Is it unsafe to unlock a hard drive before wiping it out to sell it?

macpokerstars

macrumors member
Original poster
Sep 29, 2010
97
1
Basically, when I unlock a hard drive (which was encrypted through Disk Utility), does the actual data physically stay in its encrypted form on the drive?

I unlocked the hard drive and began secure erasing it.

However, let’s assume I did not secure erase, but rather normally erased it. Would the data physically present on the drive be there under its encrypted form?
 

Fishrrman

macrumors P6
Feb 20, 2009
18,205
6,080
If the drive was previously encrypted using Disk Utility, then just "erase it again" (this time, leaving encryption OFF).
That should "wipe it clean".

If you still have doubts, do a "secure erase" which will write zeros to every block on the drive. "One pass" is enough.
 

Brian33

macrumors 6502a
Apr 30, 2008
808
64
USA (Virginia)
My understanding is that the data on the disk remain encrypted at all times. Unlocking the drive just allows macOS to use the decryption key when data is read from the drive into memory.
 
  • Like
Reactions: NoBoMac

NoBoMac

Moderator
Staff member
Jul 1, 2014
2,633
991
Basically what @Brian33 said.

If wanting to erase a drive encrypted using MacOS, just reformat, as the data on the drive will remain encrypted and the encryption keys will be erased.

To simulate a secure erase, reformat the drive, turn on encryption and use a long random password. The old data will be encrypted on the old keys and the drive will have a whole new set of keys that will not match the old keys.

MacOS encryption is multi-layered: system key to decrypt your code, your code decrypts an intermediate key, which decrypts the master key. Intermediate and master are randomly generated by the OS.