Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

InfiniteLoopy

Cancelled
Original poster
Dec 14, 2010
366
5
Just a quick question on formatting hard drives (not SSDs):

- If the hard drive was the startup disk, with El Capitan and Filevault on (enabled in El Capitan), is it secure enough to simply format the drive once (as opposed to 3, 7 ... times)? Is it correct that even the quickest format will delete the key, making the data irrecoverable?

- What about an external USB drive (not an SSD) that was also secured with Filevault, and used for Time Machine in El Capitan? Can it simply be formatted once so that the key is deleted?

Thanks
 
Is it correct that even the quickest format will delete the key, making the data irrecoverable?
What key? Do you mean FileVault? If so, you don't even have to format the drive. FileVault keys are not kept on the drive itself. So just discard the drive. Nobody will be able to recover data from it without the key. The same is true for FileVault enabled external drives. They don't need to be formatted either because the data will be unrecoverable to anyone without the key.
 
Thanks. So if I understand correctly, even just doing a quick erase will be enough then.

Is that correct?
 
You don’t even need to erase. The data is encrypted and cannot be recovered.
 
Reformat the drives.

With boot drive with Filevault on, yes, key is stored in an encrypted keychain in the recovery partition. The encryption key for that is stored in the disk header, and relatively easy to extract (for the tech savy). That key decrypts the keychain, and then the real keys are encrypted on your password, and if your passcode is weak... So, reformat the drive and re-install OS: will wipe the drive, in essence, as all keys lost at that point.

External, not sure, but believe the encryption key is in the disk header ala Filevault internal. Reformat should wipe that.
 
Thanks. Is a format that writes once (as opposed to 3, 7...) enough?

Also, out of curiosity, if it were an external SSD, how would you proceed?
 
If its going to reused, i never just reinstall OS's without first doing a zero pass wipe over the drive... Either from OS X Utilities, or hook it to a PC and run DBAN.

If I'm going to throw it away (failing drive): I zero pass the drive (if its still functional), then ANY hard drive i physically take a hammer to it :) before tossing it..

How fun ..! Total elimination. Not only would the drive be zeroed-out, but being physical destroyed, i think hat would be a pretty good chance of anyone trying to recover.

I used to only do this to hard drives with 'personal data but no i do it with ALL.

If i used FV.. that wouldn't make me feel any better about just destroying the keys... My privacy,, my way... sorry.
 
With boot drive with Filevault on, yes, key is stored in an encrypted keychain in the recovery partition
But it’s encrypted with the user’s password, so it’s useless and the drive is safe, no?
 
But it’s encrypted with the user’s password, so it’s useless and the drive is safe, no?

Not if weak user password.

Sure, in general, lots of work to get to data, so most identity thieves will just move on, so probably not an issue. But if truly want your data to go away, simple erase (no need for secure options) will wipe the keys and leave one with a drive with random giberish.

There was a paper I read a few years ago that went into detail about it. Can't locate it right now, but did find a slide deck for a presentation around cracking Filevault. Page 11 shows how Filevault is structured.

https://www.cl.cam.ac.uk/~osc22/docs/cl_fv2_presentation_2012.pdf

physically take a hammer to it :) before tossing it..

A friend knows a guy that has a metal forge: tosses his drive in there to incinerate.

ADD: I guess can take it to slightly more secure route, if Filevault, boot machine from USB installer, mount internal recovery partition, use diskutil command line to write random data to that partition. Then reformat drive.
 
Last edited:
  • Like
Reactions: chabig
Don't throw old drives out.
Just wipe them off, and if you don't need it, pass it along to someone who does.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.