The Bitstream Blog :: Posts

Dirty Little Secret

Hallo hoppy reader,

I was at the latest Dr. Lance show yesterday, specifically the Flash Memory Summit, and this installment of The Bitstream is about security, or lack thereof, and SSDs.First off, I wanted to thank the folks at Conference ConCepts for the free hot dogs. I haven’t had a dog in quite a while and it was surprisingly good. Anyway, I seem to be in a security mode these days, what with my recent post about OS lock down. This time around, it’s data security and SSDs or solid state drives…

When you retire a disk drive, what do you do with it? Do you format it? Do you “scrub” it before you format it? Do you do nothing? It’s not very difficult, once you have physical possession of a disk drive, to extract any and all useful data on the disk. All it takes is some not very expensive specialized software and some free time. “Scrubbing” has several techie meanings but, in this case, by scrubbing I mean to write random data over the entire disk, up to 35 times as required by the DOE, to ensure that any user generated data is completely obliterated.

Some folks physically shred the disk, which makes it difficult but not impossible to recover any “old” data unless it’s been scrubbed first. I, for one, really love to disassemble disk drives so, after a single pass scrub, I open up the mechanism to remove the crazy strong magnets, as well as the platters, which make very stylish bobèches. All the rest goes into e–waste recycling…What does all this have to do with anything interesting? Read on, patient reader.

Remember I started by mentioning SSDs and security. At the flash memory show, I had an interesting conversation with some academics about flash memory disposal and the inability to scrub an SSD…For those who haven’t gotten into the underlying weirdness of current SSDs, I discussed wear leveling about this time last year. To review, “If a (flash) memory cell is used repeatedly, it will ‘wear out,’ exhibiting increasingly higher error rates. So, smarter (memory product) designers employ some (sort) of read/write distribution of individual cells to minimize the wear and improve global device reliability. Abstraction places dedicated intelligence in between the memory elements themselves and the external controller to provide sophisticated wear leveling algorithms, along with an idealized and standardized external interface.”
OK, so wear leveling will, by definition, sprinkle data all over an SSD in order to prevent memory cell fatigue from causing errors. This, in turn, means that, if you are using the external interface, IDE, SATA, etc., you cannot write to all memory cells in an SSD! This would be the equivalent of the bad blocks that a hard disk controller has mapped as “…bad, naughty blocks. Go to your room.” As with a hard disk, even if you physically destroy an SSD, yo can still probe individual memory cells and retrieve the stored data.

Another interesting difference between rotating and solid state media we discussed was “optimization” and/or defragmentation. Because of the nature of rotating media, it’s advantageous to periodically relocate blocks of data to particular physical locations on the platters. SSDs are the exact opposite. No only do you gain no improvement in performance by shuttling data around on the device, but you actually hasten its demise!

So, as Firesign Theater once said, “Everything you know is wrong!” On that note, I’m outta here. thanks for visiting and, until next, geek on!


Comments are closed.