From: Rich Freeman <rich0@gentoo.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Securely deletion of an HDD
Date: Sun, 12 Jul 2015 15:14:07 -0400 [thread overview]
Message-ID: <CAGfcS_=e36ETnN3qEs7G3YbYvj7uLPuUnpDe0Cawo8wCE4-oiQ@mail.gmail.com> (raw)
In-Reply-To: <55A296A7.5070301@googlemail.com>
On Sun, Jul 12, 2015 at 12:32 PM, Volker Armin Hemmann
<volkerarmin@googlemail.com> wrote:
>
> actually 1 time is enough. With zeros. Or ones. Does not matter at all.
>
That depends on your threat model.
If you're concerned about somebody reading the contents of the drive
using the standard ATA commands, then once with zeros is just fine.
Secure erase is probably easier/faster.
If you're concerned about somebody removing the disks from the drive
and reading them with specialized equipment then you really want
multiple rounds of complete overwrites with random data. Even then
you run the risk of relocation blocks and all that stuff, so the
secure erase at the end is still a wise move but it may or may not
completely do the job.
If you're concerned about somebody leaving the disks in the drive but
having access to directly manipulate the drive heads to possibly
access data not accessible using the standard ATA commands then one
pass is probably good enough, but I'd still use random data instead of
zeros. The reason is that a clever firmware (especially on an SSD)
might not actually record zeros to the regular disk space, but instead
just mark the block range as containing zeros, leaving the actual data
intact. For random data the drive has to actually store the contents
as it cannot be represented in any more concise way.
If I'm not in a rush I prefer to just do the multiple passes. Why
take a chance?
And of course full-disk encryption is the solution to all of the
above, as it defeats any kind of attack at the level of the drive and
is proactive in nature.
--
Rich
next prev parent reply other threads:[~2015-07-12 19:14 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-12 12:35 [gentoo-user] Securely deletion of an HDD Marc Joliet
2015-07-12 12:48 ` Rich Freeman
2015-07-12 14:39 ` Marc Joliet
2015-07-12 19:21 ` Rich Freeman
2015-07-12 19:42 ` Neil Bothwick
2015-07-13 15:03 ` [gentoo-user] " Grant Edwards
2015-07-13 17:20 ` Marc Joliet
2015-07-12 13:00 ` [gentoo-user] " Mick
2015-07-12 13:22 ` Francisco Ares
2015-07-12 16:32 ` Volker Armin Hemmann
2015-07-12 19:14 ` Rich Freeman [this message]
2015-07-12 20:43 ` Volker Armin Hemmann
2015-07-12 21:10 ` Rich Freeman
2015-07-12 21:20 ` Volker Armin Hemmann
2015-07-12 21:30 ` Rich Freeman
2015-07-13 8:05 ` Volker Armin Hemmann
2015-07-13 11:03 ` Rich Freeman
2015-07-12 22:22 ` R0b0t1
2015-07-13 0:18 ` Rich Freeman
2015-07-13 1:50 ` Thomas Mueller
2015-07-13 8:09 ` Volker Armin Hemmann
2015-07-13 10:58 ` Marc Joliet
2015-07-14 22:21 ` R0b0t1
2015-07-15 12:29 ` Rich Freeman
2015-07-13 10:54 ` Marc Joliet
2015-07-13 11:04 ` Marc Joliet
2015-07-13 9:53 ` Joerg Schilling
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGfcS_=e36ETnN3qEs7G3YbYvj7uLPuUnpDe0Cawo8wCE4-oiQ@mail.gmail.com' \
--to=rich0@gentoo.org \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox