Cryptographic erase — instant SSD sanitisation.
Cryptographic erase is the modern default for SSDs, NVMe drives, and self-encrypting drives. The drive's internal AES encryption key is destroyed; all stored data becomes unrecoverable in seconds regardless of how much was stored. NIST 800-88 categorises this as Purge.
The drive's internal key, destroyed.
Modern SSDs, NVMe drives, and self-encrypting drives encrypt all stored data with an internal AES key (256-bit on most enterprise SKUs). The key is stored in the drive's controller. When the drive's secure-erase command is issued, the controller destroys this key and replaces it with a fresh one.
Without the original key, the encrypted ciphertext on the NAND cells becomes irrecoverable — no amount of forensic analysis recovers data when the decryption key has been overwritten with a fresh key. The data isn't wiped; it's rendered indecipherable.
NIST 800-88 categorises this as Purge — equivalent to a thorough overwrite but completed in seconds. For SSDs, this is the canonical method because single-pass overwrite isn't reliable on solid-state media due to wear-levelling.
Drive types that support cryptographic erase
- ♦ SATA SSDs — via the SATA Secure Erase command (drive's internal AES key destroyed).
- ♦ NVMe drives — via the NVMe Sanitize command (Format with Crypto Erase option).
- ♦ Self-encrypting drives (SEDs) — via the OPAL Secure Erase command on TCG OPAL-compliant drives.
- ♦ Modern enterprise HDDs (some) — newer SAS drives with self-encryption support.
- ♦ Cloud-native storage on hardware where the storage controller exposes a key-destruction primitive.
The wear-levelling problem on SSDs.
Single-pass overwrite was the canonical Clear method on magnetic HDDs. It doesn't work on SSDs — and that's why NIST 800-88 was updated.
- HDDs · Sectors map 1:1 to physical disk locations. Overwrite sector N, the original sector N is overwritten.
- SSDs · Logical block addresses are abstracted by the controller. Write to LBA 12345, the controller may write to a different physical NAND cell, leaving the original cell intact.
- Implication · Overwrite-only methods can leave recoverable data on SSDs. Crypto erase or Sanitize command is needed.
- Verification · The wipe-log on the Certificate of Destruction explicitly cites the method (e.g., 'NVMe Sanitize Format with Crypto Erase'), not just 'overwrite'.
Maxicom Canada — frequently asked
Is cryptographic erase reversible?
No. Once the AES key is destroyed and replaced with a fresh key, the original encrypted ciphertext on the NAND cells is computationally infeasible to decrypt — the recovery problem is the AES-256 key-recovery problem, which is not practically solvable with current or foreseeable computational capability.