The local electronics recycling company where I live (US-FL) shreds hard drives by default and many of their enterprise clients apparently ask for it when they “donate” their old PowerEdge servers, NASes and whatnot. Now obviously the recycling company could try to discourage this in lieu of a 3 (or 7 or 100 or whatever) zero of the drives and then resell them as they do everything else they get “donated” to them… many are really expensive, high-capacity SAS drives that are only a few years old. But I guess nobody wants to be that guy who compromises company data or whatever just so the local recycling company can make money off their old drives in addition to their old servers, UPSes, racks, et al.
Of course if these companies were really smart, they’d have wiped the drives before going to the recycling company. I’m sure many do. Still, they don’t risk it and want the drives shredded.
Eventually, AES-256 can probably be bruteforced in a reasonable amount of time. If you write all 1s and then all 0s (or vice-versa) to the drive, on the other hand… there’s no way to recover the data. There’s a lot of debate about that statement, but ultimately, if the drive is in fact zeroed twice, it’s physically impossible to recover the data. The debate seems to be mostly around whether zeroing a drive really does zero every bit and that’s not straightforward to prove (many drive erasure programs will offer a printable “certificate” once a drive has been “secure-wiped”, which often mentions a “million dollar guarantee” or whatever… it’s a sham because how do you prove the program failed to erase the data on the drive? Especially days, weeks, or years later?).
They invoke Landauer's principle which states that irreversible computation has an intrinsic cost in terms of energy per elementary operation, namely, k T ln(2) where k is the Boltzmann constant. Assuming brute-force search, more than 2^256 elementary operations would be needed, but that would require more energy than available if one converts the whole Sun's mass into energy.
It’s worth noting several people’s answers state something to the effect of “quantum computing might be able to do it” and indeed I don’t expect an i9 or a ThreadRipper to ever defeat AES-256.
There's a reason that the industry standard for proper disposal of storage media, including HDDs, is nothing short of physical destruction.
It doesn't matter if the data is encrypted or not, the point of the matter is the data is still there when presumably that data should not exist outside <X> premises. Encryption serves as a mitigation against theft or accidental leakage of data, its purpose is not to facilitate data disposal.
Put another way, you have to answer Yes to this question for liability purposes: "Is the data gone?" The only way to say Yes with reasonable certainty is physically destroying the storage medium the data resides on.
Well, if you write 1 to every bit of the drive, and then write 0 to every bit of the drive, the data is gone… but to be fair, I think the concern is proving that actually occurred before disposal. It’s easy to see the data destroyed when the drive is ground up before your eyes.
