Hello,
Before encrypting USB media with Gnome’s Disks software, the program suggests erasing the existing content.
Does this seem useful to you, given that the entire medium is then written to during the encryption itself ?
Doesn’t this operation add a writing cycle for nothing ?
Thanks,
Depends on if you want the existing data to be unrecoverable?
The entire medium is not written to when the disk is encrypted, that is the point of this setting. If you have 16GB of unencrypted data on a 16GB drive, and then you format the drive with encryption and add 8GB of data to it, there is still 8GB of potentially recoverable data remaining from before the format.
Indeed, I’d like the data to be unrecoverable
Is it known how time Disks wipes the support before encrypting it ?
It’s also a question of hiding metadata, not just the recoverability of old data. If the disk is overwritten beforehand, then the attacker cannot determine how much encrypted data is on the disk.
this goes out the window when fstrim is used, which is a conundrum as it is also essential to minimize cell wear or slower writes in the case of smr disks
I was wondering about the number of passes that Gnome’s Disks software makes when the “Erase” option is enabled,
When in doubt, isn’t it preferable to use the :
shred -n 3 -z -u /media/path
to make the data irrecoverable before encryption ?
I skimmed the source and it appears to just invoke the ATA secure erase function, with enhanced preferred.
this depends on the medium, see my guide here: Data Erasure - Divested Computing
In this case, it would be a USB stick,