Hacker News new | ask | show | jobs
by kmeisthax 973 days ago
FDE's purpose isn't just to prevent you from pulling a disk out and imaging it to get all the data. It also makes it far quicker to do disk wipes. If someone yanks your laptop you can have the IT guy wipe it in a minute or two. Without FDE, whatever bossware is enforcing the device management would have to actually overwrite every sector of the disk, which can take hours and would be extremely noticeable to anyone extracting data off the machine.
2 comments
orbital-decay 973 days ago
Moreover, SSDs cannot be 100% erased, as not all capacity is user-addressable at any point in time.
link
neodymiumphish 973 days ago
Why would it need to wipe every sector of the disk? As ilyt stated, there's no need to encrypt game files. There's also no need to wipe them. Just the directories where important data resides.
link
supertrope 973 days ago
FDE means you don't leak data to unencrypted parts of the file system. Temporary files and browser cache are areas sensitive information can be inadvertently left behind. With FDE you can check off the box "encrypted at rest" without having to qualify it with asking if the data is in the right folder or vault, if temp files are overwritten, etc.
link
neodymiumphish 973 days ago
Right. But technically "every sector of the disk" isn't necessarily what bossware needs to wipe if an unencrypted laptop is taken. Only eelements which allow access to crown jevels, relevant credentials, etc.

I'm an advocate for FDE across the board (literally all of my devices are on Windows 11 Pro, primarily so I at least have access to Bitlocker across the board), but it's disingenuous to claim that the only alternative to FDE when a device is taken would be to initiate a sector-by-sector wipe. He was responding to ilyt's comment about how only certain data is worth encrypting on pretty much every personal device (and we are talking about Win 11 Pro, not Enterprise).

link
ngetchell 973 days ago
It is simpler to encrypt all than to pick and choose which partition to store your files.
link
neodymiumphish 973 days ago
We're not talking about what's simpler. The conversation was clearly focused on efficiency.
link