Securely deleting data in iOS
Solution 1:
You are set since Apple only uses the passphrase to help generate entropy on the actual key that's used to unlock the data. Apple wrote a very clear white paper that covers the protections and goes into some technical detail.
- https://support.apple.com/guide/security/passcodes-and-passwords-sec20230a10d/1/web/1
If you set up a device with the same passcode 5 times in a row - none of the keys would be the same and no one could get at the data from the device even if you told them your passcode.
You are correct - they key is destroyed instantaneously and the data is cryptographically erased. You don't need any special tool to overwrite any of the data since it was previously encrypted and that encryption exists at rest. When you erase the device, the key that unlocks the data was destroyed and no passphrase will get that key back since it never left the Secure Enclave.
iCloud is more complicated, since your data lives in Apple’s servers and can be seen on the web, via API on official and unofficial apps, on Windows and on macOS and other devices in addition to your phone.
The encryption keys used to encrypt this data when it leaves your device are not the same keys as the ones used to lock the files at rest on the iPhone hardware.
So, you buy a new phone and take a picture of your pet. That pet photo is encrypted at rest with a key that’s entangled with your device passphrase, not actually encrypted with that passphrase alone.
Now - when you sign up for an AppleID or iCloud account - a different password generates a different set of key pairs both in the cloud and on device. Now things are much more complicated than just a device encrypting data at rest, since we have multiple key pairs and signing certificates and multiple computers involved just to get data to iCloud from your phone.
The process to sync the data to the cloud doesn’t need to know how to decrypt the data from storage to show it to you or send it to the cloud since iOS and iPhone hardware handle that encryption transparently to the apps. The running OS isn’t necessarily aware the data is encrypted like a fish doesn’t need to know it’s in the water to swim.
A different encryption is added before that data backs up or syncs to iCloud servers. In the case with the wiped device, when you sign in to iCloud, new key pairs are generated from that sign in event and used to decrypt the pet photo that comes down from the iCloud backup to your wiped phone (or new phone). The iCloud “app” decrypts the data and then the iOS stores it using the new local encryption key from the Secure Enclave (since your passphrase unlocked the device). Once sync is done and the file written to local storage, it is encrypted at rest with a different key than the key used to encrypt the data when it moved to cloud from old device and back to the new device from the cloud.
To wrap up, the pet photo can be encrypted many times, using different keys based on where it’s heading. The same file gets transformed (in a reversible manner) so that when it’s decrypted, the data is the same file so it looks to us like your pet each time we look at that photo.
The hardware encryption is different than the software decryption and pulling this off in a way that people can use and not make mistakes in security is a very hard problem to solve.
Solution 2:
The encryption key is created from the passcode you create to lock the iDevice. The longer and more complex the passcode, the more difficult it will be to decrypt the iDevice disk. I would doubt very highly that the passcode for your device is in any way linked with your Apple ID. Using the same passcode on your iDevice as for your Apple ID is probably not recommended.
A wealth of information is found on this page at Operational Security, with some pertinent info I've copy/pasted here.
If you own an up-to-date iPhone, iPad, or iPod, you are already running full disk encryption. iOS devices ship from the factory with non-user configurable encryption – “non-user configurable” means you can’t turn it off even if you want to.
Custom Alphanumeric Code: This passcode option provides the strongest security of all. This option should be considered if security is your primary goal. It should also be considered for some other scenarios: if you leave your device unattended, or if your device is at high risk of loss, theft, or capture. A custom alphanumeric passcode should also be used if you use Touch ID to unlock your iOS device and only rarely enter the passcode. This option has one significant downside: it requires the passcode to be entered on the full alphanumeric keyboard. This tiny keyboard offers the most complexity, but is incredibly tedious to work with, especially when you are in a hurry.
You can make a custom alphanumeric passcode even more secure by using some special characters on the iOS keyboard. The letters A, C, E, I, L, N, O, S, U, Y, and Z all contain special characters. For instance, the letter “a” contains the following special characters: à, á, â, ä, æ, ã, å, and ā. To access them, press the desired letter and hold. A pop-up menu will appear. Slide your finger to the desired character and release. Because of the immensity of the iOS keyboard’s character set, incredibly complex passcodes are possible.
iOS full disk encryption is only as strong as the passcode you use to protect it, so choose a good one. I recommend a six-digit numeric, but only if you can’t tolerate anything longer. If you can, I say go with a 10 to 12-digit numeric.