From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Crypto-shredding is the practice of 'deleting' data by deliberately deleting or overwriting the encryption keys.[1] This requires that the data have been encrypted. Data comes in these three states: data at rest, data in transit and data in use. In the CIA triad of confidentiality, integrity, and availability all three states must be adequately protected.

Getting rid of data at rest like old backup tapes, data stored in the cloud, computers, phones, and multi-function printers can be challenging when confidentiality of information is of concern; when encryption is in place it allows for smooth disposal of data. Confidentiality and privacy are big drivers of encryption.


The motive for deleting data can be: defective product, older product, no further use for data, no legal right to use or retain data any more, etc. Legal obligations can also come from rules like: the right to be forgotten, the General Data Protection Regulation, etc.


In some cases everything is encrypted (e.g. harddisk, computer file, database, etc.) but in other cases only specific data (e.g. passport number, social security number, bank account number, person name, record in a database, etc.) is encrypted. In addition, the same specific data in one system can be encrypted with another key in another system. The more specific pieces of data are encrypted (with different keys) the more specific data can be shredded.

Example: iOS devices use crypto-shredding when activating the "Erase all content and settings" by discarding all the keys in 'effaceable storage'. This renders all user data on the device cryptographically inaccessible.[2]

Best practices[edit]

Security considerations[edit]

  • Encryption strength can be weaker over time when computers get faster or flaws are found.
  • Brute-force attack: If the data is not adequately encrypted it is still possible to decrypt the information through brute force. Quantum computing has the potential to speed up a brute force attack in the future.[3] However, quantum computing is less effective against symmetric encryption than public-key encryption. Assuming the use of symmetric encryption, the fastest possible attack is Grover's algorithm, which can be mitigated by using larger keys.[4]
  • Data in use. For example: the (plaintext) encryption keys temporarily used in RAM can be threatened by cold boot attacks, hardware advanced persistent threats, rootkits/bootkits, computer hardware supply chain attacks, and physical threats to computers from insiders (employees).
  • Data remanence: For example: When data on a harddisk is encrypted after it has been stored there is a chance that there is still unencrypted data on the harddisk. Encrypting data does not automatically mean it will overwrite exactly the same location of the unencrypted data. Also bad sectors cannot be encrypted afterwards. It is better to have encryption in place before storing data.
  • Hibernation is a threat to the use of an encryption key. When an encryption key is loaded into RAM and the machine is hibernated at that time, all memory, including the encryption key, is stored on the harddisk (outside of the encryption key's safe storage location).

The mentioned security issues are not specific to crypto-shredding, but apply in general to encryption. In addition to crypto-shredding, data erasure, degaussing and physically shredding the physical device (disk) can mitigate the risk further.


  1. ^ Crypto-shredding in 'The Official ISC2 Guide to the SSCP CBK' ISBN 1119278651
  2. ^ Crypto-shredding using effaceable storage in iOS on
  3. ^ "Factsheet post quantum cryptography on". Archived from the original on 2017-11-17. Retrieved 2017-11-17.
  4. ^ Post Quantum-Crypto for dummies on