Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-15 Thread Lemseffer. Tahar (MSA)
Thanks you

How can I remove a debugging file from a make file?

Thanks
T

-Original Message-
From: vox-tech-boun...@lists.lugod.org
[mailto:vox-tech-boun...@lists.lugod.org] On Behalf Of Tim Riley
Sent: Tuesday, September 15, 2009 10:13 AM
To: lugod's technical discussion forum
Subject: Re: [vox-tech] Most efficient way to wipe hard drives

On Tue, 2009-09-15 at 09:44 -0700, Lemseffer. Tahar (MSA) wrote:
> Good morning All,
> Is anyone familiar with C Unix

Yes. I'm sure you'll find a lot of company at LUGOD. However, this
topic is better discussed on the mailing list vox. Vox-tech is used
for specific technical questions. Also, this change of subject would
warrant a new thread.

> Thanks
> T
> 
> -Original Message-
> From: vox-tech-boun...@lists.lugod.org
> [mailto:vox-tech-boun...@lists.lugod.org] On Behalf Of Chanoch (Ken)
> Bloom
> Sent: Thursday, September 10, 2009 10:38 AM
> To: lugod's technical discussion forum
> Subject: Re: [vox-tech] Most efficient way to wipe hard drives
> 
> On Thu, Sep 10, 2009 at 09:56:54AM -0700, Brian Lavender wrote:
> > On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote:
> > > 
> > > Short answer, one wipe is enough (At least for NIST, and one of
the
> British
> > > Infosec standards), wipes miss bad sectors, the ATA secure erase
> command is
> > > worth checking out.
> > [snip]
> > I think caching is a concern on some systems, so more wipes seems to
> > magically make the write go to the actual media. But I would agree
> with
> > one wipe is probably enough. I had not thought about bad blocks. 
> > 
> > > 
> > > So if you don't use secure wipe and won't lose sleep at night over
a
> few bad
> > > blocks being potentially recovered I'd recommend something like:
> > > 
> > > dd if=/dev/urandom of=/dev/sd
> > 
> > Your computer must have a lot of entropy! Note that that device
> gathers
> > entropy from the system. When an event happens, it may be worth one
or
> > two bits. Last time I wrote a program that read from that device, it
> > seemed that I got a number of bytes, and then I had to wait as
various
> > events occured to the system. That is why they often tell you to
move
> the
> > mouse around when generating keys. It generates entropy for the
> system.
> 
> /dev/random, blocks waiting for entropy.
> /dev/urandom doesn't wait for entropy. It uses entropy if it's
> avalable, and switches to a PRNG if there isn't enough entropy. I
> think it's similar to what you suggest doing with AES.
> 
> --Ken
> 
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech

EMAIL DISCLAIMER:
This email and any attachments thereto may contain private, confidential, and
privileged material for the sole use of the intended recipient. Any review,
copying, or distribution of this email (or any attachments thereto) by other
than the intended recipient is strictly prohibited.

If you are not the intended recipient, please contact the sender immediately
and permanently delete the original and any copies of this email and any
attachments thereto.
_
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-15 Thread Tim Riley
On Tue, 2009-09-15 at 09:44 -0700, Lemseffer. Tahar (MSA) wrote:
> Good morning All,
> Is anyone familiar with C Unix

Yes. I'm sure you'll find a lot of company at LUGOD. However, this
topic is better discussed on the mailing list vox. Vox-tech is used
for specific technical questions. Also, this change of subject would
warrant a new thread.

> Thanks
> T
> 
> -Original Message-
> From: vox-tech-boun...@lists.lugod.org
> [mailto:vox-tech-boun...@lists.lugod.org] On Behalf Of Chanoch (Ken)
> Bloom
> Sent: Thursday, September 10, 2009 10:38 AM
> To: lugod's technical discussion forum
> Subject: Re: [vox-tech] Most efficient way to wipe hard drives
> 
> On Thu, Sep 10, 2009 at 09:56:54AM -0700, Brian Lavender wrote:
> > On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote:
> > > 
> > > Short answer, one wipe is enough (At least for NIST, and one of the
> British
> > > Infosec standards), wipes miss bad sectors, the ATA secure erase
> command is
> > > worth checking out.
> > [snip]
> > I think caching is a concern on some systems, so more wipes seems to
> > magically make the write go to the actual media. But I would agree
> with
> > one wipe is probably enough. I had not thought about bad blocks. 
> > 
> > > 
> > > So if you don't use secure wipe and won't lose sleep at night over a
> few bad
> > > blocks being potentially recovered I'd recommend something like:
> > > 
> > > dd if=/dev/urandom of=/dev/sd
> > 
> > Your computer must have a lot of entropy! Note that that device
> gathers
> > entropy from the system. When an event happens, it may be worth one or
> > two bits. Last time I wrote a program that read from that device, it
> > seemed that I got a number of bytes, and then I had to wait as various
> > events occured to the system. That is why they often tell you to move
> the
> > mouse around when generating keys. It generates entropy for the
> system.
> 
> /dev/random, blocks waiting for entropy.
> /dev/urandom doesn't wait for entropy. It uses entropy if it's
> avalable, and switches to a PRNG if there isn't enough entropy. I
> think it's similar to what you suggest doing with AES.
> 
> --Ken
> 
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-15 Thread Lemseffer. Tahar (MSA)
Good morning All,
Is anyone familiar with C Unix
Thanks
T

-Original Message-
From: vox-tech-boun...@lists.lugod.org
[mailto:vox-tech-boun...@lists.lugod.org] On Behalf Of Chanoch (Ken)
Bloom
Sent: Thursday, September 10, 2009 10:38 AM
To: lugod's technical discussion forum
Subject: Re: [vox-tech] Most efficient way to wipe hard drives

On Thu, Sep 10, 2009 at 09:56:54AM -0700, Brian Lavender wrote:
> On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote:
> > 
> > Short answer, one wipe is enough (At least for NIST, and one of the
British
> > Infosec standards), wipes miss bad sectors, the ATA secure erase
command is
> > worth checking out.
> [snip]
> I think caching is a concern on some systems, so more wipes seems to
> magically make the write go to the actual media. But I would agree
with
> one wipe is probably enough. I had not thought about bad blocks. 
> 
> > 
> > So if you don't use secure wipe and won't lose sleep at night over a
few bad
> > blocks being potentially recovered I'd recommend something like:
> > 
> > dd if=/dev/urandom of=/dev/sd
> 
> Your computer must have a lot of entropy! Note that that device
gathers
> entropy from the system. When an event happens, it may be worth one or
> two bits. Last time I wrote a program that read from that device, it
> seemed that I got a number of bytes, and then I had to wait as various
> events occured to the system. That is why they often tell you to move
the
> mouse around when generating keys. It generates entropy for the
system.

/dev/random, blocks waiting for entropy.
/dev/urandom doesn't wait for entropy. It uses entropy if it's
avalable, and switches to a PRNG if there isn't enough entropy. I
think it's similar to what you suggest doing with AES.

--Ken

-- 
Chanoch (Ken) Bloom. PhD candidate. Linguistic Cognition Laboratory.
Department of Computer Science. Illinois Institute of Technology.
http://www.iit.edu/~kbloom1/
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech

EMAIL DISCLAIMER:
This email and any attachments thereto may contain private, confidential, and
privileged material for the sole use of the intended recipient. Any review,
copying, or distribution of this email (or any attachments thereto) by other
than the intended recipient is strictly prohibited.

If you are not the intended recipient, please contact the sender immediately
and permanently delete the original and any copies of this email and any
attachments thereto.
_
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-13 Thread Bill Kendrick
On Fri, Sep 11, 2009 at 05:58:13PM -0700, Bill Kendrick wrote:
> Oh, I just mean to say that, some days, all this newfangled technology
> scares me, and I pine for the bad ol' days of 64KB -- execuse me, 64KiB --
> of RAM.

I went and lived in 6502 land for a few hours this weekend:
  http://www.newbreedsoftware.com/gogogarb/

It's in Action!, and source is available.  Shouldn't be _too_ hard to
port to C and SDL, for someone who knows what they're doing.
(I did that once with an Atari game... now the Linux version of it is
one of the in-flight games on Virgin Airline's "Red" entertainment system!)

-- 
-bill!
Sent from my computer
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-11 Thread Brian Lavender
On Fri, Sep 11, 2009 at 05:58:13PM -0700, Bill Kendrick wrote:
> On Fri, Sep 11, 2009 at 04:59:39PM -0700, Brian Lavender wrote:
> > That was pretty harsh, wasn't it? 
> 
> Oh, I just mean to say that, some days, all this newfangled technology
> scares me, and I pine for the bad ol' days of 64KB -- execuse me, 64KiB --
> of RAM.

Keep that mind fresh! Although, I still think my HP-15c is one of the
best calculators made. Apparently, others think the same, considering
the current bid on this one is a 100 bucks on ebay. 

http://cgi.ebay.com/Hewlett-Packard-15C-Calculator-w-Leather-Case_W0QQitemZ280394757583QQcmdZViewItemQQptZCalculators?hash=item4148d475cf&_trksid=p3286.c0.m14

-- 
Brian Lavender
http://www.brie.com/brian/
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-11 Thread Bill Kendrick
On Fri, Sep 11, 2009 at 04:59:39PM -0700, Brian Lavender wrote:
> That was pretty harsh, wasn't it? 

Oh, I just mean to say that, some days, all this newfangled technology
scares me, and I pine for the bad ol' days of 64KB -- execuse me, 64KiB --
of RAM.

-- 
-bill!
Sent from my computer
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-11 Thread Brian Lavender
On Fri, Sep 11, 2009 at 04:51:57PM -0700, Bill Kendrick wrote:
> On Fri, Sep 11, 2009 at 04:41:06PM -0700, Brian Lavender wrote:
> > Those old school people who didn't pay attention to the block that was
> > underneath or the page in memory!
> 
> I'm going to go hide under a rock and apply the fast-SIO-transfer
> patch to my Atari 8-bit. ;)

That was pretty harsh, wasn't it? 

-- 
Brian Lavender
http://www.brie.com/brian/
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-11 Thread Bill Kendrick
On Fri, Sep 11, 2009 at 04:41:06PM -0700, Brian Lavender wrote:
> Those old school people who didn't pay attention to the block that was
> underneath or the page in memory!

I'm going to go hide under a rock and apply the fast-SIO-transfer
patch to my Atari 8-bit. ;)

-bill!
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-11 Thread Brian Lavender
On Fri, Sep 11, 2009 at 03:22:55PM -0700, Tony Cratz wrote:
> Bill Broadley wrote:
> > Well shred is for files, not disks.  Erasing files is much trickier.  Most
> > editors make backup copies, undo logs, etc.  Not to mention every time you
> > edit a file the previous version (typically) gets deleted, thus those blocks
> > are on the free list and floating around your disk.  Not to mention any 
> > blocks
> > that are swapped out.
> > 
> > I'd consider shred radically less secure than just dd'ing the entire disk,
> > which is itself less secure than a secure erase.
> 
> 
>   Us old school Unix people use to say that everything in Unix was
>   a file, be it a disk or a normal file.
> 

Those old school people who didn't pay attention to the block that was
underneath or the page in memory!

-- 
Brian Lavender
http://www.brie.com/brian/
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-11 Thread Bill Broadley
Tony Cratz wrote:
> Bill Broadley wrote:
>> Well shred is for files, not disks.  Erasing files is much trickier.  Most
>> editors make backup copies, undo logs, etc.  Not to mention every time you
>> edit a file the previous version (typically) gets deleted, thus those blocks
>> are on the free list and floating around your disk.  Not to mention any 
>> blocks
>> that are swapped out.
>>
>> I'd consider shred radically less secure than just dd'ing the entire disk,
>> which is itself less secure than a secure erase.
> 
> 
>   Us old school Unix people use to say that everything in Unix was
>   a file, be it a disk or a normal file.

Heh, sure, of course there's a few warnings.  Shared libraries, other
processes writing to the filesystem, caching, etc.  Also if used on a file
it's highly filesystem dependent, see the man page.
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-11 Thread Tony Cratz
Bill Broadley wrote:
> Well shred is for files, not disks.  Erasing files is much trickier.  Most
> editors make backup copies, undo logs, etc.  Not to mention every time you
> edit a file the previous version (typically) gets deleted, thus those blocks
> are on the free list and floating around your disk.  Not to mention any blocks
> that are swapped out.
> 
> I'd consider shred radically less secure than just dd'ing the entire disk,
> which is itself less secure than a secure erase.


Us old school Unix people use to say that everything in Unix was
a file, be it a disk or a normal file.


Tony
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-11 Thread Bill Broadley
Tony Cratz wrote:
> Bill Broadley wrote:
>> Bill Kendrick wrote:
>>> On Thu, Sep 10, 2009 at 04:07:42PM -0700, Bill Broadley wrote:
 Looks like it would be faster to write all zeros then all ones.
>>> "all zeros, then all ones"?  Or "faster to write all zeros _than_ all ones"?
> 
>> Something like 01010101 on the first pass and 10101010 on the second.  Not
>> that it's a big difference.  It's just a paranoid detail.  Overwriting with
>> anything once should do it.  Except for the badblocks.  Secure deletion or
>> destruction is the only way to get those.
> 
> 
>   Or you can cheat and use 'shred' to do the work for you. After
>   all that is what the program is for.

Well shred is for files, not disks.  Erasing files is much trickier.  Most
editors make backup copies, undo logs, etc.  Not to mention every time you
edit a file the previous version (typically) gets deleted, thus those blocks
are on the free list and floating around your disk.  Not to mention any blocks
that are swapped out.

I'd consider shred radically less secure than just dd'ing the entire disk,
which is itself less secure than a secure erase.



> 
> 
>   Tony
> ___
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-11 Thread Tony Cratz
Bill Broadley wrote:
> Bill Kendrick wrote:
>> On Thu, Sep 10, 2009 at 04:07:42PM -0700, Bill Broadley wrote:
>>> Looks like it would be faster to write all zeros then all ones.
>> "all zeros, then all ones"?  Or "faster to write all zeros _than_ all ones"?

> Something like 01010101 on the first pass and 10101010 on the second.  Not
> that it's a big difference.  It's just a paranoid detail.  Overwriting with
> anything once should do it.  Except for the badblocks.  Secure deletion or
> destruction is the only way to get those.


Or you can cheat and use 'shred' to do the work for you. After
all that is what the program is for.


Tony
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-11 Thread Bill Broadley
Bill Kendrick wrote:
> On Thu, Sep 10, 2009 at 04:07:42PM -0700, Bill Broadley wrote:
>> Looks like it would be faster to write all zeros then all ones.
> 
> "all zeros, then all ones"?  Or "faster to write all zeros _than_ all ones"?

Heh, it's faster to overwrite it twice then it is to overwrite it once with
random numbers.

> 
>> 0 then 1, of if you prefer any byte then it's compliment.
> 
> Forget I asked. :)

Something like 01010101 on the first pass and 10101010 on the second.  Not
that it's a big difference.  It's just a paranoid detail.  Overwriting with
anything once should do it.  Except for the badblocks.  Secure deletion or
destruction is the only way to get those.

> 
> -bill!
> ___
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-10 Thread Bill Kendrick
On Thu, Sep 10, 2009 at 04:07:42PM -0700, Bill Broadley wrote:
> Looks like it would be faster to write all zeros then all ones.

"all zeros, then all ones"?  Or "faster to write all zeros _than_ all ones"?


> 0 then 1, of if you prefer any byte then it's compliment.

Forget I asked. :)

-bill!
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-10 Thread Bill Broadley
Brian Lavender wrote:
> On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote:
>> Short answer, one wipe is enough (At least for NIST, and one of the British
>> Infosec standards), wipes miss bad sectors, the ATA secure erase command is
>> worth checking out.
> [snip]
> I think caching is a concern on some systems, so more wipes seems to
> magically make the write go to the actual media. But I would agree with

I don't see how.  After all a system wouldn't work well without reliable
writes.  Sure you should do a sync and order shutdown and not pull the power
the second the dd command comes back.  Especially if the disk light is showing
activity.  NIST seems to have made a very informed decision on the single
write is enough.  Keep in mind even if linux random dropped writes without
telling anyone the cache is much much smaller than the disk on any sane system.


> one wipe is probably enough. I had not thought about bad blocks. 

Secure erase or destruction is the only way to get those.

>> So if you don't use secure wipe and won't lose sleep at night over a few bad
>> blocks being potentially recovered I'd recommend something like:
>>
>> dd if=/dev/urandom of=/dev/sd
> 
> Your computer must have a lot of entropy! Note that that device gathers

Note the above is /dev/urandom, only /dev/random is limited by entropy.
Indeed a read of a disk worth from /dev/random would take a very long time.

As long as your attacker doesn't have root access to the machine doing the
wipe during the wipe you should be good.  Pretty much all linux distributions
since 2000 or so save the seed state across reboots.

>From the random man page:
   If  a  seed file is saved across reboots as recommended above (all major
   Linux distributions have done this since 2000 at least), the output is
   cryptographically  secure  against  attackers  without  local root access
   as soon as it is reloaded in the boot sequence,

> entropy from the system. When an event happens, it may be worth one or
> two bits. Last time I wrote a program that read from that device, it
> seemed that I got a number of bytes, and then I had to wait as various
> events occured to the system. That is why they often tell you to move the
> mouse around when generating keys. It generates entropy for the system.

Yes, /dev/random blocks when there isn't enough entropy, thus /dev/urandom 
above.

> You can feed that data from /dev/urandom into AES as the key, then
> use Cipher Block Chaining so that it looks more random. Essentially,

Seems a bit silly, /dev/urandom does this already for you.  If interested you
might like RFC 1750 "Randomness Recommendations for Security".

> you are using the /dev/urandom as the key to produce cipher text.
> I believe dban does this. 

Seems a bit silly.  So if you use /dev/urandom for the key for AES, what do
you actually encrypt?

> If you wipe with /dev/zero, then the adversary could be correct for
> half the bits assuming that they are equaly distributed!

Er, right.  How is that a problem?   Say I buy a new disk full of zeros, it
has likely around half the bits identical to your disk.  The trick is I don't
know which ones.  Sure for each bit I have a 50% chance.  But even guessing 64
in a row is 1/2^64 or so which makes it rather unlikely.

Kinda reminds me of printing out all the ssn numbers and then saying I have
you SS number in that list... I've violated your privacy... then again I don't
know which one it is.

Basically with todays drive technology what you write is what you get, the
"track edges" are gone, there exists no practical way to reads the bits from
previous reads.  I just picked /dev/urandom becuase it's cheap, easy to
compute, er, oops.  Looks like it would be faster to write all zeros then all
ones.

At least the 2 faster machines I have access to only manage 7.5MB/sec, any
disk from the last few years should manage 40-50MB/sec and if it's from the
last year or so likely double that or more.

So what would be faster and more protective (but not as much as a secure
erase) could be any two patterns.  0 then 1, of if you prefer any byte then
it's compliment.
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-10 Thread Chanoch (Ken) Bloom
On Thu, Sep 10, 2009 at 09:56:54AM -0700, Brian Lavender wrote:
> On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote:
> > 
> > Short answer, one wipe is enough (At least for NIST, and one of the British
> > Infosec standards), wipes miss bad sectors, the ATA secure erase command is
> > worth checking out.
> [snip]
> I think caching is a concern on some systems, so more wipes seems to
> magically make the write go to the actual media. But I would agree with
> one wipe is probably enough. I had not thought about bad blocks. 
> 
> > 
> > So if you don't use secure wipe and won't lose sleep at night over a few bad
> > blocks being potentially recovered I'd recommend something like:
> > 
> > dd if=/dev/urandom of=/dev/sd
> 
> Your computer must have a lot of entropy! Note that that device gathers
> entropy from the system. When an event happens, it may be worth one or
> two bits. Last time I wrote a program that read from that device, it
> seemed that I got a number of bytes, and then I had to wait as various
> events occured to the system. That is why they often tell you to move the
> mouse around when generating keys. It generates entropy for the system.

/dev/random, blocks waiting for entropy.
/dev/urandom doesn't wait for entropy. It uses entropy if it's
avalable, and switches to a PRNG if there isn't enough entropy. I
think it's similar to what you suggest doing with AES.

--Ken

-- 
Chanoch (Ken) Bloom. PhD candidate. Linguistic Cognition Laboratory.
Department of Computer Science. Illinois Institute of Technology.
http://www.iit.edu/~kbloom1/
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-10 Thread Brian Lavender
On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote:
> 
> Short answer, one wipe is enough (At least for NIST, and one of the British
> Infosec standards), wipes miss bad sectors, the ATA secure erase command is
> worth checking out.
[snip]
I think caching is a concern on some systems, so more wipes seems to
magically make the write go to the actual media. But I would agree with
one wipe is probably enough. I had not thought about bad blocks. 

> 
> So if you don't use secure wipe and won't lose sleep at night over a few bad
> blocks being potentially recovered I'd recommend something like:
> 
> dd if=/dev/urandom of=/dev/sd

Your computer must have a lot of entropy! Note that that device gathers
entropy from the system. When an event happens, it may be worth one or
two bits. Last time I wrote a program that read from that device, it
seemed that I got a number of bytes, and then I had to wait as various
events occured to the system. That is why they often tell you to move the
mouse around when generating keys. It generates entropy for the system.

You can feed that data from /dev/urandom into AES as the key, then
use Cipher Block Chaining so that it looks more random. Essentially,
you are using the /dev/urandom as the key to produce cipher text.
I believe dban does this. 

If you wipe with /dev/zero, then the adversary could be correct for
half the bits assuming that they are equaly distributed!

brian
-- 
Brian Lavender
http://www.brie.com/brian/
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-09 Thread Bill Broadley

Short answer, one wipe is enough (At least for NIST, and one of the British
Infosec standards), wipes miss bad sectors, the ATA secure erase command is
worth checking out.

I keep this one on file and update it occasionally.

Explanation, references, justification and details to follow.

Oh, I saw the recommendation for dban, I couldn't find any reference to
erasing bad sectors, if so it likely doesn't work as well as anything that
uses secure erase (like a free util or hdparm).

==

Basically the less you know about disks the more wipes one tends to recommend.
 Usually mentioning the ridiculous 35 wipes listed by Peter Gutmann.  I can't
explain it any better than Gutmann "some people have treated the 35-pass
overwrite technique described in it more as a kind of voodoo incantation to
banish evil spirits than the result of a technical analysis of drive encoding
techniques".  As well as "A good scrubbing with random data will do about as
well as can be expected".  While true in 1996 (where storage densities were on
the order of $0.40 per MB and 1.6GB was a big disk) it's much more true today
where TB disks are under $100 and disks commonly sell for less then $0.10 per
GB (a factor of 4000 cheaper and 1000 denser).

DoD, US Navy, Airforce, British infosec, german info security, etc all
recommend 3-4 wipes.  Mostly because large organizations generate standards
slowly, often taking years, and many of those standards where published long
ago.  That and for any engineering justification there's always a temptation
to add another wipe or 2 just to be sure.

Of course those in tin foil hats mention that the NSA doesn't allow wiping,
thus they must be able to recover after N wipes.  Instead I suggest that it's
because normal user wipes don't wipe bad sectors, and that it's much easier to
verify a drive is destroyed visually with 100% reliability then it is to tell
if a drive has been securely wiped with 100% reliability.  In practice there's
a big difference between theory and practice ;-).  NSA is all about practice.

The problem with wipes is that they won't overwrite bad blocks which an
attacker might be able to read.  Do you care about this?  If it's sector?
10? 100?  0.1% of a disk?  If you do you can use ATA Secure wipe, there are
utils/boot disks with it, NIST, DOD and others consider it better than a
normal wipe or multi-wipe.  Alas hdparm supports it, only experimentally.  I'd
suggest checking out:

http://cmrr.ucsd.edu/people/Hughes/DataSanitizationTutorial.pdf
http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml

In general CMRR looks like one of the centers of such expertise, I'd listen to
their recommendations.  They are cited by NIST (which recommends one wipe).
The PDF explains the myth of magnetic force microscope recovery.  There are
many other research publications that support this idea and debunk the
recovering from a wipe via magnetic microscopy.

So if you don't use secure wipe and won't lose sleep at night over a few bad
blocks being potentially recovered I'd recommend something like:

dd if=/dev/urandom of=/dev/sd

Above use something like /dev/sdb, NOT /dev/sdb1.  Swap could potentially
contain confidential information.

If you are ultra paranoid/bored, sure a second pass with either 1's, 0's , or
the random would add additional protection in case the NSA or other well
funded organization is going to dedicate a few expensive technicians, a hugely
expensive microscope, and man months/years trying to recover your data.

Alternatively you could bulk erase, but verify the data is unreadable, I have
heard of commercial units not actually working.  Especially for multiple
platter disks.  Everywhere I looked seemed to be saying this is a cat and
mouse game that the bulk erasers are losing.  The above PDF I believe mentions
that with the current or next generation recordings nothing external to the
drive short of a nuclear EMP blast will work.  Or just destroy the disks
something like vice, big hammer, big drill, gun, and fire seem to work just
fine.  Some places even sell specialized versions of the above for such 
purposes.

NIST says:
“Studies have shown that most of today’s media can be effectively cleared by
one overwrite.”

More details at:
http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf

For more info on the single wipe explanation:
http://www.anti-forensics.com/disk-wiping-one-pass-is-enough

This might be useful, it shows various standards:
http://en.wikipedia.org/wiki/Data_erasure

It mentions:
According to the Center for Magnetic Recording Research, "Secure erase does a
single on-track erasure of the data on the disk drive. The U.S. National
Security Agency published an Information Assurance Approval of single pass
overwrite, after technical testing at CMRR showed that multiple on-track
overwrite passes gave no additional erasure."[5] "Secure erase" is a function
built into modern ATA har

Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-09 Thread Scott Miller
http://16systems.com/zero

This page used to have a $500 challenge to anyone who could recover
data after a
dd if=/dev/zero of=/dev/sda

Maybe someone met the challenge? :P


-- 
Scott
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-09 Thread Bill Kendrick
On Wed, Sep 09, 2009 at 11:12:49AM -0700, Brian Lavender wrote:
> I have never used wipe, but it might do the trick. I am having a bit of
> a problem finding the sources and the details for it.

FWIW, I just used DBAN on a 1.5GHz Sempron with a pair of 7200rpm WDC drives.
(One 120GB, the other 320GB).  Took about 4hrs just to do a regular 'zeros'
wipe.  (Would've taken about 11 or 12 doing the default wipe, which is
obviously more complicated and more secure.)


> I would say that your best bet is Darik's Boot And Nuke.
> http://www.dban.org/

And thanks to whoever first directed me to DBAN.

-bill!
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-09 Thread Peter Jay Salzman
On Wed 09 Sep 09, 11:11 AM, Ted Deppner  said:
> use -q.  4 times instead of 34 (or -Q 1 depending on your desires).
> 
> As was already said, dd works fine for this in most all cases.  If you
> really wanted security you'd destroy the HD with shaped charges or by
> grinding to bits.  The apparent "need" to actually wipe an entire HD
> indicates a poorly designed security process(es) in the first place,
> or gross paranoia.
> 
> Look up "attack trees" by Schneier.  If an group had thousands of
> dollars to spend, they'd social engineer you or steal a laptop when
> you were at lunch.  If you really had data that valuable you'd already
> have encrypted hard drives, no laptops, no thumb drives, metal
> detectors, physical security, and grind up your equipment when it was
> end-of-lifed.  Oh, and "no cost" wouldn't be an issue.
> 
> That said, I do wipe my hard drives, but a -q.  Nothing will stop a
> determined attacker, or a government, but a wipe will keep prying eyes
> from prying.
> 
> >> The requirements:
> >> * No cost and is usable in a business
> >> * Securely erase so well that no proprietary information can be
> >> recovered, by say an experienced attacker with thousands of dollars to
> >> spend on equipment
> >> * Require a minimum of interaction (to free technicians to work on other 
> >> tasks)



I was just going to write a similar thing.

Writing a bunch of zeros with dd is fine if you want to avoid prying eyes of
casual observers.  The problem is when someone with nearly limitless
resources wants your data.

The problem is that writing *uniform* data won't stop a person with nearly
limitless resources from recovering data.  I would imagine that they would
have specialized hardware to look at ... I'm not sure what to call it ...
"residual hysteresis".  Basically, overwriting your data will realign most,
but not all, magnetic dipoles on the platter.  Picking off what used to be
represented at a location would be a problem similar to picking off a
background hum on a music recording.  If you know what to look for,
filtering becomes a whole lot easier.  It would be a not-so-difficult
application of harmonic analysis.

Unless you want to protect yourself from Russian spies, zeroing out with dd
is fine.  However, using wipe will give you extra protection at no cost, so
why not use it?

   aptitude install wipe

If dd (or even wipe) is not secure enough, then I agree with Ted about an
ipsofacto poorly designed security process or paranoia.

Pete
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-09 Thread Ted Deppner
use -q.  4 times instead of 34 (or -Q 1 depending on your desires).

As was already said, dd works fine for this in most all cases.  If you
really wanted security you'd destroy the HD with shaped charges or by
grinding to bits.  The apparent "need" to actually wipe an entire HD
indicates a poorly designed security process(es) in the first place,
or gross paranoia.

Look up "attack trees" by Schneier.  If an group had thousands of
dollars to spend, they'd social engineer you or steal a laptop when
you were at lunch.  If you really had data that valuable you'd already
have encrypted hard drives, no laptops, no thumb drives, metal
detectors, physical security, and grind up your equipment when it was
end-of-lifed.  Oh, and "no cost" wouldn't be an issue.

That said, I do wipe my hard drives, but a -q.  Nothing will stop a
determined attacker, or a government, but a wipe will keep prying eyes
from prying.

>> The requirements:
>> * No cost and is usable in a business
>> * Securely erase so well that no proprietary information can be
>> recovered, by say an experienced attacker with thousands of dollars to
>> spend on equipment
>> * Require a minimum of interaction (to free technicians to work on other 
>> tasks)
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-09 Thread Brian Lavender
On Wed, Sep 09, 2009 at 10:26:52AM -0700, Tim Riley wrote:
> On Wed, 2009-09-09 at 10:07 -0700, Darth Borehd wrote:
> > This is what I've been doing lately. I boot with a Fedora 10 live CD.
> > Then I mount the hard drive and run
> > 
> > wipe -cifkr /dev/sda1

I have never used wipe, but it might do the trick. I am having a bit of
a problem finding the sources and the details for it.

> 
> Try something like "dd if=/dev/zero of=/dev/sda1 bs=1"

I would not be absolutely certain on this one. The drive itsself might
do something to signal that the blocks are zero without fully writing
the zeros. Or, the data might still be available due to hysteresis
effects. 

> 
> > 
> > Then just for good measure, I repartition and reformat over it.
> 
> With dd, you have confidence the drive will be all zeros.
> 
> > 
> > It seems to pretty much shred the files but it takes hours.  Anybody
> > have a faster and more efficient method?
> 
> I have no idea the speed. But the process is just writing
> zeros and doing nothing else.

Good way to clean a disk.

/dev/urandom -> AES -> several passes.

It's all done for you here. 

I would say that your best bet is Darik's Boot And Nuke.
http://www.dban.org/

It performs several passes and writes random data to the drive. I will
have to take a look at wipe 

-- 
Brian Lavender
http://www.brie.com/brian/
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] Most efficient way to wipe hard drives

2009-09-09 Thread Tim Riley
On Wed, 2009-09-09 at 10:07 -0700, Darth Borehd wrote:
> This is what I've been doing lately. I boot with a Fedora 10 live CD.
> Then I mount the hard drive and run
> 
> wipe -cifkr /dev/sda1

Try something like "dd if=/dev/zero of=/dev/sda1 bs=1"

> 
> Then just for good measure, I repartition and reformat over it.

With dd, you have confidence the drive will be all zeros.

> 
> It seems to pretty much shred the files but it takes hours.  Anybody
> have a faster and more efficient method?

I have no idea the speed. But the process is just writing
zeros and doing nothing else.

> 
> The requirements:
> * No cost and is usable in a business
> * Securely erase so well that no proprietary information can be
> recovered, by say an experienced attacker with thousands of dollars to
> spend on equipment
> * Require a minimum of interaction (to free technicians to work on other 
> tasks)
> ___
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech