[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Advice on encrypted filesystem



On 6/27/20 6:00 AM, David Christensen wrote:
On 2020-06-26 18:25, David Wright wrote:

There's still the problem of what one does about sensitive data if
one has been rash enough to write it unencrypted onto an SSD. Would
shred -n 1   be preferable? Not really, because that doesn't hit the
ex-file areas. What then?

The best option is to command the SSD firmware to do a "secure
delete". Some SSD manufacturers provide utilities for doing this.
Alternatively, it can be done from the command line with Linux.


On 2020-06-27 01:05, Admin4 wrote:
> 1) backup your data to external usb drive
>
> 2) reinstall with encrypted enabled
>
> 3) restore data

That process is likely to leave both host-accessible and hidden unencrypted blocks from the prior installation on the device.


> = a lot of unencrypted data get's overwritten (if user does not have a
> lot of data, generate some X-D)

"a lot" is not the same as "all". The ATA secure erase command is designed to erase all blocks, both host-accessible and hidden.


David


Reply to: