had it
yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
dead disk gets deGaussed, but what the hell do you do with a SSD?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos