Are you supporting the claim that hardware manufacturers do everything to spec? That the hardware doesn't have to interface with software?
I find it rather concerning that so many people place so much faith in so many strangers that they would forgo a 60-second attendant procedure that would nearly totally ensure against data leakage.
This gets back to my whole point that when I am giving up control of the device, I would rather have full confidence, and what you are describing likely relies on various softwares that I cannot know if they are trustworthy.
To fully embrace my paranoia, your rather authoritative tone makes it sound as if I should not wipe the device and instead wholly rely on an unprovable method of protection, thus making a casual reader find your method superior. I will continue to rely on both erasing keys and wiping devices as the best method to protect data on devices I am giving up control of.
It's hardware decryption. The key only ever exist within the SOC. Throwing away the decryption key means overwriting it with a new one. There is no possibility of recovery.
If this hardware encryption/decryption is trustworthy, then what is the difference between it and TPM, which few data experts are willing to trust?
"Zeroing the storage space" probably does not overwrite anything on flash storage. Flash is very resistant to writing anything to a block unless it has to, as there are limited numbers of writes before the the block becomes unusable. Writing random data will, but at a cost of significant time. And it's still less secure than deleting the key of an encrypted drive.
I have recently been playing with hdparm and ATA secure erase and enhanced secure erase. As I understand it, issuing the command for enhanced secure erase returns the drive to a condition defined by the manufacturer of the device, presumably one which does not retain any data. Additionally, I found a blog post by Bruce Schneier discussing a report from a trusted security company which stated that traditional full disk wipe methods for HDDs are also effective on SSDs. The notable exception is that the security company did not find any delete-based wipe methods effective on SSDs (meaning, you have to wipe the whole disk to completely erase data). That last bit annoys me: everyone is so concerned with deleting data on far-away devices, yet we can't even delete specific data on local devices without wiping the entire device.
I have not played around with wiping data from phones, so I don't know how any that applies, but I suspect the concepts are the same. Also, as far as the time component goes, it's unattended time, so little measurable cost to the user.
In an archive I just found a download of the Windows binary from April 4, 2012.
# sha1sum TrueCrypt\ Setup\ 7.1a.exe
7689d038c76bd1df695d295c026961e50e4a62ea TrueCrypt Setup 7.1a.exe
That matches the checksum of the same file in the the torrent.
# sha1sum TrueCrypt-7.1a.torrent
689e239a8d40e25c2bb9877581d0e2538b48e0a7 TrueCrypt-7.1a.torrent
# sha1sum TrueCrypt\ 7.1a\ Source.zip
4baa4660bf9369d6eeaeb63426768b74f77afdf2 TrueCrypt 7.1a Source.zip
# sha1sum --version
sha1sum (GNU coreutils) 8.13
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by Ulrich Drepper, Scott Miller, and David Madore.
That second check matches the checksum stated in the initial audit report.
I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"
