Discarding hard drives - formatting question

Discussion in 'Mac Basics and Help' started by InfiniteLoopy, Jul 15, 2019.

  1. InfiniteLoopy macrumors 6502

    Joined:
    Dec 14, 2010
    #1
    Just a quick question on formatting hard drives (not SSDs):

    - If the hard drive was the startup disk, with El Capitan and Filevault on (enabled in El Capitan), is it secure enough to simply format the drive once (as opposed to 3, 7 ... times)? Is it correct that even the quickest format will delete the key, making the data irrecoverable?

    - What about an external USB drive (not an SSD) that was also secured with Filevault, and used for Time Machine in El Capitan? Can it simply be formatted once so that the key is deleted?

    Thanks
     
  2. chabig macrumors 603

    Joined:
    Sep 6, 2002
    #2
    What key? Do you mean FileVault? If so, you don't even have to format the drive. FileVault keys are not kept on the drive itself. So just discard the drive. Nobody will be able to recover data from it without the key. The same is true for FileVault enabled external drives. They don't need to be formatted either because the data will be unrecoverable to anyone without the key.
     
  3. InfiniteLoopy thread starter macrumors 6502

    Joined:
    Dec 14, 2010
    #3
    Thanks. So if I understand correctly, even just doing a quick erase will be enough then.

    Is that correct?
     
  4. chabig macrumors 603

    Joined:
    Sep 6, 2002
    #4
    You don’t even need to erase. The data is encrypted and cannot be recovered.
     
  5. NoBoMac Moderator

    NoBoMac

    Staff Member

    Joined:
    Jul 1, 2014
    #5
    Reformat the drives.

    With boot drive with Filevault on, yes, key is stored in an encrypted keychain in the recovery partition. The encryption key for that is stored in the disk header, and relatively easy to extract (for the tech savy). That key decrypts the keychain, and then the real keys are encrypted on your password, and if your passcode is weak... So, reformat the drive and re-install OS: will wipe the drive, in essence, as all keys lost at that point.

    External, not sure, but believe the encryption key is in the disk header ala Filevault internal. Reformat should wipe that.
     
  6. InfiniteLoopy thread starter macrumors 6502

    Joined:
    Dec 14, 2010
    #6
    Thanks. Is a format that writes once (as opposed to 3, 7...) enough?

    Also, out of curiosity, if it were an external SSD, how would you proceed?
     
  7. Tech198 macrumors G5

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
    #7
    If its going to reused, i never just reinstall OS's without first doing a zero pass wipe over the drive... Either from OS X Utilities, or hook it to a PC and run DBAN.

    If I'm going to throw it away (failing drive): I zero pass the drive (if its still functional), then ANY hard drive i physically take a hammer to it :) before tossing it..

    How fun ..! Total elimination. Not only would the drive be zeroed-out, but being physical destroyed, i think hat would be a pretty good chance of anyone trying to recover.

    I used to only do this to hard drives with 'personal data but no i do it with ALL.

    If i used FV.. that wouldn't make me feel any better about just destroying the keys... My privacy,, my way... sorry.
     
  8. chabig macrumors 603

    Joined:
    Sep 6, 2002
    #8
    But it’s encrypted with the user’s password, so it’s useless and the drive is safe, no?
     
  9. NoBoMac, Jul 16, 2019
    Last edited: Jul 16, 2019

    NoBoMac Moderator

    NoBoMac

    Staff Member

    Joined:
    Jul 1, 2014
    #9
    Not if weak user password.

    Sure, in general, lots of work to get to data, so most identity thieves will just move on, so probably not an issue. But if truly want your data to go away, simple erase (no need for secure options) will wipe the keys and leave one with a drive with random giberish.

    There was a paper I read a few years ago that went into detail about it. Can't locate it right now, but did find a slide deck for a presentation around cracking Filevault. Page 11 shows how Filevault is structured.

    https://www.cl.cam.ac.uk/~osc22/docs/cl_fv2_presentation_2012.pdf

    A friend knows a guy that has a metal forge: tosses his drive in there to incinerate.

    ADD: I guess can take it to slightly more secure route, if Filevault, boot machine from USB installer, mount internal recovery partition, use diskutil command line to write random data to that partition. Then reformat drive.
     
  10. Fishrrman macrumors P6

    Fishrrman

    Joined:
    Feb 20, 2009
    #10
    Don't throw old drives out.
    Just wipe them off, and if you don't need it, pass it along to someone who does.
     

Share This Page

9 July 15, 2019