Re: [gentoo-user] Securely deletion of an HDD

[Marc Joliet <marcec@gmx.de>]

[-- Attachment #1: Type: text/plain, Size: 3595 bytes --]

(Thanks to everyone for the replies so far!)

Am Sun, 12 Jul 2015 08:48:48 -0400
schrieb Rich Freeman <rich0@gentoo.org>:

> On Sun, Jul 12, 2015 at 8:35 AM, Marc Joliet <marcec@gmx.de> wrote:
> >
> > My question is how precisely the disks should be cleared.  From various sources
> > I know that overwriting them with random data a few times is enough to render
> > old versions of data unreadable.  I'm guessing 3 times ought to be enough, but
> > maybe even that small amount is overly paranoid these days?
> >
> > As to the actual command, I would suspect something like "dd if=/dev/urandom
> > of=/dev/sdx bs=4096" should suffice, and according to
> > https://wiki.archlinux.org/index.php/Random_number_generation#.2Fdev.2Furandom,
> > /dev/urandom ought to be random enough for this task.  Or are cat/cp that much
> > faster?
> 
> I'd probably just use a tool like shred/wipe, but you have the general idea.

Ah, I overlooked that shred can operate on device files!  Thanks.  I especially
trust shred, since my main source was an article by its author
(https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html).

With regards to the other replies: I think physical destruction is unnecessary,
and I don't really want to go through the trouble.  The key bit in the above
article is:

"[...]. If these drives require sophisticated signal processing just to read
the most recently written data, reading overwritten layers is also
correspondingly more difficult. A good scrubbing with random data will do about
as well as can be expected."

And this was in 1996!  Drives have only gotten denser since then (e.g.,
perpendicular recording), and the epilogues (which reiterate the above) suggest
that nothing has changed to make old data more recoverable.  I noticed that the
info manual to shred even says:

"On modern disks, a single pass should be adequate, and it will take one third
the time of the default three-pass approach."

The Arch wiki also arrives at the same conclusion (see
https://wiki.archlinux.org/index.php/Securely_wipe_disk#Residual_magnetism),
and provides some additional references.

> I'd probably follow it up with an ATA secure erase - for an SSD it is
> probably the only way to be sure (well, to the extent that you trust
> the firmware authors).

Yeah, that sounds like a good idea.  In the case of HDDs, even if I can't trust
the firmware, I've already wiped what I can.  With regards to SSDs, I've been
meaning to read http://www.cypherpunks.to/~peter/usenix01.pdf.

So my intermediate summary is:  I'll probably use shred with one pass, followed
by ATA (Enhanced) Secure Erase to erase the reallocated sectors (though I'll
have to fiddle with my BIOS to do that). I'll be sure to read
https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase first.

> If it weren't painful to set up and complicated for rescue attempts,
> I'd just use full-disk encryption with a strong key on a flash drive
> or similar.  Then the disk is as good as wiped if separated from the
> key already.

Plus you don't have to worry about reallocated sectors (which might only
contain single bit errors). Currently I'm planning on waiting for btrfs to
support it. Chris Mason recently mentioned that it's definitely something they
want to look at (https://youtu.be/W3QRWUfBua8?t=631), and it's not something
that is so important to me personally that I have to have it right this instant.

-- 
Marc Joliet
--
"People who think they know everything really annoy those of us who know we
don't" - Bjarne Stroustrup

[-- Attachment #2: Digitale Signatur von OpenPGP --]
[-- Type: application/pgp-signature, Size: 819 bytes --]