Cryptographic erasure is a media sanitization technique based on erasing or replacing the Media Encryption Key (MEK) of a Self-Encrypting Drive (SED), including modern SSDs that store data in an encrypted form. SEDs have “always-on” encryption, and therefore, performing cryptographic erasure (or crypto erase) on such SSDs renders the target data unrecoverable — in the form of ciphertext.
Notably, the crypto-erase technique can sanitize all addressable memory locations on an SSD except unencrypted areas such as those storing pre-boot applications. Also, the effectiveness of cryptographic erasure depends upon the encryption algorithm’s robustness.
This KB outlines a professional technique to perform cryptographic erasure on SSDs using BitRaser Drive Eraser software. The tool implements the Cryptographic Erase (CE) technique to sanitize all types of self-encrypting drives, and it generates tamper-proof certificates & reports for the cryptographically erased SSDs.
Using the software, you can perform cryptographic erasure on the following types of solid-state drives:
BitRaser Drive Eraser performs cryptographic erasure on SSDs within 15 minutes based on the following steps and requirements.
Stage 1: Download BitRaser Drive Eraser ISO file [Duration: 5 minutes]
In this step, you download the software ISO file from your BitRaser cloud account after purchasing the licenses.
1. Log into BitRaser Cloud using your registered email and password.
2. Download the BitRaser ISO file by clicking the “Download BitRaser Drive Eraser ISO” link in the dropdown menu on the top right corner. Save the ISO file on your local computer.
Stage 2: Create BitRaser bootable USB media [Duration: 5 minutes]
In this stage, you burn the BitRaser ISO file on a USB flash drive to create a bootable wiping media for executing SSD cryptographic erasure in Stage 3. Here are the steps:
For Windows PC users
4. Click 'START' to proceed with bootable media creation.
5. Click 'YES' to confirm and start the process.
For Mac users
Stage 3: Start cryptographic erasure process on SSDs using the bootable USB [Duration: 5 minutes]
Once you have the bootable USB ready, follow these steps to perform crypto erase:
Using the method described in the KB, you will be able to perform cryptographic erasure on solid-state drives as per the NIST 800-88 Purge standard or BitRaser SSD & Secure Erase Standard. After erasing the drives, the software will generate digitally signed reports & certificates of erasure and upload them to your BitRaser Cloud account.
|US Department of Defense, DoD 5220.22-M (3 passes)|
|US Department of Defense, DoD 5200.22-M (ECE) (7 passes)|
|US Department of Defense, DoD 5200.28-STD (7 passes)|
|Russian Standard – GOST-R-50739-95 (2 passes)|
|B.Schneier’s algorithm (7 passes)|
|German Standard VSITR (7 passes)|
|Peter Gutmann (35 passes)|
|US Army AR 380-19 (3 passes)|
|North Atlantic Treaty Organization-NATO Standard (7 passes)|
|US Air Force AFSSI 5020 (3 passes)|
|Pfitzner algorithm (33 passes)|
|Canadian RCMP TSSIT OPS-II (4 passes)|
|British HMG IS5 (3 passes)|
|Pseudo-random & Zeroes (2 passes)|
|Random Random Zero (6 passes)|
|British HMG IS5 Baseline standard|
|NAVSO P-5239-26 (3 passes)|
|NCSG-TG-025 (3 passes)|
|5 Customized Algorithms & more|