Why SSDs must always be encrypted

There is simply no way to securely erase them because of the way the wear leveling works. Even if it appears you wiped a sector it may just be written to another sector.

If it’s encrypted then all you have to do to securely erase them is to delete the encryption key file. Some would advocate erasing the first sector that stores the encryption parameters (initialization vector, salt and the such) but with wear leveling you can never be sure that the data was indeed erased and can’t be accessed by an flash dumper.

Based off the Stack theme.