Den fre 27 juli 2018 kl 21:20 skrev Patrick Donnelly <>:

> > as part of deprovisioning customers, we regularly have the task of
> > wiping their Ceph clusters. Is there a certifiable, GDPR compliant way
> > to do so without physically shredding the disks?
> This should work and should be as fast as it can be:
> wipefs -a /dev/sdX
> shred /dev/sdX
> Whether or not that's "GDPR compliant" will depend on external
> certification, I guess.
> (The issues might be that you can't guarantee all blocks in an SSD/HDD
> are actually erased because the device firmware may retire bad blocks
> and make them inaccessible. It may not be possible for the device to
> physically destroy those blocks either even with SMART directives. You
> may be stuck with an industrial shredder to be compliant if the rules
> are stringent.)
This is an issue that annoys me really much. If you run dban ISO wipe, or
the above
commands, or dd /dev/random to each and every usable sector of the drive,
it will be
super-cleaned. I would dare say that none on this maillist could get useful
data out of
it to save their lives, and the lives of their family members.

Still people (and/or auditors who make a living out of this) will invent
ways for hard drive
heads to be slightly out of alignment or remapped sectors that would show
up magically
at auditing time but not in any other case.

So if you wipe,overwrite,rewrite and do all the magic tricks to make each
read byte on the
drive give you new data and none of the old I (personally) think it should
be compliantly
wiped and anyone that "knows" a way to get the drive to magically start
serving old stale
ceph data via the OSDs are quite welcome to provide me with such a program.
I will make
a killing on backup / restore that utilizes this kind of magic to get wiped
data back.

Not that I am any kind of laywer or anything, but if a customer needs to
run a ton of data
over ceph (or any other storage) and demands wiping on the way out, it
would either be
for them to pay enough so you can destruct the drives and replace them, or
they should
only write down encrypted data (should be easy for VMs with ceph backend
storage) and
then throw away the key to the data which you never saw.

Not doing their part to prevent reading of said data, and not paying you
for costs which
compliance says is unavoidable if no wiping is ever good enough seems like
a poor
relationship and only drives such customers to some provider that will be
prone to lie to
them in order to not push the real costs over to customers.

May the most significant bit of your life be positive.
ceph-users mailing list

Reply via email to