[qual]

This isn't necessarily sufficient unless you encrypt the drives before any data is written to them. If any potentially sensitive data has been written to the drive prior to encryption, the only 100% method is physical destruction.

Of course, this clarification only matters if your threat model involves dealing with top-secret data and/or nation-state enemies.

[Helmut10001]

I don't know, personally, I would be very unhappy if someone stole my server and then starts blackmailing me to reveal private information somewhere (unless I pay a certain sum). I don't have anything to hide, but I still don't want my private information public. I don't need to mind about this with encrypted data.

[qual]

>I don't need to mind about this with encrypted data.

I'm not sure if I wasn't clear or if you didn't read my comment correctly.

Encrypting is not enough to prevent data recovery if data was written to disk prior to encrypting it.

In other words, if you want to be 100% sure about your data being safe, you must encrypt first (when the drive is brand new), or you must physically destroy the drive.

[Helmut10001]

Yes, I understood - but this has nothing to do with encryption. Data that is encrypted is save. Any data that is not encrypted (or was not encrypted) would offer an attack surface. Since I use ZFS for all my data, all my data is encrypted from Minute 1 of a new hard drive.

[rkagerer]

Format, then sdelete x 10 passes writing random data, then secure erase for good measure, will take care of it for 99% of use cases out there.

[qual]

Sure, if you don't need to meet any compliance standards and your threat model is pretty relaxed, this is likely okay.

But if your threat model is that relaxed, you can just encrypt the whole drive, toss the key, and then format the device. This would likely be quicker than doing 10x write passes.

As a note, write passes are really only good for HDDs due to wear-leveling algorithms in every SSD.