What is encryption key reset and why it is safer than zero-write?
I am about to return my ThinkPad laptop to my (former) employer. I found a very nice solution to erase / protect my private data -- ThinkWipe application in ThinkPad's BIOS. I made use of it right away.
However, to my kind of big surprise, it told me that:
- 2 seconds long encryption key reset is a safe method,
- 15 minutes long zero-write (single pass) isn't considered a safe method.
I'd like to update my knowledge in this area.
What is encryption key reset? Doesn't this simply mean that currently used (and valid for decryption) key will be replaced with some random one (and not valid for data decryption)? If that's true then this mean that my data is still there, encrypted of course. Doesn't this mean that if someone would figure out my "old" key or somehow could reverse encryption key reset process, would again gain access to my data.
Anyway, even if I am blind here, this still doesn't change the fact that my data is kept untouched (there is no way that 2-second long process is able to erase entire disk). How then this method can be considered safe while method of replacing every bit of data with zero isn't safe?
I understand that single-pass zeroing isn't "that safe" and only 3-pass can be considered as safe. But... still... I don't get how it isn't safer than just ecnryption key reset.
I have read this question, but it doesn't seem to be fully answering my question here, because it says pretty much nothing about encryption key reset.
Time spent on an operation does not necessarily relate to effectiveness of said method. Simply copying a file to an external drive is much faster and will yield better results than converting it to base64 and then typing it in.
Why is an Encryption Key Reset secure?
Essentially, it means you are okay with the attacker gaining access to your encrypted data, believing that they will not be able to decrypt it. While this sound strange at first, keep in mind that every sensitive information you have ever transmitted over the internet - ranging from your online banking credentials, over health-related data to pictures of your genitals - has undergone this exact process, and we still consider it secure.
We assume that AES-128 and AES-256 is in fact so secure, that without the secret key being known, it is physically impossible to recover the data That's right - we're not talking about statistics anymore, we're talking about physics. Thermodynamics, to be exact. There isn't enough energy in the universe to recover it. And AES has been around since 1998 and it shows no signs of weakness yet.
So when you do an Encryption Key Reset, what you actually do is just delete or overwrite a very small (128 or 256 bit) piece of data. You can do that countless times, very very quickly. As you yourself said, it only takes 2 seconds. I'm sure that after thousands and thousands of writes to the location of the key, it's not recoverable anymore.
Why is zeroing out a drive insecure?
Essentially, you're going down the hard route here. If your data is encrypted already, then zeroing it out or overwriting it with randomness is essentially redundant. Without the key it becomes unreadable anyways, as mentioned above. Zeroing it out certainly doesn't make it less secure, but it won't make it more secure either (practically speaking). What you actually end up doing by zeroing it out is adding wear to your storage, which is particularly bad with SSDs.
Now where zeroing something out is indeed less secure is if the data is stored in plain text, and you're trying to destroy it by overwriting it. Now, the question whether or not a single-pass of zeroing is enough to destroy the data permanently is being debated. Some say it's perfectly fine, others say that specialists can recover the data. I'm not an expert when it comes to forensics, so I will say "Some people claim that a single-pass of zeroing is not enough to fully erase all data" - which is the only factual statement I can give in regards to that.
In the end, zeroing out the key is probably the better method, for various reasons:
- It's a lot faster.
- It doesn't wear your storage device out.
- It's just as secure.
- You should use Full-Disk Encryption anyways.