Right. Like, my use case for SD cards is for my cameras. I want to take pictures and bring them home across international borders. And a 4TB card would be amazing, though probably not fast enough. I simply don’t put files that I don’t want people to find onto my SD cards in the first place.
I don’t know what your particular situation is but if you’re just using it on computers you could use LUKS or BitLocker or FileVault. Then if you want to wipe it, you only need to destroy the key and the data is rendered effectively gone.
I assume you’re joking, but if not: the 4MB of flash you see is not mapped 1:1 with 4MB of actual flash on the SD card. Instead there might be something like 5MB, but your OS only sees 4MB of that.
The extra unallocated space is used as spare sectors (sectors degrade and must be swapped out) or even just randomly if it somehow increases IO performance (depending on the firmware).
Erasing the 4MB visible to your OS will not erase everything, there still may be whole files or fragments of your files sitting in the extra space. Drive-vendor specific commands can reliably access this space (if they exist and are available to you, which they mostly are not). Some secure erase commands may wipe the unallocated space but that’s vendor specific, not documented and I don’t think even supported over the SD interface (although I might be wrong on this last point).
Encryption and physical destruction are your best bets.
The file size discrepancy is usually due to 1000 vs 1024
No, that’s something else entirely. It doesn’t matter what measurement system you use, the drive juggles more sectors than your OS can see.
but filling the drive with random data until its full should wipe the drive.
Only if you assume people can’t access the reserved/unallocated/over-provisioned sectors. If you are only worried about small thieves then this might not be an issue. If you’re handling sensitive data (like medical records for other people or anything with sensitive passwords) then it’s completely inadequate to leave any form of data anywhere on the disk.
Honestly, neither does having to securely wipe SD card (or any storage device for that matter) as one cross the international border like the thread further up suggests. So the whole thing is just having fun with (potentially roleplaying) over paranoid people :)
Tbh, if you’re that nervous about crossing the border with data, I’m sure you could find other ways to use the internet and decent encryption (behind multiple layers and/or people with a Deadman’s switch if you’re really paranoia and worried a judge will force you to unlock the precious 4mb worth of information) to protect your data when crossing a border.
Or probably even safer if you’re talking about just 4mb of data: send it from a random address in one country to a postbox in your destination or something by post. Tampering with mail carries a pretty heavy fine in most countries, chances a random postman opens a random envelope to a random address abroad are basically non existant. Security through obscurity.
I like reading about infosec, but some of it borders on absolute paranoia tbh :)
Meanwhile I’m struggling to find 4MB SD cards, so I can easily overwrite it with random data to securely wipe it between uses.
How the heck do people with 4TB SD cards do data hygiene wipes of their medium before crossing international borders? That would take days…
They don’t
Right. Like, my use case for SD cards is for my cameras. I want to take pictures and bring them home across international borders. And a 4TB card would be amazing, though probably not fast enough. I simply don’t put files that I don’t want people to find onto my SD cards in the first place.
I don’t know what your particular situation is but if you’re just using it on computers you could use LUKS or BitLocker or FileVault. Then if you want to wipe it, you only need to destroy the key and the data is rendered effectively gone.
Yeah that’s best for most things, but SD cards are generally used in situations where that’s not an option. Namely for use in (video) cameras.
The other situation is when I need to transfer a large file to someone else’s device where encryption isn’t an option (rare but happens)
I assume you’re joking, but if not: the 4MB of flash you see is not mapped 1:1 with 4MB of actual flash on the SD card. Instead there might be something like 5MB, but your OS only sees 4MB of that.
The extra unallocated space is used as spare sectors (sectors degrade and must be swapped out) or even just randomly if it somehow increases IO performance (depending on the firmware).
Erasing the 4MB visible to your OS will not erase everything, there still may be whole files or fragments of your files sitting in the extra space. Drive-vendor specific commands can reliably access this space (if they exist and are available to you, which they mostly are not). Some secure erase commands may wipe the unallocated space but that’s vendor specific, not documented and I don’t think even supported over the SD interface (although I might be wrong on this last point).
Encryption and physical destruction are your best bets.
Link to source? The file size discrepancy is usually due to 1000 vs 1024, but filling the drive with random data until its full should wipe the drive.
A good search term is “SSD over-provisioning”
No, that’s something else entirely. It doesn’t matter what measurement system you use, the drive juggles more sectors than your OS can see.
Only if you assume people can’t access the reserved/unallocated/over-provisioned sectors. If you are only worried about small thieves then this might not be an issue. If you’re handling sensitive data (like medical records for other people or anything with sensitive passwords) then it’s completely inadequate to leave any form of data anywhere on the disk.
Encryption.
May I interest you in this $5 wrench?
Hidden volumes / plausible deniability
While I also like that comic, this doesn’t exactly happen regularly and no one here ever needs to worry about something like this.
So unless you’re an international spy or some very important whistleblower that won’t happen.
A court could probably order you to decrypt it but again if they have to do that, odds are that you are doing something pretty terrible.
These SD cards are for photographers and normal expandable storage for devices and not state secrets or something highly illegal.
Honestly, neither does having to securely wipe SD card (or any storage device for that matter) as one cross the international border like the thread further up suggests. So the whole thing is just having fun with (potentially roleplaying) over paranoid people :)
That’s true.
Tbh, if you’re that nervous about crossing the border with data, I’m sure you could find other ways to use the internet and decent encryption (behind multiple layers and/or people with a Deadman’s switch if you’re really paranoia and worried a judge will force you to unlock the precious 4mb worth of information) to protect your data when crossing a border.
Or probably even safer if you’re talking about just 4mb of data: send it from a random address in one country to a postbox in your destination or something by post. Tampering with mail carries a pretty heavy fine in most countries, chances a random postman opens a random envelope to a random address abroad are basically non existant. Security through obscurity.
I like reading about infosec, but some of it borders on absolute paranoia tbh :)
Smash them with fingers.