Why SSDs must always be encrypted

There is simply no way to securely erase them because of the way the wear leveling works. Even if it appears you wiped a sector it may just be written to another sector. You’d have to run the following over the whole disk to get close to a 100% erasure dd if=/dev/urandom of=/dev/xxx but this will take a while and will reduce the ssd’s usable life quite a bit

However, if the SSD is encrypted then all you have to do to securely erase them is to delete the encryption key file. Some would advocate erasing the first sector that stores the encryption parameters (initialization vector, salt and the such) but with wear leveling you can never be sure that the data was indeed erased and can’t be accessed by an flash dumper.

Based off the Stack theme.