Op 14-09-17 om 15:21 schreef Martin Steigerwald: > Hello Paul. > > Paul van der Vlis - 14.09.17, 14:32: >> I have bought many laptops with privacy-sensitive data on /home in >> ecryptfs on the SSD. And I have promised to carefull remove the data >> before re-using. >> >> What would you advice to do? Is it possible to overwrite the master key >> for example? Or is it a good idea to change the passphrase in a very >> long one? > > Technically you can´t really overwrite it. SSDs use Copy on Write. > > Also I think the passphrase in Ecryptfs just encrypts a key used to encrypt > the data… not the data itself. > > > Generic hint for securely erasing SSDs. > > https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase This is what I am doing now. The SSD's I've tried are normally freezed, but after awaking from suspend-to-ram not anymore. It looks complex, but it's fast and doable. But indeed not nice to rely on the firmware of the SSD... What I would like are stupid-SSD's without a controller, where the filesystem does everything. Or a SSD with open source controller firmware. With regards, Paul -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ -- To unsubscribe from this list: send the line "unsubscribe ecryptfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
