Securely deleting VC data on disposal
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
I am selling a Dell laptop (SSD) having installed VC on part of the drive.
I will be doing a Dell Data Wipe and reinstalling W10 but what do I need to do to ensure that the encrypted data is erased and not accessible ?
Thanks
Last edit: pete jones 2021-12-31
The most secure way to make encrypted data unavailable would be to wipe the whole encrypted parts of the disk. Unfortunately, due to wear-leveling of SSDs, you can never be sure, that the right memory cells will actually be wiped. Additionally, even after a wipe, data could still be left behind, if spare memory area of the SSD is used.
So, the most effective way to make encrypted data on SSDs inaccessible, would be to physically destroy the entire drive. But, I guess, that's not what you want to do.
Using a strong password for your volume at the time of creation could be enough. So maybe it's ok the way it is now.
Filling the entire drive with random data files would be another way to wipe the currently accessible memory cells of the drive at the cost of life reduction of the memory cells. Still, there could be something left behind in spare memory area.
In conclusion, when using SSDs, you can never really be sure to have all the data deleted. At least as far as I know.
Greets
Simply re-encrypt it with another password and ensure the disk is fully formatted. Yes, you will be using up one write cycle of all SSD cells, but it's negligible.
Hi,
Many thanks for the responses. I'm not totally clear on the steps I should take - for example after encrypting do I need to uninstall Veracrypt ?
Would it be possible to list the exact steps ?
Many thanks
Just create, for example, a VeraCrypt container file so big, to fill up all available space on the SSD - after deleting the old volume, of course. If there is more than one partition on the SSD, do this for each of them. Important thing is that there must be a moment when all space on the SSD is filled with data after you deleted your original volume.
It would be nice to have an option (maybe as option in the Verawipe_ to securely delete the headers of VC volumes. The operation can be done in a second and although with SSD nothing is certain, it will be still sufficient for most purposes.
This would make no difference to manually wiping the region of the header with, let's say, dd. When using SSD, it's still uncertain, if the data is actually overwritten. It would be a potentially useless option, that people would complain about.
To be safe to a certain amount, you could do as KoRni told. This way you trade a full write cycle for certain safety.
KoRni's solution is indeed a very good one! However it can be utilized only by someone who is really smart or by someone who is reading this forum. On top of that, if the password is changed for a volume that resides on SSD, its overwritten with the new data, but as its SSD, the old data may still reside on the SSD somewhere (even if overwritten 256 times as it is!). The same problem exists of course if the header is overwritten (as I have suggested) however if "special effort" is made to make such option available, this problem can be eventually mitigated.
Wiping the region of the headerS with dd on the other hand, is too complicated for 99.99% of the users.
Wiping the whole disk may be tooooooo slow and cumbersome, especially if one wants to overwrite it more than once.
P.S. There is one other option, in case the volume to be wiped is nearly full. In such case, its better to mount it and wipe the (secret) data in it. Depending on the size of the VC volume, the amount of data in it, the size of the volume (drive) that holds the volume, this option may be far more secure in case we talk about SSD.
Last edit: Alex 2022-01-04