[spacehome]

The really clever way to encrypt your drives is to make the passphrase for the drive decrypt a very small (512-bit) header that contains the decryption key for the rest of the drive. Then wiping the drive consists of just erasing those critical bits quickly.

[contingencies]

Except that erasure on modern drives rarely actually erases things...

[cnvogel]

Hence it is advisable to store the encryption key somewhere where erasure was properly accounted for during design, e.G. a TPM (trusted platform module).