Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

Discarding hard drives - formatting question

InfiniteLoopy

macrumors 6502
Original poster
Dec 14, 2010
363
5
Just a quick question on formatting hard drives (not SSDs):

- If the hard drive was the startup disk, with El Capitan and Filevault on (enabled in El Capitan), is it secure enough to simply format the drive once (as opposed to 3, 7 ... times)? Is it correct that even the quickest format will delete the key, making the data irrecoverable?

- What about an external USB drive (not an SSD) that was also secured with Filevault, and used for Time Machine in El Capitan? Can it simply be formatted once so that the key is deleted?

Thanks
 

chabig

macrumors 604
Sep 6, 2002
7,278
4,533
Is it correct that even the quickest format will delete the key, making the data irrecoverable?
What key? Do you mean FileVault? If so, you don't even have to format the drive. FileVault keys are not kept on the drive itself. So just discard the drive. Nobody will be able to recover data from it without the key. The same is true for FileVault enabled external drives. They don't need to be formatted either because the data will be unrecoverable to anyone without the key.
 
Comment

InfiniteLoopy

macrumors 6502
Original poster
Dec 14, 2010
363
5
Thanks. So if I understand correctly, even just doing a quick erase will be enough then.

Is that correct?
 
Comment

chabig

macrumors 604
Sep 6, 2002
7,278
4,533
You don’t even need to erase. The data is encrypted and cannot be recovered.
 
Comment

NoBoMac

Moderator
Staff member
Jul 1, 2014
2,891
1,217
Reformat the drives.

With boot drive with Filevault on, yes, key is stored in an encrypted keychain in the recovery partition. The encryption key for that is stored in the disk header, and relatively easy to extract (for the tech savy). That key decrypts the keychain, and then the real keys are encrypted on your password, and if your passcode is weak... So, reformat the drive and re-install OS: will wipe the drive, in essence, as all keys lost at that point.

External, not sure, but believe the encryption key is in the disk header ala Filevault internal. Reformat should wipe that.
 
Comment

InfiniteLoopy

macrumors 6502
Original poster
Dec 14, 2010
363
5
Thanks. Is a format that writes once (as opposed to 3, 7...) enough?

Also, out of curiosity, if it were an external SSD, how would you proceed?
 
Comment

Tech198

macrumors P6
Mar 21, 2011
15,280
2,002
Australia, Perth
If its going to reused, i never just reinstall OS's without first doing a zero pass wipe over the drive... Either from OS X Utilities, or hook it to a PC and run DBAN.

If I'm going to throw it away (failing drive): I zero pass the drive (if its still functional), then ANY hard drive i physically take a hammer to it :) before tossing it..

How fun ..! Total elimination. Not only would the drive be zeroed-out, but being physical destroyed, i think hat would be a pretty good chance of anyone trying to recover.

I used to only do this to hard drives with 'personal data but no i do it with ALL.

If i used FV.. that wouldn't make me feel any better about just destroying the keys... My privacy,, my way... sorry.
 
Comment

chabig

macrumors 604
Sep 6, 2002
7,278
4,533
With boot drive with Filevault on, yes, key is stored in an encrypted keychain in the recovery partition
But it’s encrypted with the user’s password, so it’s useless and the drive is safe, no?
 
Comment

NoBoMac

Moderator
Staff member
Jul 1, 2014
2,891
1,217
But it’s encrypted with the user’s password, so it’s useless and the drive is safe, no?

Not if weak user password.

Sure, in general, lots of work to get to data, so most identity thieves will just move on, so probably not an issue. But if truly want your data to go away, simple erase (no need for secure options) will wipe the keys and leave one with a drive with random giberish.

There was a paper I read a few years ago that went into detail about it. Can't locate it right now, but did find a slide deck for a presentation around cracking Filevault. Page 11 shows how Filevault is structured.

https://www.cl.cam.ac.uk/~osc22/docs/cl_fv2_presentation_2012.pdf

physically take a hammer to it :) before tossing it..

A friend knows a guy that has a metal forge: tosses his drive in there to incinerate.

ADD: I guess can take it to slightly more secure route, if Filevault, boot machine from USB installer, mount internal recovery partition, use diskutil command line to write random data to that partition. Then reformat drive.
 
Last edited:
  • Like
Reactions: chabig
Comment

Fishrrman

macrumors Core
Feb 20, 2009
20,451
7,256
Don't throw old drives out.
Just wipe them off, and if you don't need it, pass it along to someone who does.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.