Disk Encryption: How Do You Cryptographically Erase Data?.

Crypto-erase.  Crypto-deletion.  Cryptographic deletion.  You’ve heard that it is instantaneous and foolproof.  What is it, and how do you do it?  Cryptographically erasing data is essentially getting rid of the encryption key to encrypted data.  Obviously, a computer must be set up with disk encryption software like AlertBoot for this to work.


What is an Encryption Key and How Do I Get One?



Short answer: with modern encryption software, an encryption key is automatically generated for you, so all you have to do is sign up for an encryption package.


Long answer: encryption always requires a “key.”  This key is generally a string of characters (a very long, long string of characters) that shows you how to substitute numbers and letters, which is essentially what encryption is all about.  For example, in what’s known as the Caesar Cipher, you might have something like this:


ABCDEFGHIJKLMNOPQRSTUVWXYZ (plain text)
DEFGHIJKLMNOPQRSTUVWXYZABC (key)

This means that A gets substituted with D, C with F, Q with T, and so on.  So, the word “cat” would end up as “fdw.”  This is not the most sophisticated of encryption systems, but works in a pinch to show what an encryption key does. 


Now, imagine that the key is lost.  How could you figure out what “fdw” means?  Sure, it could be cat, but it could also be dog, fat, kit, sit, or any other three-lettered word (or even abbreviations like fyi).


Cryptoerasure



And therein lies the “instantaneous deletion” aspect of encryption: you can’t tell what the message says without the key.


Encryption, besides ensuring that plaintext gets jumbled up, also ensures that analysis of long, encrypted texts (aka, cryptanalysis) won’t reveal the secret message.  Long story short, it tries to make the information appear as random as possible.  As if it doesn’t have any structure to it.


So, lose the key and you’re left with what appears to be random data — and for all intents and purposes, it IS random data.  And when it comes to computers, random data is essentially deleted data.  In fact, if you plug an encrypted disk into a random computer, the first message that pops up is whether you’d like to format it because it appears to be a brand new disk.


It should be noted, though, that if you have to follow federal, state, and professional organization regulations, you should pay attention to data disposal rules.  Despite the power of encryption, you might find that when it comes to disposing of data, you can’t just lose the encryption key and then sell the disk on eBay.  Instead, you might be required to have it crushed, encrypted data or not.



Comments (0)


Let us know what you think