And there’s a trivial way to get the key at that point: put it on a cheap, tiny usb key, which is left permanently plugged into the server. At boot, read the password from the USB key, and then use it to mount the encrypted filesystem.

The point is not to protect the key from exposure should someone access the system. Indeed, at that point the data is already compromised, since the filesystem is mounted. The point is to protect the data after the disk is removed, which this does safely. Just don’t dispose of the USB key AND the disk together.

[Of course, we can get more complicated and avoid the USB key disposal problem by having a keyserver. One solution would be a REDIS instance, where the key for each machine can be supplied (once the new machine has its network interface up).]

The point is that it’s not difficult to get this working, saves a lot of hassle and expense dealing with disk disposal, and is a lot more foolproof from a security perspective.

Encryption at the raid controller layer is another option which is interesting but we have not thoroughly tested yet.

You would have to manage distribution of the encryption key(s), but that’s not a big problem – there are many examples of doing this in a mostly secure way just a short google search away. And the security of the key doesn’t have to be overly excessive. One only has to ensure it’s not published outside of the network, or stored unencrypted onto a drive. (If someone hacks into the network to steal the key, then the data is already at risk anyway).

As for performance: all modern CPUs contain hardware support for encryption functions, and all modern OS’s have support for encrypted filesystems that leverage the CPU. The net result is that you can trivially encrypt the content of disks, with minimal performance overhead.

SSD drives are very easy to destroy, and there are many decent ways to do it.

Method 1: Pull the cover, ground the SSD’s negative power lead and apply multiple ultra-high-voltage sparks to the NVRAM chips using a high-voltage spark generator.

There are lots of commercially available spark generators which will work perfectly for this. Some even run on 120 volts, are trigger operated and include full isolation so no gloves or external power supply are needed.

I can hear the buzzzzz right now!

Allow the spark to go through the center of each NVRAM chip’s case. This will totally destroy the chip.

There will be NO accessible information left on the SSD.

Note: Ventilate the area with a low velocity fan to disapate any O-zone vapors.

Total time required, in a production environment, well under 5 minutes per drive.

Method 2: Purchase a small electric ceramics oven (kiln). Place multiple SSD’s as tightly packed as you like, into the kiln and heat it into a 1,200 Celsius 30 minutes cycle. All cooked. No more data – ever.

Silicon junctions in integrated circuits begin to fail above 150 degrees Celsius.

Method 3: Open the SSD and solder #22, 600 volt rated stranded leads directly to the + and Ground rails feeding the NVRAM chips. (This bypasses the over-voltage protection of the 5-volt power supply)

In an electrically isolated environment, connect the Ground lead to AC Neutral, and the + lead to the AC hot lead that is in series with a conventional 120 volt, 100 watt incandescent light bulb. This circuit should float (neither side connected to earth ground) and the power should be fed through a double-pole switch fed from a GFI outlet or circuit with a GFI circuit breaker installed.

Place the device to be burned out under or in a protective cover (i.e. a plexiglass box) on a concrete floor. This prevents any scintillation from hitting the operator.

Apply the power for 30 seconds. Allow to cool for 60 seconds, and there will be no more data.

A very small AC welder can also be used.

Method 4: Buy an old 20-ton stamp press, place an SSD drive between the jaws with the lower jaw flat, and the upper jaw fitted with a carbide tipped pin-grid array, and wearing the appropriate eye-wear depress the activator.

Bah-Dah-Boom, no more data.

This simple approach is fool proof, as it will penetrate and crack the case of each NVRAM chip, breaking the ceramic wafer inside.

——————

Any of these methods can be automated. Methods 1, and 3 can be performed in seconds, quite possibly without having to open the SSD case.

Method 4 also is very, very fast, and does not require case removal or special handling. You will have to sweep the floor afterwards however.

Write me if you’d like a tested prototype developed for you! I can even have it certified!

That ought to do it.