Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
IAmLiterallyAB 21 hours ago

As far as I know, there is NO way to securely erase a USB flash drive (barring some undocumented vendor specific commands that may exist).

rationalist 21 hours ago | parent | next [-]

Overwrite every single bit with innocuous files?

IAmLiterallyAB 21 hours ago | parent | next [-]

That doesn't work on any* NAND flash device, be it a flash drive, NVME, SATA, whatever.

The block device you see is an abstraction provided by the SSD controller. In reality, the flash capacity is larger. Pages are swapped out for wear leveling. If a block goes bad, it'll be taken out of commission, and your data may hide in there.

All of this happens on the SSD controller. The kernel doesn't know. You have no way to directly erase or modify specific blocks.

*Okay, there are raw NAND flash chips without controllers, but that is not you're working with when you have a SSD or flash drive. If you do have a raw flash chip, you can more directly control flash contents.

rationalist 6 hours ago | parent [-]

Ah, makes sense, thank you.

Gigachad 21 hours ago | parent | prev [-]

This is what `shred` and other secure wipes do. There is some concern over data stored in sections which the firmware has swapped out and made inaccessible. But if this is a concern to you, then you should be using full disk encryption anyway which makes all of this a non issue.

jeffbee 20 hours ago | parent | prev [-]

This is broadly true of cheap thumb drives, but not true of all USB flash drives. The larger ones generally do support secure erase. E.g. the Crucial X6. I don't know if these use secret vendor commands, or if they use the standard SCSI "sanitize" command.