(Thanks to everyone for the replies so far!) Am Sun, 12 Jul 2015 08:48:48 -0400 schrieb Rich Freeman : > On Sun, Jul 12, 2015 at 8:35 AM, Marc Joliet wrote: > > > > My question is how precisely the disks should be cleared. From various sources > > I know that overwriting them with random data a few times is enough to render > > old versions of data unreadable. I'm guessing 3 times ought to be enough, but > > maybe even that small amount is overly paranoid these days? > > > > As to the actual command, I would suspect something like "dd if=/dev/urandom > > of=/dev/sdx bs=4096" should suffice, and according to > > https://wiki.archlinux.org/index.php/Random_number_generation#.2Fdev.2Furandom, > > /dev/urandom ought to be random enough for this task. Or are cat/cp that much > > faster? > > I'd probably just use a tool like shred/wipe, but you have the general idea. Ah, I overlooked that shred can operate on device files! Thanks. I especially trust shred, since my main source was an article by its author (https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html). With regards to the other replies: I think physical destruction is unnecessary, and I don't really want to go through the trouble. The key bit in the above article is: "[...]. If these drives require sophisticated signal processing just to read the most recently written data, reading overwritten layers is also correspondingly more difficult. A good scrubbing with random data will do about as well as can be expected." And this was in 1996! Drives have only gotten denser since then (e.g., perpendicular recording), and the epilogues (which reiterate the above) suggest that nothing has changed to make old data more recoverable. I noticed that the info manual to shred even says: "On modern disks, a single pass should be adequate, and it will take one third the time of the default three-pass approach." The Arch wiki also arrives at the same conclusion (see https://wiki.archlinux.org/index.php/Securely_wipe_disk#Residual_magnetism), and provides some additional references. > I'd probably follow it up with an ATA secure erase - for an SSD it is > probably the only way to be sure (well, to the extent that you trust > the firmware authors). Yeah, that sounds like a good idea. In the case of HDDs, even if I can't trust the firmware, I've already wiped what I can. With regards to SSDs, I've been meaning to read http://www.cypherpunks.to/~peter/usenix01.pdf. So my intermediate summary is: I'll probably use shred with one pass, followed by ATA (Enhanced) Secure Erase to erase the reallocated sectors (though I'll have to fiddle with my BIOS to do that). I'll be sure to read https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase first. > If it weren't painful to set up and complicated for rescue attempts, > I'd just use full-disk encryption with a strong key on a flash drive > or similar. Then the disk is as good as wiped if separated from the > key already. Plus you don't have to worry about reallocated sectors (which might only contain single bit errors). Currently I'm planning on waiting for btrfs to support it. Chris Mason recently mentioned that it's definitely something they want to look at (https://youtu.be/W3QRWUfBua8?t=631), and it's not something that is so important to me personally that I have to have it right this instant. -- Marc Joliet -- "People who think they know everything really annoy those of us who know we don't" - Bjarne Stroustrup