![]() ![]() Then you need to start making encryption decisions, should your backups also be encrypted? Before you encrypt the first thing you need to do is backup and after you encrypt backup again. The problem is when something minor goes wrong and the encryption prevents you from recovering your data. Encryption, when properly implemented, can prevent even you from accessing your data, and that is by design. Ok, so proper and full wiping of SSDs is a no go, that's a pretty bad flaw in the design of the system.Any number of encryption systems I have worked with have had similar issues. Fortunately, I've got nothing huge to hide, just identity and shopping credentials and the usual stuff, nothing major, but I read something the other day about how a LOT of hardware, especially phones, are ending up being sold used that the dealer never properly erased and it's contributing to ID thefts. I tried bitlocker when it was first in existance in an OS (don't even remember when that was) and when I had to use system restore, the restore failed, so I am hesitant to use that. I hope to get an SSD at tax time, if things work out. It's hypothetical, I'm seeking knowledge since it hasn't been discussed in this forum that I've seen as of late. Note that some manufacturers simply erase all copies of the data encryption key on SED-featured drives and do not actually erase all blocks. As already noted technologies such as wear-leveling likely will leave data on your drive, even after attempting to logically erase every block. If you do not trust encryption, then you would need to review the manufacturer capabilities for secure erasure. That makes the data on the drive unintelligible to third parties.Įven if an SSD does not support SED, you may want to consider full-disk-encryption if you are concerned. This will encrypt the content encryption key with a wrapping key known only to you or your physical host (via TPM, for instance). With an SSD that provides a SED feature you may best be served by "enabling" its use through bitlocker or similar options. Many (most/all?) implementations will always encrypt all data on the drive, but leave the encryption key unprotected by default. Many SSDs support SED (self-encrypting-drive) technology. Do you have an SSD of which you want to forfeit physical possession? Or is this a hypothetical question? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |