I’ve read opsec material that no matter how many passes you do it can still be read. Hard to know for sure unless you know the stack in and out like the back of your hand.
1) Modern research suggests that recovering data which has been overwritten once on magnetic media is probably not feasible due to the high density of modern magnetic storage devices and the use of dynamically aligning heads (e.g. that follow track geometry as they read) instead of absolutely positioned heads (stepper motors) that allow for more error in alignment.
2) Nonetheless, there is an appreciable risk of data remaining on the device due to non-volatile caches, remapped disk areas, and other factors that are not always well understood or disclosed by the manufacturer. Manufacturers have also been found to be unreliable in their implementation of ATA security features (e.g. embedded secure erase). As a result, with few exceptions it is U. S. government policy to permanently destroy all storage devices rather than trusting any kind of secure erasure. The typical NSA-approved method is either to degauss (surprisingly tricky to do right) and then crush, or reduce to 2mm particles with a device resembling a large, terrifying blender.
> As a result, with few exceptions it is U. S. government policy to permanently destroy
And as a result, (probably) Iron Mountain makes bucketloads because we don't just encrypt the drives (let's face it, that would be perfectly acceptable for 99% of US government computers - maybe Top Secret stuff deserves proper destruction).
Is that fundamentally different from the question of whether overwriting data can make it unreadable? If yes then you can eventually make the "last data" unrecoverable by overwriting it. And if no then presumably you can recover anything previously written to the disk, ergo infinite capacity.
Presumably the original comment meant that you can't guarantee the original data is unreadable with any finite number of overwrites, not that you can always read the original data after overwriting. I'm not saying that's true, but it's a logical interpretation that doesn't imply infinite storage.
Even if you could find the original crypto header, You still need to know the password to unlock it. On iphones, the secure enclave will hold the decrypted key while its running but you need to enter the password after a reboot.
Also if someone had the technical capability to do this. I would be infinitely more concerned about them having an exploit which allows them to hack my next phone and grab all the data while its running.
A lot of that opsec material is very dated back from when density was lower and you had a spinning disk. Do you have any that’s evidence-based that such techniques are needed for flash storage? If anything the opsec concerns are different. There’s very little that would force the controller to actually perform erase of specific blocks (eg the flash could blacklist blocks due to errors). To my knowledge that’s the primary concern, not that the data is still somehow recoverable once erased (which used to be true but I’m not sure holds for modern storage).
That’s probably true but the GP is likely drawing the distinction that iOS tries to do an “unrecoverable” delete as best it can whereas presumably the Echo is not doing this (encrypting the data and then deleting the key as part of the reset).
2) Nonetheless, there is an appreciable risk of data remaining on the device due to non-volatile caches, remapped disk areas, and other factors that are not always well understood or disclosed by the manufacturer. Manufacturers have also been found to be unreliable in their implementation of ATA security features (e.g. embedded secure erase). As a result, with few exceptions it is U. S. government policy to permanently destroy all storage devices rather than trusting any kind of secure erasure. The typical NSA-approved method is either to degauss (surprisingly tricky to do right) and then crush, or reduce to 2mm particles with a device resembling a large, terrifying blender.