Introducing Instant Secure Erase
Instant Secure Erase: The Ultimate Solution for Drive Retirement and Disposal
What's this
In case you only skimmed our earlier walk through self-encrypting drives (SEDs), let’s do a quick recap and explain how SED technology solves the numerous issues present in conventional sanitization processes.
- Encryption is the process by which regular text (plaintext) is run through an algorithm and converted into an extremely complicated, alternative version of that text (ciphertext) that is generally unintelligible unless one has the key to reverse the process and change the file back into plaintext. The bit length of the key and the strength of the encryption algorithm play large roles in the total security of the encryption. Today’s most popular, and arguably strongest, encryption approach is the Advanced Encryption Standard (AES).
There are no known successful attacks against AES, although some academic attack methods have been proposed. In terms of brute force attacks, which employ random character generation in an endless search for the correct key, it would take many millions of years using more computing power than exists in the entire world just to crack one 128-bit AES key. Using a 256-bit key is even more powerful. This is why AES is widely considered to be, from a practical perspective, invincible. There are many ways to employ AES encryption on computers through software, some of which are even free. However, encryption is a compute-intensive operation, and software encryption using the AES algorithm can be so demanding on the processor intensive that it may drag down total system performance. Implementing AES encryption via a dedicated ASIC processor eliminates this system resource burden. Such hardware-based encryption can be employed through add-on adapters or, more commonly, directly within hard drives and solid state drives (SSDs). These self-encrypting drives (SEDs) automatically encrypt everything written to the drive from the first moment of installation. When the drive is “unlocked”, the ciphertext is decrypted into plaintext as it leaves the drive. If an SED ever becomes separated from its associated host system, it will not unlock. Any forensic attack will be pointless, because all of the user’s data will be AES-encrypted.
The beauty of Instant Secure Erase on an SED is that there is no lengthy wiping process. None of the encrypted contents of the drive are actually deleted. Rather, the drive simply deletes the data encryption key stored on its hidden partition. You don’t care if any of the old data is on the drive because it’s all still encrypted.At this point, the drive is completely safe to be returned, resold, reformatted, or repurposed.