Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They removed Secure Delete because it doesn't work with SSDs due to the way they work at the hardware level (wear leveling).


couldn't they just immediately issue a "TRIM" afterwards or am I missing something?


No, it doesn’t work reliably, which is why they removed it. It’s better not to have a tool than having a security tool that might work.

Also IIRC secure delete is useless on APFS volumes as they are always fully encrypted, even when FileVault is not enabled.


> It’s better not to have a tool than having a security tool that might work.

This is what I don't get about SMS apps that may or may not send encrypted messages. (Like Apple's own)


In that case the button changes color before sending, making it clear whether the message will be encrypted or not. (I have disabled the SMS fallback, which is indeed problematic.)


TRIM isn't really a command so much as it is a performance hint.

Even at the drive level, deallocating the space used by a file is not the same as erasing it, and actually erasing every flash block that may still contain data from the file would be very expensive for SSDs to implement (both in terms of performance overhead, and in terms of burning out the flash sooner).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: