0

I was just catching up on best practices for securely erasing data from a Mac. At one point I remember reading:

For SSD drives it is no longer recommended to fully write ones/zeroes/random bits on the disk. Use encryption instead.

Now, I am thinking of two starting points:

  1. Your disk was not encrypted
  2. Your disk was encrypted, but you are not sure if the new owner had the key

In both cases giving the laptop to the new owner would not be secure, deleting everything beforehand is a good step (and in practice strong enough for me personally) but I am not sure if that is sufficient.

Now my question:

Suppose you have one of these two starting points, THEN you erase the drive normally and format it to be encrypted, are you then secure?

The 'threat' I was worried about, is that the new owner would be able to format it back to the old way (e.g. without encryption, or with a specific encryption key) and it might be possible to use classical data retrieval techniques.

Perhaps it does not work like this (or it depends on the hardware), but I am hoping to understand if encryption of a disk means its previous contents can also not be retrieved anymore.

kenlukas
  • 835
  • 6
  • 18
Dennis Jaheruddin
  • 1,715
  • 11
  • 17
  • Encryption does not "remove" data – schroeder Mar 25 '22 at 13:42
  • Data encryption has to be activated before you write sensitive data to the disk not after. – Robert Mar 25 '22 at 16:53
  • Related [Does formatting an SSD securely delete all data?](https://security.stackexchange.com/a/243795/86735) and [Wiping an SSD with Parted Magic seemed too quick](https://security.stackexchange.com/q/183286/86735) – kelalaka Mar 25 '22 at 18:54

1 Answers1

2

If you store data on an SSD and then encrypt it, some unencrypted residue may still be present in the flash chips (it's not accessible through the normal storage protocol - SATA/SAS/NVMe/USB - though). The more the SSD is written to after encryption and the more completely it is filled, the smaller that residue gets.

The exact amount depends on the flash controller's wear-leveling algorithm and the (spare) capacity of the SSD. Most often, you don't know much about that and can only guess.

So no, you're not entirely secure encrypting an SSD after sensitive data has been written to it without encryption.

Usually, you encrypt a drive right after installation and only then do you write sensitive data to it.

Some drives have a secure erase feature that allows you to kill all data at a low level.

And of course, if you want to erase a disk (HDD or SSD), all blocks need to be overwritten (multiple times for SSD as outlined above, one time for HDD is sufficient). Deleting files, quick formating, or deleting a partition all don't really remove data from the drive and can largely be undone.

Zac67
  • 386
  • 2
  • 8
  • 1
    There is another potential problem: When you activate encryption usually only used sectors are encrypted (unless configured otherwise, not sure about encryption on Mac). This means the sectors not being overwritten can be more than just the spare sectors currently not mapped to a logical sector. – Robert Mar 25 '22 at 16:55
  • @Robert Good point - whether the whole drive is (pre)encrypted or just the used space depends on the actual implementation (*block level* vs. *filesystem level* encryption may make a difference). – Zac67 Mar 25 '22 at 17:10
  • Even a block level encryption can initially just encrypt the used disk space. Most file-systems have a free/used bit mask or something similar so it is easy to limit encryption to the used blocks. – Robert Mar 25 '22 at 17:14
  • A *filesystem-agnostic* block-level encryption needs to encrypt the whole disk, but there are many different approaches. – Zac67 Mar 26 '22 at 12:06
  • It's not possible to access the "spare" part of the SSD disk using normal methods, so a single overwrite is enough for more intents and purposes. – Artem S. Tashkinov Mar 27 '22 at 10:22
  • @ArtemS.Tashkinov It's not (usually) possible via the flash controller, but it's certainly possible by accessing the flash memory chips directly. – Zac67 Mar 27 '22 at 10:51
  • And again, this can be done by the OEM only using very expensive equipment. Let's remain sensible and stop asking people to do illogical things because they feel reasonable to you. They aren't or otherwise you'd operate with facts and provide links. – Artem S. Tashkinov Mar 27 '22 at 10:52
  • @ArtemS.Tashkinov That isn't expensive at all - flash controlling circuitry is easy and cheap to get. – Zac67 Mar 27 '22 at 10:54
  • Facts, links, studies, please. Cases when people's data has been extracted from the spare area or I'll call this BS. This is a technology website, not "trust me bro" website. I still remember when people argued you needed to overwrite HDD multiple times to securely erase data and then **no one** had ever provided a single case when data from the overwritten HDD was extracted and then NSA or FBI (don't remember now) admitted they had never been able to do that either. And then you **believe** the data in this spare area is stored as is. You do **not** know it. – Artem S. Tashkinov Mar 27 '22 at 10:55
  • @ArtemS.Tashkinov For instance, see https://www.tomshardware.com/picturestory/655-ssd-flash-recovery-2.html - while that shows a professional service, all important steps can be done at home with more effort. Not easy, but certainly not too expensive. – Zac67 Mar 27 '22 at 13:46
  • The necessity for multiple overwrites of HDDs was based on a study by Peter Gutmann in 1996 for then-obsolete technology (MFM/RLL). It was pretty obsolete from the beginning but got stuck in many heads. – Zac67 Mar 27 '22 at 13:48
  • This article is 8 years old and talks about flash which indeed could be read by certain equipment. Modern SSDs however are a whole different beast altogether. Again, I've not seen a single story where anything has been recovered after simple `cat /dev/zero > /dev/nvme0n1` – Artem S. Tashkinov Mar 27 '22 at 23:10