One has to find the right balance between security and comfort, and this entirely depends on the threat model one has. Nowadays, I will always enable full-disk encryption on all of my devices, even if I then decide to store the keys in TPM and unlock the disk at boot.
I have at least 5 half-broken HDDs sitting around, completely unencrypted, I have no idea if they still work, but they are surely full of private data that I would like to have purged. I fear mechanical destruction might be the only solution for some of them, but just wiping them manually is more effort than doing nothing, so I guess they will still be around for some time. And with SSDs, there is no reliableway delete all data.
With encryption? Just delete the key and you are done.
The threat model changes in the future? Easy, the data is already encrypted.
I thought there was a table method of “destruction”. Like you delete or destroy the table of allocation. Even though the data is on the SSD, its not contiguous like HDD and so its spread into bits everywhere. However failing that, leave them unplugged (unpowered) and in 70°C plus heat, the bits will lose their electrons rapidly.
I have been trying to understand what it is that makes it impossible to reliably wipe an SSD, compared to an HDD. Why wouldn’t filling the drive with 0s work?
One has to find the right balance between security and comfort, and this entirely depends on the threat model one has. Nowadays, I will always enable full-disk encryption on all of my devices, even if I then decide to store the keys in TPM and unlock the disk at boot.
I have at least 5 half-broken HDDs sitting around, completely unencrypted, I have no idea if they still work, but they are surely full of private data that I would like to have purged. I fear mechanical destruction might be the only solution for some of them, but just wiping them manually is more effort than doing nothing, so I guess they will still be around for some time. And with SSDs, there is no reliableway delete all data.
With encryption? Just delete the key and you are done.
The threat model changes in the future? Easy, the data is already encrypted.
This is true. For now…
I thought there was a table method of “destruction”. Like you delete or destroy the table of allocation. Even though the data is on the SSD, its not contiguous like HDD and so its spread into bits everywhere. However failing that, leave them unplugged (unpowered) and in 70°C plus heat, the bits will lose their electrons rapidly.
I have been trying to understand what it is that makes it impossible to reliably wipe an SSD, compared to an HDD. Why wouldn’t filling the drive with 0s work?