John Fleming wrote, >Q3)Shred sounds excellent for removing all traces of previous files, >but 25X?, isn't that overkill?
That depends on why you're erasing the drive. If all you want to do is get the previous owner's stuff off so you can use it yourself, then 25X is overkill. Just re-fdisk, re-mkfs, mount, and have at it. If you're trying to destroy the Secret Plan so that They can't get Their evil fingers on it, then you definitely want all 25 rewrites, and maybe more if you're feeling especially paranoid. If They really care about recovering your sensitive data, then They'll have access to sophisticated equipment to analyze the drive's platters and find the spots where your data slopped over the into the spaces between the tracks, and which a single rewrite-with-zeros pass won't fully erase. The 25 rewrites are done with 25 different bit patterns, especially chosen to minimize the chance that leftover "slop" might be recoverable. If you're getting rid of a drive that might hold sensitive data, this kind of erasing is important even if you're not afraid that the NSA might be spying on you. Hospitals, for example, probably have to do it to avoid HIPAA violations. And then there's the story of a company that received a replacement drive from their hardware support vendor, and were horrified to discover that it already contained a copy of their own confidential product development database from a few months earlier (see Nemeth et al, "UNIX System Admistration Handbook"...the full story is on page 739 of the second edition). Obviously, the time to do this sort of thing is before you get rid of the drive...don't count on the recipient to do it for you. By the way, beware of the FAT filesystem. If you use the above-mentioned re-fdisk-re-mkfs-mount procedure, the old data could suddenly spring back to life inside newly-created files. The FAT filesystem doesn't support sparse files--if you create a new file and only write to its 100th block, then the previous 99 blocks still have to allocated and assigned to the file, and the operating system won't zero them out for you--if you look in them you'll find whatever data happened to be left over in those blocks. For the classic example of the kind of trouble this can cause, check out http://catless.ncl.ac.uk/Risks/11.56.html. To prevent this, use a filesystem that supports sparse files (most true UNIX-style filesystems do), or if you must FAT, first use dd to zero out the partition (the WHOLE partition, not just the MBR). >Q4) I've heard it suggested that 4x through using the dd command >to write zeros through the mbr to the end of the drive is enough hide >sensitive old files, > how true is that? That's probably more than enough to guarantee that the drive's own read-write head won't be able to see the data anymore, and is probably sufficient if the data isn't very sensitive. However, a data recovery company, or the NSA, could probably still take the drive apart and puts its innards into their own equipment and recover lots of data from the inter-track slop. If your data is sensitive enough that this worries you, then use the full 25X multiple-bit-pattern erase. - Neil Parker _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
