What is encryption key reset and why it is safer than zero-write?
I am about to return my ThinkPad laptop to my (former) employer. I found a very nice solution to erase / protect my private data -- ThinkWipe application in ThinkPad's BIOS. I made use of it right away.
However, to my kind of big surprise, it told me that:
- 2 seconds long encryption key reset is a safe method,
- 15 minutes long zero-write (single pass) isn't considered a safe method.
I'd like to update my knowledge in this area.
What is encryption key reset? Doesn't this simply mean that currently used (and valid for decryption) key will be replaced with some random one (and not valid for data decryption)? If that's true then this mean that my data is still there, encrypted of course. Doesn't this mean that if someone would figure out my "old" key or somehow could reverse encryption key reset process, would again gain access to my data.
Anyway, even if I am blind here, this still doesn't change the fact that my data is kept untouched (there is no way that 2-second long process is able to erase entire disk). How then this method can be considered safe while method of replacing every bit of data with zero isn't safe?
I understand that single-pass zeroing isn't "that safe" and only 3-pass can be considered as safe. But... still... I don't get how it isn't safer than just ecnryption key reset.
I have read this question, but it doesn't seem to be fully answering my question here, because it says pretty much nothing about encryption key reset.