Hello Paul. Paul van der Vlis - 14.09.17, 14:32: > I have bought many laptops with privacy-sensitive data on /home in > ecryptfs on the SSD. And I have promised to carefull remove the data > before re-using. > > What would you advice to do? Is it possible to overwrite the master key > for example? Or is it a good idea to change the passphrase in a very > long one? Technically you can´t really overwrite it. SSDs use Copy on Write. Also I think the passphrase in Ecryptfs just encrypts a key used to encrypt the data… not the data itself. Generic hint for securely erasing SSDs. https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase You rely on the SSD firmware tough. But I am not aware of another way to securely delete data of an SSD other than ATA Secure Erase. However ATA Secure Erase only is really safe for SSDs that use encryption like Intel SSD 320 (and many newer SSDs) as the SSD will overwrite the encryption keys. Many SSDs use encryption by default, without change using some default key (ideally randomly generated key that the manufacture then forgets… but manufacturers may just use same key for all SSDs with a certain firmware) key and no password for it. Just deleting files doesn´t do much. At least run fstrim after deleting files. Thats still not as safe as Secure Erasing the whole device tough. Thanks, -- Martin -- To unsubscribe from this list: send the line "unsubscribe ecryptfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
