Encryption at rest is nice for when a device has to get retired. Without the key... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

teeray 5 months ago | parent | context | favorite | on: Encryption at Rest: Whose Threat Model Is It Anywa...

Encryption at rest is nice for when a device has to get retired. Without the key, the drive is indistinguishable from random noise. No longer do you need to run DBAN for hours, put the drive through a degausser, or drill holes in it. No worrying about plaintext data hiding due to relocated sectors or wear-leveling. Just purge the keys and you’re done. Then the drive even has a chance at getting responsibly reused.

aftbit 5 months ago [–]

Yeah though SSDs make that even easier, with the aptly named SECURE ERASE command. Modern SSDs encrypt the contents of the drive at rest _anyway_ (transparently, using a key that's baked into the hardware) as encryption algorithms are very good at removing repeated patterns that might degrade the flash over time.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact