System Encryption With Veracrypt/Truecrypt- What is the difference between Wipe Mode "None" and 3 pass, 1 pass etc?

Question

First I wanted to make sure we're talking about using a Non-SSD Hard drive. I know SSD drives work differently.

Here would be a good reference/guide on system encryption: https://www.howtogeek.com/howto/6169/use-truecrypt-to-secure-your-data/

If someone were to encrypt their System partition (Ex. Windows 7 parition) with VeraCrypt or Truecrypt. They would click on **"Encrypt System Partition or Drive" **

There will be a section that asks you "Which Wipe Mode" do you want to use?** You can choose "None" "1 pass" "3 pass" etc.

What is the difference between None and 1 pass, 3 pass etc?

For example, lets say I have a 1TB Non SSD Hard Drive with 1 partition (1TB) (The system partition) with Windows 7.

1. If I use Truecrypt/Veracrypt to encrypt the system partition with a STRONG PASSWORD that nobody knows. Even if I choose the Wipe Mode "NONE", the entire partition will be encrypted with a STRONG PASSWORD. As long as nobody knows that password, shouldn't nobody be able to access ANY of the information on the hard drive? Even the unencrypted data + free space data PRIOR to doing a system encryption? Is this correct? Or if you choose NONE, can your data prior to encryption be recovered?

2. If I choose the Wipe Mode "1 pass" or "3 pass", does that just Wipe all the unencrypted data + free space PRIOR to or DURING encrypting the system partition? So, if you have a STRONG PASSWORD, nobody can access the data anyways- Wiped or not wiped? is this correct?

   Is this correct? What is the difference between choosing "None" vs "1 pass" or "3 pass" for the Wipe Mode?

(This is probably the most important question)

3. Is all my unencrypted data prior to system encryption** (All the unencrypted data on my system partition + free space data) **safe once I've done a System encryption with a STRONG PASSWORD?

Answer 1

To answer the specific points you brought up let me take them one at a time, and note that this answer is specifically for NON SSD drives.

1. As long as nobody ever gets your password then there's no point to wiping the freespace. The benefit to wiping the freespace is that in a normal systme when files are deleted, the are they are stored at is simply marked as 'available', so the file contents are still on the disk. When you encrypt your whole drive you're also encrypting those remnants of previously deleted files. This means if your password is ever compromised and decrypted, those files you 'deleted' prior to encryption may be recoverable.

2. If you want to learn more about the differences between a single pass wipe and a multiple pass check out the answer to this question. In this case there really is no discernible difference between a single pass and a 3 pass wipe. Some people just like doing a 3 pass because that's what they're used to doing in the past.

3. All your data after encrypting with a strong password is safe as long as you also don't write your password down, or re-use that password, etc. (apply all standard good password practices). The one possible exception would be bad sectors where the drive has failed, and can't normally retrieve data from that location, but a forensic lab could recover data from those damaged sectors. The only way to prevent that is to encrypt the drive when it's brand new.