On Wed 09 Sep 09, 11:11 AM, Ted Deppner <[email protected]> said: > use -q. 4 times instead of 34 (or -Q 1 depending on your desires). > > As was already said, dd works fine for this in most all cases. If you > really wanted security you'd destroy the HD with shaped charges or by > grinding to bits. The apparent "need" to actually wipe an entire HD > indicates a poorly designed security process(es) in the first place, > or gross paranoia. > > Look up "attack trees" by Schneier. If an group had thousands of > dollars to spend, they'd social engineer you or steal a laptop when > you were at lunch. If you really had data that valuable you'd already > have encrypted hard drives, no laptops, no thumb drives, metal > detectors, physical security, and grind up your equipment when it was > end-of-lifed. Oh, and "no cost" wouldn't be an issue. > > That said, I do wipe my hard drives, but a -q. Nothing will stop a > determined attacker, or a government, but a wipe will keep prying eyes > from prying. > > >> The requirements: > >> * No cost and is usable in a business > >> * Securely erase so well that no proprietary information can be > >> recovered, by say an experienced attacker with thousands of dollars to > >> spend on equipment > >> * Require a minimum of interaction (to free technicians to work on other > >> tasks)
I was just going to write a similar thing. Writing a bunch of zeros with dd is fine if you want to avoid prying eyes of casual observers. The problem is when someone with nearly limitless resources wants your data. The problem is that writing *uniform* data won't stop a person with nearly limitless resources from recovering data. I would imagine that they would have specialized hardware to look at ... I'm not sure what to call it ... "residual hysteresis". Basically, overwriting your data will realign most, but not all, magnetic dipoles on the platter. Picking off what used to be represented at a location would be a problem similar to picking off a background hum on a music recording. If you know what to look for, filtering becomes a whole lot easier. It would be a not-so-difficult application of harmonic analysis. Unless you want to protect yourself from Russian spies, zeroing out with dd is fine. However, using wipe will give you extra protection at no cost, so why not use it? aptitude install wipe If dd (or even wipe) is not secure enough, then I agree with Ted about an ipsofacto poorly designed security process or paranoia. Pete _______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
