Hello, I’m looking to buy external HDD to keep sensitive files, but I didn’t seen any guides about this, do I need to look for some specific requirements, or just buy first cheapest and encrypt disk in veracrypt - will be enough?
What HDD? Why not SATA or NVMe or a USB 3.2 external storage drive?
I don’t recommend HDD but any option you go with, you can use Veracrypt or Cryptomator to do what you want. I would reformat the drive for your device/OS first. I’ve heard its best practice but not entirely sure why.
To be sure that files can be overwritten and deleted, I was reading in previous posts and guides that in ssd they don’t really are deleted
Its true that it would need to take multiple wipes to fully wipe out a drive but not sure what system or tool to use for that. But I think that applies to any drive, not specific to HDD.
But I could be wrong.
I mean if I do really strong password for fde maybe it would be enough, maybe I’m overreacting but I want to be extra sure
If you’re encrypting it, you should be fine. Slight overthinking on your part, I think.
Unless you have TBs of sensitive data, nvme is better solution - it’s faster, smaller and lighter.
I use 500GB nvme encrypted with veracrypt to backup my most important data.
Buy a high quality hard drive from somewhere reputable. Such examplesare WD or seagate. Avoid amazon or temu or such as there are alot of fakes that show as 8tb but are in fact not.
HDDs and SSDs(nowadays, mostly NVMes) have different use cases.
HDDs are slower at both reading and writing files, but are generally more stable and resistant to damage in the long term.
SSDs are faster but more expensive per GB, and when not powered/connected to a PC for a very long time(about a year), the data might get detoriorated due to how SSDs store information. Also, all SSDs have a limit called TBW. It doesn’t mean that a certain product cannot write more than that, but the stability might be significantly reduced when exceeding the limit.
If you intend to store a data for a long period with seldom access, I strongly ecommend a HDD. Also, secure deletion of a file on HDDs is, at least in theory, possible. For SSDs, secure deletion of an individual file is technically impossible and the entire disk must be sanitized in order to perform any type of secure delete.
For full disk encryption, I recommend HDDs for various reasons. Read the Veracrypt official documentation if you plan to perform a FDE on your external drive.
hard drives have the same limit, most vendors just don’t mention it, Seagate for example usually does however
1 Like
Well technically, yes. Obviously all physical entities have a limit of some sort.
But claiming that HDDs have a “TBW” would be inappropriate, since HDDs and SSDs store data in a completely different way.
HDDs do have a mean lifespan(MTBF) due to the existence moving parts, which eventually degrade over time.
When it comes to security? I guess just pick a reputable brand and seller. Besides that, the security really comes in with how you use it.
This is mostly true, though there are some caveats. Attempting to wipe an SSD using traditional methods would likely result in shortening the lifespan of the SSD and I’m not sure if it could even work effectively. But some SSDs have a “secure erase” feature which might get the job done.
Either way, so long as you use a decent tool (like VeraCrypt) with strong encryption to encrypt the entire drive, it almost doesn’t matter because you simply need to destroy any copies you may have of the password/key rather than the entire contents of the drive. Unless there’s some catastrophic flaw in the code/math (incredibly unlikely) it’s as good as deleted.
No, all drives have a MTBF, UBER, and TBW rating.
Edit: I wrote about this more here: Blog - Divested Computing
A note on SSDs about “not deleting data”. My understanding is that SSDs have a virtual interface that obscures what’s really going on on the hardware. SSDs have various techniques to try to extend their lifecycle including things like wear leveling. To spread the read/write activity around evenly, they move data from time to time… and crucially, they don’t zero out the old copy, they just mark that space as available. Similarly, if an area starts to have errors, the drive can mark it as unusable - but it may still have some data that’s recoverable.
The upshot is that the OS doesn’t always know there are shadow copies of data and can’t reliably delete everything. So you should definitely reformat the drive (to make sure it’s 100% clean) and turn on full disk encryption before you put any personal data on it. Then, at least, any shadow copies of your data will be encrypted.
Not an expert. But that’s my understanding.
1 Like
Security is mainly handled by encrypting it, so the hard drive recommendation itself doesn’t really have anything to do with privacy.
If you’re using Windows, Bitlocker would be preferable for ease of use but pretty sure it requires Windows Pro. Otherwise I would recommend you leave a small unencrypted partition near the beginning of the drive for Veracrypt. Windows can interpret a fully encrypted drive as being faulty and attempt to format it.
For Mac and Linux I would recommend the respective hard drive encryption tools provided by the OS rather than Veracrypt.
If the issue is just whether others can access the files on your computer you could also simply encrypt the hard drive using Bitlocker or an equivalent and then keep sensitive files on a Veracrypt file.
If you are going ahead with buying a new drive don’t buy the cheapest option without at least some consideration. Better brands tend to have lower failure rates.
Try to aim for higher warranty periods offered by the brand. Higher TBW written ratings can also be a good sign if they aren’t paired with lower warranty.
Western Digital, Seagate & Toshiba come to mind as reliable HDD brands. HDD’s are kind of disappearing and finding good options is becoming difficult. LaCie is another well regarded brand that seems to be especially recommended if you want something more durable for portability.
Samsung and Sandisk tend to be the top contenders for SSD’s, but there are plenty of “good enough” brands out there, I’d probably mention Kingston here.
This applies mostly to both internal (SATA/NVME) and External drives.
NVME will have the fasterst data transfer rates by far. Internal is faster than external and SSD’s are faster than HDD’s. The speed difference is to the point where making a decent backup that takes 30min on an external SSD can take upwards of 3 hours on an external HDD.
You did specifically mention an external HDD.
They’re a great option for backups, but I would only use them for backups these days.
Portable SSD’s are far faster, far smaller and far more physically durable.
I still use large HDD’s for backups, but I’m slowly migrating to portable SSD’s or NVME SSD’s with enclosures for more regular use.
My suggestion would be not to buy an external HDD. Instead, buy a regular (internal) HDD or SSD and a SATA to USB adapter. This gives you more flexibility in how the disk can be used, and similar USB adapters exist for NVME too.
1 Like
This is a good suggestion.
I will add to it however: make sure you get a USB 3.2 Gen 2 (10Gbps) enclosure even if you don’t need it. Why? Because the controllers in most of the older/slower models are awful and don’t handle things like fstrim/discard or SMART data correctly.
1 Like
I’m not so technically smart, don’t know what it is and how it could help me😅 wouldn’t just USB cable connecting to external disc with PC work?
Anyone knows if these are safe? I mean couldn’t it have a chip inside that stores your password or something? I was looking to buy one of these but im not sure of what these chips inside are doing there
Another concern is static electricity or touching the drive while using, since it has no enclosure.
I recommend you go with the dual toaster style instead for an extra $6 if portability isn’t an issue.
eg. Amazon.com: ORICO Hard Drive Docking Station Dual Bay USB 3.0 to SATA with Duplicator/Offline Clone Function External Hard Drive Dock for 2.5''/3.5'' HDD SSD Max Up to 44TB Support UASP Plug&Play-DD-C : Electronics
See also my note about getting a USB 3.2 Gen 2 one if you plan to use SSDs.
Also of note: for 2+ bay units, do not hot plug disks, they claim to support it but in reality do not
ie. disconnecting a safely unmounted second drive, can reconnect the first drive while still mounted, causing corruption to the first.
Also if you plan to use them long term, a fan over it is beneficial.
I do not recommend those usb fans, since they’re an inductive load and can trip the port protection on some boards.