[clue] secure erase techniques?

Wed Jun 1 11:06:34 MDT 2011

Chris is right. Unless you have a week to spend on this, you'll do well to restart with /dev/zero and dd.

Also note that you ~can~ get dd to output progress! If you can send the process a USR1 signal (or a SIGUSR1) and it will output it's current progress. That can be pretty handy for estimating the completion time. How to get the signal there? Here's an example:

dlwillson at dlwillson-laptop:~$ dd if=/dev/zero of=/dev/null bs=8M &
[1] 6276
dlwillson at dlwillson-laptop:~$ killall -SIGUSR1 dd
dlwillson at dlwillson-laptop:~$ 1785+1 records in
1785+0 records out
14973665280 bytes (15 GB) copied, 6.81347 s, 2.2 GB/s

Also, you can (or could have) saved a ~bunch~ of time by just clearing the first several meg of each partition (and optionally, the disk). Unless you're very interesting, to an extremely smart, wealthy, or lucky person, over-writing file data is over-kill. Destroying the filesystem and partition meta-data is more than enough to stop five-nines of people. Curiosity and spare time are not enough.

I'll be happy to build up a reasonable "stump the geek" challenge for anyone that thinks I'm wrong on this.
(And I'll be happy to learn something that could save my bacon someday, if I am.)

----- Original Message -----
> From: "chris fedde" <chris at fedde.us>
> To: "CLUE's mailing list" <clue at cluedenver.org>
> Sent: Wednesday, June 1, 2011 10:26:28 AM
> Subject: Re: [clue] secure erase techniques?
> 
> It might be a good idea to switch to /dev/zero.  It is much faster
> than /dev/random
> You need to wait for it to finish to overwrite the whole disk.  As a
> least upper bound on the run time take the disk size and divide by
> the
> advertised transfer rate of the interface.  300Gbyte = 300*1024^3,
> 3Mbyte/sec ideal SATA speed = 3*1024^2
> 
> using bc -l
> 
> (300*1024^3)/(3*1024^2)
> 102400.00000000000000000000
> ./3600
> 28.44444444444444444444
> 
> about 29 hours if you really get full bandwidth from your sata port.
> Chances are that's a gross under estimate.
> 
> Here is a quick device timing test:
> 
> [cfedde at home]$ dd if=/dev/urandom of=/dev/null bs=4096 count=1000
> 1000+0 records in
> 1000+0 records out
> 4096000 bytes (4.1 MB) copied, 0.532551 seconds, 7.7 MB/s
> 
> [cfedde at home]$ dd if=/dev/zero of=/dev/null bs=4096 count=1000
> 1000+0 records in
> 1000+0 records out
> 4096000 bytes (4.1 MB) copied, 0.001732 seconds, 2.4 GB/s
> 
> /dev/zero is much faster than /dev/urandom
> 
> On Wed, Jun 1, 2011 at 9:07 AM, Mike Bean <beandaemon at gmail.com>
> wrote:
> > No harm, no foul, it's not a particularly fast Celeron, so I don't
> > mind
> > letting it run long, I just wasn't sure what to expect.
> >
> > On Wed, Jun 1, 2011 at 8:15 AM, Will <will.sterling at gmail.com>
> > wrote:
> >>
> >> I should have recommended /dev/zero instead of /dev/urandom.  For
> >> your
> >> purposes it would have been just as good and faster.
> >>
> >> On Wed, Jun 1, 2011 at 8:02 AM, Will <will.sterling at gmail.com>
> >> wrote:
> >>>
> >>> It should eventually quit on its own.  The amount of time it will
> >>> take is
> >>> dependent on how fast your CPU can generate random numbers and
> >>> how large the
> >>> partition is.
> >>>
> >>> On Wed, Jun 1, 2011 at 5:09 AM, Mike Bean <beandaemon at gmail.com>
> >>> wrote:
> >>>>
> >>>> How long would I need to leave this running?   cat /dev/urandom
> >>>> >
> >>>> /dev/sda1 's been going for long about 10 hours now.  Is this
> >>>> something that
> >>>> I'll need to abort or does it terminate on its own?
> >>>>
> >>>> On Tue, May 31, 2011 at 9:04 AM, chris fedde <chris at fedde.us>
> >>>> wrote:
> >>>>>
> >>>>> Raymond,
> >>>>>
> >>>>> What does the magic block size do?
> >>>>>
> >>>>>
> >>>>> I'd go with two passes of "cat /dev/urandom > /dev/sdX" as
> >>>>> root.
> >>>>>
> >>>>> On Tue, May 31, 2011 at 8:51 AM, Raymond DeRoo
> >>>>> <rderoo at deroo.net>
> >>>>> wrote:
> >>>>> > Mike--
> >>>>> >
> >>>>> > In short, I'm giving one of my older PC's to a friend's
> >>>>> > friend.  One
> >>>>> > of
> >>>>> > those, I don't need it, things.  In any case, in terms of
> >>>>> > secure
> >>>>> > destruction
> >>>>> > of drives, my father's always taught me to disassemble the
> >>>>> > drives and
> >>>>> > throw
> >>>>> > the heads and the platter out separately.  Can't do it here,
> >>>>> > they
> >>>>> > need the
> >>>>> > drives, so I thought I'd ask for advice in case we have
> >>>>> > members who
> >>>>> > might
> >>>>> > know a thing or two about this sort of thing.  I figured I'd
> >>>>> > probably
> >>>>> > just
> >>>>> > boot it to a live CD and nuke the partitions, and that's
> >>>>> > probably
> >>>>> > enough,
> >>>>> > after all, I don't need like a military-grade erase, but I'll
> >>>>> > settle
> >>>>> > for
> >>>>> > making it @#$@#$@$ hard to recover.  Any suggestions are
> >>>>> > welcome.
> >>>>> >
> >>>>> >
> >>>>> > # dd if=/dev/urandom of=/dev/sda bs=387 count=<size of disk
> >>>>> > in bites>
> >>>>> > / 383
> >>>>> > Recover from this *IS* still possible, but generally requires
> >>>>> > someone
> >>>>> > who is
> >>>>> > *VERY* knowledge about drives to do as such.
> >>>>> > .r
> >>>>> > _______________________________________________
> >>>>> > clue mailing list
> >>>>> > clue at cluedenver.org
> >>>>> > http://cluedenver.org/mailman/listinfo/clue
> >>>>> >
> >>>>> _______________________________________________
> >>>>> clue mailing list
> >>>>> clue at cluedenver.org
> >>>>> http://cluedenver.org/mailman/listinfo/clue
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> clue mailing list
> >>>> clue at cluedenver.org
> >>>> http://cluedenver.org/mailman/listinfo/clue
> >>>
> >>
> >>
> >> _______________________________________________
> >> clue mailing list
> >> clue at cluedenver.org
> >> http://cluedenver.org/mailman/listinfo/clue
> >
> >
> > _______________________________________________
> > clue mailing list
> > clue at cluedenver.org
> > http://cluedenver.org/mailman/listinfo/clue
> >
> _______________________________________________
> clue mailing list
> clue at cluedenver.org
> http://cluedenver.org/mailman/listinfo/clue
> 