[vox-tech] Most efficient way to wipe hard drives
Peter Jay Salzman
p at dirac.org
Wed Sep 9 11:41:54 PDT 2009
On Wed 09 Sep 09, 11:11 AM, Ted Deppner <ted at psyber.com> said:
> use -q. 4 times instead of 34 (or -Q 1 depending on your desires).
>
> As was already said, dd works fine for this in most all cases. If you
> really wanted security you'd destroy the HD with shaped charges or by
> grinding to bits. The apparent "need" to actually wipe an entire HD
> indicates a poorly designed security process(es) in the first place,
> or gross paranoia.
>
> Look up "attack trees" by Schneier. If an group had thousands of
> dollars to spend, they'd social engineer you or steal a laptop when
> you were at lunch. If you really had data that valuable you'd already
> have encrypted hard drives, no laptops, no thumb drives, metal
> detectors, physical security, and grind up your equipment when it was
> end-of-lifed. Oh, and "no cost" wouldn't be an issue.
>
> That said, I do wipe my hard drives, but a -q. Nothing will stop a
> determined attacker, or a government, but a wipe will keep prying eyes
> from prying.
>
> >> The requirements:
> >> * No cost and is usable in a business
> >> * Securely erase so well that no proprietary information can be
> >> recovered, by say an experienced attacker with thousands of dollars to
> >> spend on equipment
> >> * Require a minimum of interaction (to free technicians to work on other tasks)
I was just going to write a similar thing.
Writing a bunch of zeros with dd is fine if you want to avoid prying eyes of
casual observers. The problem is when someone with nearly limitless
resources wants your data.
The problem is that writing *uniform* data won't stop a person with nearly
limitless resources from recovering data. I would imagine that they would
have specialized hardware to look at ... I'm not sure what to call it ...
"residual hysteresis". Basically, overwriting your data will realign most,
but not all, magnetic dipoles on the platter. Picking off what used to be
represented at a location would be a problem similar to picking off a
background hum on a music recording. If you know what to look for,
filtering becomes a whole lot easier. It would be a not-so-difficult
application of harmonic analysis.
Unless you want to protect yourself from Russian spies, zeroing out with dd
is fine. However, using wipe will give you extra protection at no cost, so
why not use it?
aptitude install wipe
If dd (or even wipe) is not secure enough, then I agree with Ted about an
ipsofacto poorly designed security process or paranoia.
Pete
More information about the vox-tech
mailing list