Hey everyone, I’ve been going down a bit of a hardware rabbit hole lately and wanted to get some perspective from the community here. I’ve recently started a project to build out a more robust “cold storage” setup for my sensitive backups—think offline password database copies, scanned legal docs, and old family photos.
A friend of mine who works in a data center recently gave me a handful of older enterprise-grade drives that were destined for the shredder. They are a bit of an oddity by today’s standards: 400GB 3.5-inch SATA 3Gbps SSDs. You don’t see the 3.5-inch form factor for SSDs much anymore unless it’s in a massive legacy server rack, and the 3Gbps (SATA II) speed is obviously a bottleneck compared to modern NVMe drives. However, for a simple air-gapped vault that I’m only accessing once every few months, the speed doesn’t really bother me.
My main concern, and the specific point I wanted to dig into, is the reliability of hardware-based “Secure Erase” and the potential for data remnants on these older controllers. I’ve always been a bit skeptical of built-in firmware commands for data sanitization. On these older SATA 3Gbps models, the wear-leveling algorithms were often quite aggressive, and I’m worried that a standard “Secure Erase” might not actually be hitting all the cells, especially if the controller has remapped blocks that it considers “bad” but still contain readable data if someone were to physically pull the NAND chips.
I’ve traditionally used software-based encryption (LUKS or VeraCrypt) on top of my drives, but I’ve read conflicting reports about how TRIM and wear-leveling on older SSDs interact with encrypted volumes. Some people argue that these legacy controllers can actually leak metadata about which blocks are in use, which might not reveal the content but could theoretically help with traffic analysis or determining how much data is actually stored.
I’m trying to move away from my old “just drill a hole in it” philosophy for retired hardware and actually be more sustainable by reusing these 400GB units. They feel incredibly sturdy compared to the flimsy plastic consumer drives we see now, but the privacy trade-off is what’s stopping me from committing.
I’m curious to hear your thoughts. When dealing with “vintage” enterprise SSDs like these, do you trust the hardware-level sanitization, or do you think the firmware of that era is too much of a “black box” to be considered secure for sensitive data? Is it safer to just stick with multiple rounds of software-level overwrites, even if it might shorten the life of the drive?
Does anyone else still rely on legacy hardware for their privacy setups, or is the risk of outdated firmware vulnerabilities just too high to justify the cost savings?