Samsung, Encrypted Linux and routine Secure Erase

[BarkingGhostar]

I would like to move and isolate all things formal and financial in my life to a pair of Samsung SSDs with encrypted forms of Linux Mint installed. In my Windows 7 world, I do this by simply using the Samsung provided Secure Erase to erase the duplicate SSD's image and then re-clone the original boot drive. I do this once a month and it has worked flawlessly but this is a) Windows, and b) not on an encrypted filesystem.

I would like to move this setup to Linux Mint as I know when installing LM it offers an encrypted disk version. But my concern is in a) duplication to a second SSD, and the ability to routinely erase the duplicate image on the second SSD. I found this tutorial but it doesn't say anything about encrypted disks. And I would rather not labor into encrypting an SSD only to find out I can't erase it afterwards.

Anyone try this?

 

[Fallen Kell]

If you are really this concerned about secure erase (which is not really necessary on a properly encrypted drive since no one other than you should have the key to decrypt and thus access the drive contents in order to restore data that was deleted without using a secure erase feature), I suggest going all in and simply using real self encrypting hard drives for your data. This would be something like FIPS140-2 compliant drives. Possibly something like an Apricorn Aegis Fortress L3 or similar.

Software based encryption methods leave you still vulnerable to many other forms of attack. The best solution is to use removable media that you only access once you entirely disconnect your system from the network, mount the file system, edit your files on that secured file system, unmount the file system, clear all swap and tmp, and reboot the machine to clear all RAM, caches, and registers.

 

[BarkingGhostar]

OK, let's simply the question. If I install LM and choose to encrypt the SSD will I be able to wipe such SSD later if I chose to?

 

[lxskllr]

Using dd to write random data on the drive should work.

 

[Shmee]

It should, but secure erase is better for SSDs, and faster. You can use a boot-able utility linux like parted magic to do this.

 

[killster1]

If you are really this concerned about secure erase (which is not really necessary on a properly encrypted drive since no one other than you should have the key to decrypt and thus access the drive contents in order to restore data that was deleted without using a secure erase feature), I suggest going all in and simply using real self encrypting hard drives for your data. This would be something like FIPS140-2 compliant drives. Possibly something like an Apricorn Aegis Fortress L3 or similar.

Software based encryption methods leave you still vulnerable to many other forms of attack. The best solution is to use removable media that you only access once you entirely disconnect your system from the network, mount the file system, edit your files on that secured file system, unmount the file system, clear all swap and tmp, and reboot the machine to clear all RAM, caches, and registers.

OK im in for one.. 230$ for 2tb ;( i will just have to decide what is worthy of this type of encryption as i need about 30tb of encrypted space (using veracrypt now but if it can be defeated?) really wouldn't be the end of the world if it was decrypted by some super spy etc just dont want the files going mainstream. interesting thread and of course you can secure erase the drive after installing to it.