Re: [vox-tech] Most efficient way to wipe hard drives
Thanks you How can I remove a debugging file from a make file? Thanks T -Original Message- From: vox-tech-boun...@lists.lugod.org [mailto:vox-tech-boun...@lists.lugod.org] On Behalf Of Tim Riley Sent: Tuesday, September 15, 2009 10:13 AM To: lugod's technical discussion forum Subject: Re: [vox-tech] Most efficient way to wipe hard drives On Tue, 2009-09-15 at 09:44 -0700, Lemseffer. Tahar (MSA) wrote: > Good morning All, > Is anyone familiar with C Unix Yes. I'm sure you'll find a lot of company at LUGOD. However, this topic is better discussed on the mailing list vox. Vox-tech is used for specific technical questions. Also, this change of subject would warrant a new thread. > Thanks > T > > -Original Message- > From: vox-tech-boun...@lists.lugod.org > [mailto:vox-tech-boun...@lists.lugod.org] On Behalf Of Chanoch (Ken) > Bloom > Sent: Thursday, September 10, 2009 10:38 AM > To: lugod's technical discussion forum > Subject: Re: [vox-tech] Most efficient way to wipe hard drives > > On Thu, Sep 10, 2009 at 09:56:54AM -0700, Brian Lavender wrote: > > On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote: > > > > > > Short answer, one wipe is enough (At least for NIST, and one of the > British > > > Infosec standards), wipes miss bad sectors, the ATA secure erase > command is > > > worth checking out. > > [snip] > > I think caching is a concern on some systems, so more wipes seems to > > magically make the write go to the actual media. But I would agree > with > > one wipe is probably enough. I had not thought about bad blocks. > > > > > > > > So if you don't use secure wipe and won't lose sleep at night over a > few bad > > > blocks being potentially recovered I'd recommend something like: > > > > > > dd if=/dev/urandom of=/dev/sd > > > > Your computer must have a lot of entropy! Note that that device > gathers > > entropy from the system. When an event happens, it may be worth one or > > two bits. Last time I wrote a program that read from that device, it > > seemed that I got a number of bytes, and then I had to wait as various > > events occured to the system. That is why they often tell you to move > the > > mouse around when generating keys. It generates entropy for the > system. > > /dev/random, blocks waiting for entropy. > /dev/urandom doesn't wait for entropy. It uses entropy if it's > avalable, and switches to a PRNG if there isn't enough entropy. I > think it's similar to what you suggest doing with AES. > > --Ken > ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech EMAIL DISCLAIMER: This email and any attachments thereto may contain private, confidential, and privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto. _ ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
On Tue, 2009-09-15 at 09:44 -0700, Lemseffer. Tahar (MSA) wrote: > Good morning All, > Is anyone familiar with C Unix Yes. I'm sure you'll find a lot of company at LUGOD. However, this topic is better discussed on the mailing list vox. Vox-tech is used for specific technical questions. Also, this change of subject would warrant a new thread. > Thanks > T > > -Original Message- > From: vox-tech-boun...@lists.lugod.org > [mailto:vox-tech-boun...@lists.lugod.org] On Behalf Of Chanoch (Ken) > Bloom > Sent: Thursday, September 10, 2009 10:38 AM > To: lugod's technical discussion forum > Subject: Re: [vox-tech] Most efficient way to wipe hard drives > > On Thu, Sep 10, 2009 at 09:56:54AM -0700, Brian Lavender wrote: > > On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote: > > > > > > Short answer, one wipe is enough (At least for NIST, and one of the > British > > > Infosec standards), wipes miss bad sectors, the ATA secure erase > command is > > > worth checking out. > > [snip] > > I think caching is a concern on some systems, so more wipes seems to > > magically make the write go to the actual media. But I would agree > with > > one wipe is probably enough. I had not thought about bad blocks. > > > > > > > > So if you don't use secure wipe and won't lose sleep at night over a > few bad > > > blocks being potentially recovered I'd recommend something like: > > > > > > dd if=/dev/urandom of=/dev/sd > > > > Your computer must have a lot of entropy! Note that that device > gathers > > entropy from the system. When an event happens, it may be worth one or > > two bits. Last time I wrote a program that read from that device, it > > seemed that I got a number of bytes, and then I had to wait as various > > events occured to the system. That is why they often tell you to move > the > > mouse around when generating keys. It generates entropy for the > system. > > /dev/random, blocks waiting for entropy. > /dev/urandom doesn't wait for entropy. It uses entropy if it's > avalable, and switches to a PRNG if there isn't enough entropy. I > think it's similar to what you suggest doing with AES. > > --Ken > ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
Good morning All, Is anyone familiar with C Unix Thanks T -Original Message- From: vox-tech-boun...@lists.lugod.org [mailto:vox-tech-boun...@lists.lugod.org] On Behalf Of Chanoch (Ken) Bloom Sent: Thursday, September 10, 2009 10:38 AM To: lugod's technical discussion forum Subject: Re: [vox-tech] Most efficient way to wipe hard drives On Thu, Sep 10, 2009 at 09:56:54AM -0700, Brian Lavender wrote: > On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote: > > > > Short answer, one wipe is enough (At least for NIST, and one of the British > > Infosec standards), wipes miss bad sectors, the ATA secure erase command is > > worth checking out. > [snip] > I think caching is a concern on some systems, so more wipes seems to > magically make the write go to the actual media. But I would agree with > one wipe is probably enough. I had not thought about bad blocks. > > > > > So if you don't use secure wipe and won't lose sleep at night over a few bad > > blocks being potentially recovered I'd recommend something like: > > > > dd if=/dev/urandom of=/dev/sd > > Your computer must have a lot of entropy! Note that that device gathers > entropy from the system. When an event happens, it may be worth one or > two bits. Last time I wrote a program that read from that device, it > seemed that I got a number of bytes, and then I had to wait as various > events occured to the system. That is why they often tell you to move the > mouse around when generating keys. It generates entropy for the system. /dev/random, blocks waiting for entropy. /dev/urandom doesn't wait for entropy. It uses entropy if it's avalable, and switches to a PRNG if there isn't enough entropy. I think it's similar to what you suggest doing with AES. --Ken -- Chanoch (Ken) Bloom. PhD candidate. Linguistic Cognition Laboratory. Department of Computer Science. Illinois Institute of Technology. http://www.iit.edu/~kbloom1/ ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech EMAIL DISCLAIMER: This email and any attachments thereto may contain private, confidential, and privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto. _ ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
On Fri, Sep 11, 2009 at 05:58:13PM -0700, Bill Kendrick wrote: > Oh, I just mean to say that, some days, all this newfangled technology > scares me, and I pine for the bad ol' days of 64KB -- execuse me, 64KiB -- > of RAM. I went and lived in 6502 land for a few hours this weekend: http://www.newbreedsoftware.com/gogogarb/ It's in Action!, and source is available. Shouldn't be _too_ hard to port to C and SDL, for someone who knows what they're doing. (I did that once with an Atari game... now the Linux version of it is one of the in-flight games on Virgin Airline's "Red" entertainment system!) -- -bill! Sent from my computer ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
On Fri, Sep 11, 2009 at 05:58:13PM -0700, Bill Kendrick wrote: > On Fri, Sep 11, 2009 at 04:59:39PM -0700, Brian Lavender wrote: > > That was pretty harsh, wasn't it? > > Oh, I just mean to say that, some days, all this newfangled technology > scares me, and I pine for the bad ol' days of 64KB -- execuse me, 64KiB -- > of RAM. Keep that mind fresh! Although, I still think my HP-15c is one of the best calculators made. Apparently, others think the same, considering the current bid on this one is a 100 bucks on ebay. http://cgi.ebay.com/Hewlett-Packard-15C-Calculator-w-Leather-Case_W0QQitemZ280394757583QQcmdZViewItemQQptZCalculators?hash=item4148d475cf&_trksid=p3286.c0.m14 -- Brian Lavender http://www.brie.com/brian/ ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
On Fri, Sep 11, 2009 at 04:59:39PM -0700, Brian Lavender wrote: > That was pretty harsh, wasn't it? Oh, I just mean to say that, some days, all this newfangled technology scares me, and I pine for the bad ol' days of 64KB -- execuse me, 64KiB -- of RAM. -- -bill! Sent from my computer ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
On Fri, Sep 11, 2009 at 04:51:57PM -0700, Bill Kendrick wrote: > On Fri, Sep 11, 2009 at 04:41:06PM -0700, Brian Lavender wrote: > > Those old school people who didn't pay attention to the block that was > > underneath or the page in memory! > > I'm going to go hide under a rock and apply the fast-SIO-transfer > patch to my Atari 8-bit. ;) That was pretty harsh, wasn't it? -- Brian Lavender http://www.brie.com/brian/ ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
On Fri, Sep 11, 2009 at 04:41:06PM -0700, Brian Lavender wrote: > Those old school people who didn't pay attention to the block that was > underneath or the page in memory! I'm going to go hide under a rock and apply the fast-SIO-transfer patch to my Atari 8-bit. ;) -bill! ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
On Fri, Sep 11, 2009 at 03:22:55PM -0700, Tony Cratz wrote: > Bill Broadley wrote: > > Well shred is for files, not disks. Erasing files is much trickier. Most > > editors make backup copies, undo logs, etc. Not to mention every time you > > edit a file the previous version (typically) gets deleted, thus those blocks > > are on the free list and floating around your disk. Not to mention any > > blocks > > that are swapped out. > > > > I'd consider shred radically less secure than just dd'ing the entire disk, > > which is itself less secure than a secure erase. > > > Us old school Unix people use to say that everything in Unix was > a file, be it a disk or a normal file. > Those old school people who didn't pay attention to the block that was underneath or the page in memory! -- Brian Lavender http://www.brie.com/brian/ ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
Tony Cratz wrote: > Bill Broadley wrote: >> Well shred is for files, not disks. Erasing files is much trickier. Most >> editors make backup copies, undo logs, etc. Not to mention every time you >> edit a file the previous version (typically) gets deleted, thus those blocks >> are on the free list and floating around your disk. Not to mention any >> blocks >> that are swapped out. >> >> I'd consider shred radically less secure than just dd'ing the entire disk, >> which is itself less secure than a secure erase. > > > Us old school Unix people use to say that everything in Unix was > a file, be it a disk or a normal file. Heh, sure, of course there's a few warnings. Shared libraries, other processes writing to the filesystem, caching, etc. Also if used on a file it's highly filesystem dependent, see the man page. ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
Bill Broadley wrote: > Well shred is for files, not disks. Erasing files is much trickier. Most > editors make backup copies, undo logs, etc. Not to mention every time you > edit a file the previous version (typically) gets deleted, thus those blocks > are on the free list and floating around your disk. Not to mention any blocks > that are swapped out. > > I'd consider shred radically less secure than just dd'ing the entire disk, > which is itself less secure than a secure erase. Us old school Unix people use to say that everything in Unix was a file, be it a disk or a normal file. Tony ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
Tony Cratz wrote: > Bill Broadley wrote: >> Bill Kendrick wrote: >>> On Thu, Sep 10, 2009 at 04:07:42PM -0700, Bill Broadley wrote: Looks like it would be faster to write all zeros then all ones. >>> "all zeros, then all ones"? Or "faster to write all zeros _than_ all ones"? > >> Something like 01010101 on the first pass and 10101010 on the second. Not >> that it's a big difference. It's just a paranoid detail. Overwriting with >> anything once should do it. Except for the badblocks. Secure deletion or >> destruction is the only way to get those. > > > Or you can cheat and use 'shred' to do the work for you. After > all that is what the program is for. Well shred is for files, not disks. Erasing files is much trickier. Most editors make backup copies, undo logs, etc. Not to mention every time you edit a file the previous version (typically) gets deleted, thus those blocks are on the free list and floating around your disk. Not to mention any blocks that are swapped out. I'd consider shred radically less secure than just dd'ing the entire disk, which is itself less secure than a secure erase. > > > Tony > ___ > vox-tech mailing list > vox-tech@lists.lugod.org > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
Bill Broadley wrote: > Bill Kendrick wrote: >> On Thu, Sep 10, 2009 at 04:07:42PM -0700, Bill Broadley wrote: >>> Looks like it would be faster to write all zeros then all ones. >> "all zeros, then all ones"? Or "faster to write all zeros _than_ all ones"? > Something like 01010101 on the first pass and 10101010 on the second. Not > that it's a big difference. It's just a paranoid detail. Overwriting with > anything once should do it. Except for the badblocks. Secure deletion or > destruction is the only way to get those. Or you can cheat and use 'shred' to do the work for you. After all that is what the program is for. Tony ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
Bill Kendrick wrote: > On Thu, Sep 10, 2009 at 04:07:42PM -0700, Bill Broadley wrote: >> Looks like it would be faster to write all zeros then all ones. > > "all zeros, then all ones"? Or "faster to write all zeros _than_ all ones"? Heh, it's faster to overwrite it twice then it is to overwrite it once with random numbers. > >> 0 then 1, of if you prefer any byte then it's compliment. > > Forget I asked. :) Something like 01010101 on the first pass and 10101010 on the second. Not that it's a big difference. It's just a paranoid detail. Overwriting with anything once should do it. Except for the badblocks. Secure deletion or destruction is the only way to get those. > > -bill! > ___ > vox-tech mailing list > vox-tech@lists.lugod.org > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
On Thu, Sep 10, 2009 at 04:07:42PM -0700, Bill Broadley wrote: > Looks like it would be faster to write all zeros then all ones. "all zeros, then all ones"? Or "faster to write all zeros _than_ all ones"? > 0 then 1, of if you prefer any byte then it's compliment. Forget I asked. :) -bill! ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
Brian Lavender wrote: > On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote: >> Short answer, one wipe is enough (At least for NIST, and one of the British >> Infosec standards), wipes miss bad sectors, the ATA secure erase command is >> worth checking out. > [snip] > I think caching is a concern on some systems, so more wipes seems to > magically make the write go to the actual media. But I would agree with I don't see how. After all a system wouldn't work well without reliable writes. Sure you should do a sync and order shutdown and not pull the power the second the dd command comes back. Especially if the disk light is showing activity. NIST seems to have made a very informed decision on the single write is enough. Keep in mind even if linux random dropped writes without telling anyone the cache is much much smaller than the disk on any sane system. > one wipe is probably enough. I had not thought about bad blocks. Secure erase or destruction is the only way to get those. >> So if you don't use secure wipe and won't lose sleep at night over a few bad >> blocks being potentially recovered I'd recommend something like: >> >> dd if=/dev/urandom of=/dev/sd > > Your computer must have a lot of entropy! Note that that device gathers Note the above is /dev/urandom, only /dev/random is limited by entropy. Indeed a read of a disk worth from /dev/random would take a very long time. As long as your attacker doesn't have root access to the machine doing the wipe during the wipe you should be good. Pretty much all linux distributions since 2000 or so save the seed state across reboots. >From the random man page: If a seed file is saved across reboots as recommended above (all major Linux distributions have done this since 2000 at least), the output is cryptographically secure against attackers without local root access as soon as it is reloaded in the boot sequence, > entropy from the system. When an event happens, it may be worth one or > two bits. Last time I wrote a program that read from that device, it > seemed that I got a number of bytes, and then I had to wait as various > events occured to the system. That is why they often tell you to move the > mouse around when generating keys. It generates entropy for the system. Yes, /dev/random blocks when there isn't enough entropy, thus /dev/urandom above. > You can feed that data from /dev/urandom into AES as the key, then > use Cipher Block Chaining so that it looks more random. Essentially, Seems a bit silly, /dev/urandom does this already for you. If interested you might like RFC 1750 "Randomness Recommendations for Security". > you are using the /dev/urandom as the key to produce cipher text. > I believe dban does this. Seems a bit silly. So if you use /dev/urandom for the key for AES, what do you actually encrypt? > If you wipe with /dev/zero, then the adversary could be correct for > half the bits assuming that they are equaly distributed! Er, right. How is that a problem? Say I buy a new disk full of zeros, it has likely around half the bits identical to your disk. The trick is I don't know which ones. Sure for each bit I have a 50% chance. But even guessing 64 in a row is 1/2^64 or so which makes it rather unlikely. Kinda reminds me of printing out all the ssn numbers and then saying I have you SS number in that list... I've violated your privacy... then again I don't know which one it is. Basically with todays drive technology what you write is what you get, the "track edges" are gone, there exists no practical way to reads the bits from previous reads. I just picked /dev/urandom becuase it's cheap, easy to compute, er, oops. Looks like it would be faster to write all zeros then all ones. At least the 2 faster machines I have access to only manage 7.5MB/sec, any disk from the last few years should manage 40-50MB/sec and if it's from the last year or so likely double that or more. So what would be faster and more protective (but not as much as a secure erase) could be any two patterns. 0 then 1, of if you prefer any byte then it's compliment. ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
On Thu, Sep 10, 2009 at 09:56:54AM -0700, Brian Lavender wrote: > On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote: > > > > Short answer, one wipe is enough (At least for NIST, and one of the British > > Infosec standards), wipes miss bad sectors, the ATA secure erase command is > > worth checking out. > [snip] > I think caching is a concern on some systems, so more wipes seems to > magically make the write go to the actual media. But I would agree with > one wipe is probably enough. I had not thought about bad blocks. > > > > > So if you don't use secure wipe and won't lose sleep at night over a few bad > > blocks being potentially recovered I'd recommend something like: > > > > dd if=/dev/urandom of=/dev/sd > > Your computer must have a lot of entropy! Note that that device gathers > entropy from the system. When an event happens, it may be worth one or > two bits. Last time I wrote a program that read from that device, it > seemed that I got a number of bytes, and then I had to wait as various > events occured to the system. That is why they often tell you to move the > mouse around when generating keys. It generates entropy for the system. /dev/random, blocks waiting for entropy. /dev/urandom doesn't wait for entropy. It uses entropy if it's avalable, and switches to a PRNG if there isn't enough entropy. I think it's similar to what you suggest doing with AES. --Ken -- Chanoch (Ken) Bloom. PhD candidate. Linguistic Cognition Laboratory. Department of Computer Science. Illinois Institute of Technology. http://www.iit.edu/~kbloom1/ ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote: > > Short answer, one wipe is enough (At least for NIST, and one of the British > Infosec standards), wipes miss bad sectors, the ATA secure erase command is > worth checking out. [snip] I think caching is a concern on some systems, so more wipes seems to magically make the write go to the actual media. But I would agree with one wipe is probably enough. I had not thought about bad blocks. > > So if you don't use secure wipe and won't lose sleep at night over a few bad > blocks being potentially recovered I'd recommend something like: > > dd if=/dev/urandom of=/dev/sd Your computer must have a lot of entropy! Note that that device gathers entropy from the system. When an event happens, it may be worth one or two bits. Last time I wrote a program that read from that device, it seemed that I got a number of bytes, and then I had to wait as various events occured to the system. That is why they often tell you to move the mouse around when generating keys. It generates entropy for the system. You can feed that data from /dev/urandom into AES as the key, then use Cipher Block Chaining so that it looks more random. Essentially, you are using the /dev/urandom as the key to produce cipher text. I believe dban does this. If you wipe with /dev/zero, then the adversary could be correct for half the bits assuming that they are equaly distributed! brian -- Brian Lavender http://www.brie.com/brian/ ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
Short answer, one wipe is enough (At least for NIST, and one of the British Infosec standards), wipes miss bad sectors, the ATA secure erase command is worth checking out. I keep this one on file and update it occasionally. Explanation, references, justification and details to follow. Oh, I saw the recommendation for dban, I couldn't find any reference to erasing bad sectors, if so it likely doesn't work as well as anything that uses secure erase (like a free util or hdparm). == Basically the less you know about disks the more wipes one tends to recommend. Usually mentioning the ridiculous 35 wipes listed by Peter Gutmann. I can't explain it any better than Gutmann "some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques". As well as "A good scrubbing with random data will do about as well as can be expected". While true in 1996 (where storage densities were on the order of $0.40 per MB and 1.6GB was a big disk) it's much more true today where TB disks are under $100 and disks commonly sell for less then $0.10 per GB (a factor of 4000 cheaper and 1000 denser). DoD, US Navy, Airforce, British infosec, german info security, etc all recommend 3-4 wipes. Mostly because large organizations generate standards slowly, often taking years, and many of those standards where published long ago. That and for any engineering justification there's always a temptation to add another wipe or 2 just to be sure. Of course those in tin foil hats mention that the NSA doesn't allow wiping, thus they must be able to recover after N wipes. Instead I suggest that it's because normal user wipes don't wipe bad sectors, and that it's much easier to verify a drive is destroyed visually with 100% reliability then it is to tell if a drive has been securely wiped with 100% reliability. In practice there's a big difference between theory and practice ;-). NSA is all about practice. The problem with wipes is that they won't overwrite bad blocks which an attacker might be able to read. Do you care about this? If it's sector? 10? 100? 0.1% of a disk? If you do you can use ATA Secure wipe, there are utils/boot disks with it, NIST, DOD and others consider it better than a normal wipe or multi-wipe. Alas hdparm supports it, only experimentally. I'd suggest checking out: http://cmrr.ucsd.edu/people/Hughes/DataSanitizationTutorial.pdf http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml In general CMRR looks like one of the centers of such expertise, I'd listen to their recommendations. They are cited by NIST (which recommends one wipe). The PDF explains the myth of magnetic force microscope recovery. There are many other research publications that support this idea and debunk the recovering from a wipe via magnetic microscopy. So if you don't use secure wipe and won't lose sleep at night over a few bad blocks being potentially recovered I'd recommend something like: dd if=/dev/urandom of=/dev/sd Above use something like /dev/sdb, NOT /dev/sdb1. Swap could potentially contain confidential information. If you are ultra paranoid/bored, sure a second pass with either 1's, 0's , or the random would add additional protection in case the NSA or other well funded organization is going to dedicate a few expensive technicians, a hugely expensive microscope, and man months/years trying to recover your data. Alternatively you could bulk erase, but verify the data is unreadable, I have heard of commercial units not actually working. Especially for multiple platter disks. Everywhere I looked seemed to be saying this is a cat and mouse game that the bulk erasers are losing. The above PDF I believe mentions that with the current or next generation recordings nothing external to the drive short of a nuclear EMP blast will work. Or just destroy the disks something like vice, big hammer, big drill, gun, and fire seem to work just fine. Some places even sell specialized versions of the above for such purposes. NIST says: “Studies have shown that most of today’s media can be effectively cleared by one overwrite.” More details at: http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf For more info on the single wipe explanation: http://www.anti-forensics.com/disk-wiping-one-pass-is-enough This might be useful, it shows various standards: http://en.wikipedia.org/wiki/Data_erasure It mentions: According to the Center for Magnetic Recording Research, "Secure erase does a single on-track erasure of the data on the disk drive. The U.S. National Security Agency published an Information Assurance Approval of single pass overwrite, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure."[5] "Secure erase" is a function built into modern ATA har
Re: [vox-tech] Most efficient way to wipe hard drives
http://16systems.com/zero This page used to have a $500 challenge to anyone who could recover data after a dd if=/dev/zero of=/dev/sda Maybe someone met the challenge? :P -- Scott ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
On Wed, Sep 09, 2009 at 11:12:49AM -0700, Brian Lavender wrote: > I have never used wipe, but it might do the trick. I am having a bit of > a problem finding the sources and the details for it. FWIW, I just used DBAN on a 1.5GHz Sempron with a pair of 7200rpm WDC drives. (One 120GB, the other 320GB). Took about 4hrs just to do a regular 'zeros' wipe. (Would've taken about 11 or 12 doing the default wipe, which is obviously more complicated and more secure.) > I would say that your best bet is Darik's Boot And Nuke. > http://www.dban.org/ And thanks to whoever first directed me to DBAN. -bill! ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
On Wed 09 Sep 09, 11:11 AM, Ted Deppner said: > use -q. 4 times instead of 34 (or -Q 1 depending on your desires). > > As was already said, dd works fine for this in most all cases. If you > really wanted security you'd destroy the HD with shaped charges or by > grinding to bits. The apparent "need" to actually wipe an entire HD > indicates a poorly designed security process(es) in the first place, > or gross paranoia. > > Look up "attack trees" by Schneier. If an group had thousands of > dollars to spend, they'd social engineer you or steal a laptop when > you were at lunch. If you really had data that valuable you'd already > have encrypted hard drives, no laptops, no thumb drives, metal > detectors, physical security, and grind up your equipment when it was > end-of-lifed. Oh, and "no cost" wouldn't be an issue. > > That said, I do wipe my hard drives, but a -q. Nothing will stop a > determined attacker, or a government, but a wipe will keep prying eyes > from prying. > > >> The requirements: > >> * No cost and is usable in a business > >> * Securely erase so well that no proprietary information can be > >> recovered, by say an experienced attacker with thousands of dollars to > >> spend on equipment > >> * Require a minimum of interaction (to free technicians to work on other > >> tasks) I was just going to write a similar thing. Writing a bunch of zeros with dd is fine if you want to avoid prying eyes of casual observers. The problem is when someone with nearly limitless resources wants your data. The problem is that writing *uniform* data won't stop a person with nearly limitless resources from recovering data. I would imagine that they would have specialized hardware to look at ... I'm not sure what to call it ... "residual hysteresis". Basically, overwriting your data will realign most, but not all, magnetic dipoles on the platter. Picking off what used to be represented at a location would be a problem similar to picking off a background hum on a music recording. If you know what to look for, filtering becomes a whole lot easier. It would be a not-so-difficult application of harmonic analysis. Unless you want to protect yourself from Russian spies, zeroing out with dd is fine. However, using wipe will give you extra protection at no cost, so why not use it? aptitude install wipe If dd (or even wipe) is not secure enough, then I agree with Ted about an ipsofacto poorly designed security process or paranoia. Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
use -q. 4 times instead of 34 (or -Q 1 depending on your desires). As was already said, dd works fine for this in most all cases. If you really wanted security you'd destroy the HD with shaped charges or by grinding to bits. The apparent "need" to actually wipe an entire HD indicates a poorly designed security process(es) in the first place, or gross paranoia. Look up "attack trees" by Schneier. If an group had thousands of dollars to spend, they'd social engineer you or steal a laptop when you were at lunch. If you really had data that valuable you'd already have encrypted hard drives, no laptops, no thumb drives, metal detectors, physical security, and grind up your equipment when it was end-of-lifed. Oh, and "no cost" wouldn't be an issue. That said, I do wipe my hard drives, but a -q. Nothing will stop a determined attacker, or a government, but a wipe will keep prying eyes from prying. >> The requirements: >> * No cost and is usable in a business >> * Securely erase so well that no proprietary information can be >> recovered, by say an experienced attacker with thousands of dollars to >> spend on equipment >> * Require a minimum of interaction (to free technicians to work on other >> tasks) ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
On Wed, Sep 09, 2009 at 10:26:52AM -0700, Tim Riley wrote: > On Wed, 2009-09-09 at 10:07 -0700, Darth Borehd wrote: > > This is what I've been doing lately. I boot with a Fedora 10 live CD. > > Then I mount the hard drive and run > > > > wipe -cifkr /dev/sda1 I have never used wipe, but it might do the trick. I am having a bit of a problem finding the sources and the details for it. > > Try something like "dd if=/dev/zero of=/dev/sda1 bs=1" I would not be absolutely certain on this one. The drive itsself might do something to signal that the blocks are zero without fully writing the zeros. Or, the data might still be available due to hysteresis effects. > > > > > Then just for good measure, I repartition and reformat over it. > > With dd, you have confidence the drive will be all zeros. > > > > > It seems to pretty much shred the files but it takes hours. Anybody > > have a faster and more efficient method? > > I have no idea the speed. But the process is just writing > zeros and doing nothing else. Good way to clean a disk. /dev/urandom -> AES -> several passes. It's all done for you here. I would say that your best bet is Darik's Boot And Nuke. http://www.dban.org/ It performs several passes and writes random data to the drive. I will have to take a look at wipe -- Brian Lavender http://www.brie.com/brian/ ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Most efficient way to wipe hard drives
On Wed, 2009-09-09 at 10:07 -0700, Darth Borehd wrote: > This is what I've been doing lately. I boot with a Fedora 10 live CD. > Then I mount the hard drive and run > > wipe -cifkr /dev/sda1 Try something like "dd if=/dev/zero of=/dev/sda1 bs=1" > > Then just for good measure, I repartition and reformat over it. With dd, you have confidence the drive will be all zeros. > > It seems to pretty much shred the files but it takes hours. Anybody > have a faster and more efficient method? I have no idea the speed. But the process is just writing zeros and doing nothing else. > > The requirements: > * No cost and is usable in a business > * Securely erase so well that no proprietary information can be > recovered, by say an experienced attacker with thousands of dollars to > spend on equipment > * Require a minimum of interaction (to free technicians to work on other > tasks) > ___ > vox-tech mailing list > vox-tech@lists.lugod.org > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech