Manual / Using Conseal Server / Working with Devices / Self-destruction

This page allows you to self destruct the selected devices. It is accessible by users from the My Devices page, or by administrators from the All Devices page.

To self-destruct the selected device, simply click the confirmation button.

How does self-destruction work?

Self destruction completely and permanently destroys the data on the device. As soon as a device is self destructed, its encryption key is deleted from the server. This means that even if an attacker had both the device and worked out its password, he would still be unable to unlock it. For more information, see Conseal Server Concepts: Dual Locks.

When a self destructed device is inserted and an attempt is made to unlock it, Conseal will also begin removing the data from the device. This is performed for an extra level of security - though the data being removed is in fact an encrypted bundle which nobody would be able to decrypt anyway (even if they knew the password).

A three-pass mechanism is used to destroy the data. Firstly Conseal overwrites the data with all zeros. Then it overwrites it all again with a random bit pattern. It then overwrites it one final time with the inverse of the bit pattern. This procedure is performed because forensic techniques can be used to recover data, certainly when the file has simply been deleted, but also even when it has been fully overwritten. The three-pass technique follows guidelines designed to completely secure against such data recovery techniques.

What the end user sees

From an end user perspective, Conseal does not show that it is destroying the device's data. It simply shows a "please wait" message, as if it were taking a while to unlock the device. It then invites the user to try and re-enter their password.

Self destruction does not harm the device in any way. Once the process is complete, the device can be formatted and used as a blank disk. If recovered, it can be re-Consealed. The data previously on the device, however, is securely and permanently removed and can never be recovered.

Contents

Frequently Asked Questions

Installation

Using Conseal Server

Conseal Server Concepts