[clue] secure erase techniques?

Torren Beitler torren.beitler at gmail.com
Wed Jun 1 11:16:44 MDT 2011 

dod 5220.22 is only how I wipe drives.

On Wed, Jun 1, 2011 at 12:06 PM, David L. Willson <DLWillson at thegeek.nu>wrote:

> Chris is right. Unless you have a week to spend on this, you'll do well to
> restart with /dev/zero and dd.
>
> Also note that you ~can~ get dd to output progress! If you can send the
> process a USR1 signal (or a SIGUSR1) and it will output it's current
> progress. That can be pretty handy for estimating the completion time. How
> to get the signal there? Here's an example:
>
> dlwillson at dlwillson-laptop:~$ dd if=/dev/zero of=/dev/null bs=8M &
> [1] 6276
> dlwillson at dlwillson-laptop:~$ killall -SIGUSR1 dd
> dlwillson at dlwillson-laptop:~$ 1785+1 records in
> 1785+0 records out
> 14973665280 bytes (15 GB) copied, 6.81347 s, 2.2 GB/s
>
> Also, you can (or could have) saved a ~bunch~ of time by just clearing the
> first several meg of each partition (and optionally, the disk). Unless
> you're very interesting, to an extremely smart, wealthy, or lucky person,
> over-writing file data is over-kill. Destroying the filesystem and partition
> meta-data is more than enough to stop five-nines of people. Curiosity and
> spare time are not enough.
>
> I'll be happy to build up a reasonable "stump the geek" challenge for
> anyone that thinks I'm wrong on this.
> (And I'll be happy to learn something that could save my bacon someday, if
> I am.)
>
> ----- Original Message -----
> > From: "chris fedde" <chris at fedde.us>
> > To: "CLUE's mailing list" <clue at cluedenver.org>
> > Sent: Wednesday, June 1, 2011 10:26:28 AM
> > Subject: Re: [clue] secure erase techniques?
> >
> > It might be a good idea to switch to /dev/zero.  It is much faster
> > than /dev/random
> > You need to wait for it to finish to overwrite the whole disk.  As a
> > least upper bound on the run time take the disk size and divide by
> > the
> > advertised transfer rate of the interface.  300Gbyte = 300*1024^3,
> > 3Mbyte/sec ideal SATA speed = 3*1024^2
> >
> > using bc -l
> >
> > (300*1024^3)/(3*1024^2)
> > 102400.00000000000000000000
> > ./3600
> > 28.44444444444444444444
> >
> > about 29 hours if you really get full bandwidth from your sata port.
> > Chances are that's a gross under estimate.
> >
> > Here is a quick device timing test:
> >
> > [cfedde at home]$ dd if=/dev/urandom of=/dev/null bs=4096 count=1000
> > 1000+0 records in
> > 1000+0 records out
> > 4096000 bytes (4.1 MB) copied, 0.532551 seconds, 7.7 MB/s
> >
> > [cfedde at home]$ dd if=/dev/zero of=/dev/null bs=4096 count=1000
> > 1000+0 records in
> > 1000+0 records out
> > 4096000 bytes (4.1 MB) copied, 0.001732 seconds, 2.4 GB/s
> >
> > /dev/zero is much faster than /dev/urandom
> >
> > On Wed, Jun 1, 2011 at 9:07 AM, Mike Bean <beandaemon at gmail.com>
> > wrote:
> > > No harm, no foul, it's not a particularly fast Celeron, so I don't
> > > mind
> > > letting it run long, I just wasn't sure what to expect.
> > >
> > > On Wed, Jun 1, 2011 at 8:15 AM, Will <will.sterling at gmail.com>
> > > wrote:
> > >>
> > >> I should have recommended /dev/zero instead of /dev/urandom.  For
> > >> your
> > >> purposes it would have been just as good and faster.
> > >>
> > >> On Wed, Jun 1, 2011 at 8:02 AM, Will <will.sterling at gmail.com>
> > >> wrote:
> > >>>
> > >>> It should eventually quit on its own.  The amount of time it will
> > >>> take is
> > >>> dependent on how fast your CPU can generate random numbers and
> > >>> how large the
> > >>> partition is.
> > >>>
> > >>> On Wed, Jun 1, 2011 at 5:09 AM, Mike Bean <beandaemon at gmail.com>
> > >>> wrote:
> > >>>>
> > >>>> How long would I need to leave this running?   cat /dev/urandom
> > >>>> >
> > >>>> /dev/sda1 's been going for long about 10 hours now.  Is this
> > >>>> something that
> > >>>> I'll need to abort or does it terminate on its own?
> > >>>>
> > >>>> On Tue, May 31, 2011 at 9:04 AM, chris fedde <chris at fedde.us>
> > >>>> wrote:
> > >>>>>
> > >>>>> Raymond,
> > >>>>>
> > >>>>> What does the magic block size do?
> > >>>>>
> > >>>>>
> > >>>>> I'd go with two passes of "cat /dev/urandom > /dev/sdX" as
> > >>>>> root.
> > >>>>>
> > >>>>> On Tue, May 31, 2011 at 8:51 AM, Raymond DeRoo
> > >>>>> <rderoo at deroo.net>
> > >>>>> wrote:
> > >>>>> > Mike--
> > >>>>> >
> > >>>>> > In short, I'm giving one of my older PC's to a friend's
> > >>>>> > friend.  One
> > >>>>> > of
> > >>>>> > those, I don't need it, things.  In any case, in terms of
> > >>>>> > secure
> > >>>>> > destruction
> > >>>>> > of drives, my father's always taught me to disassemble the
> > >>>>> > drives and
> > >>>>> > throw
> > >>>>> > the heads and the platter out separately.  Can't do it here,
> > >>>>> > they
> > >>>>> > need the
> > >>>>> > drives, so I thought I'd ask for advice in case we have
> > >>>>> > members who
> > >>>>> > might
> > >>>>> > know a thing or two about this sort of thing.  I figured I'd
> > >>>>> > probably
> > >>>>> > just
> > >>>>> > boot it to a live CD and nuke the partitions, and that's
> > >>>>> > probably
> > >>>>> > enough,
> > >>>>> > after all, I don't need like a military-grade erase, but I'll
> > >>>>> > settle
> > >>>>> > for
> > >>>>> > making it @#$@#$@$ hard to recover.  Any suggestions are
> > >>>>> > welcome.
> > >>>>> >
> > >>>>> >
> > >>>>> > # dd if=/dev/urandom of=/dev/sda bs=387 count=<size of disk
> > >>>>> > in bites>
> > >>>>> > / 383
> > >>>>> > Recover from this *IS* still possible, but generally requires
> > >>>>> > someone
> > >>>>> > who is
> > >>>>> > *VERY* knowledge about drives to do as such.
> > >>>>> > .r
> > >>>>> > _______________________________________________
> > >>>>> > clue mailing list
> > >>>>> > clue at cluedenver.org
> > >>>>> > http://cluedenver.org/mailman/listinfo/clue
> > >>>>> >
> > >>>>> _______________________________________________
> > >>>>> clue mailing list
> > >>>>> clue at cluedenver.org
> > >>>>> http://cluedenver.org/mailman/listinfo/clue
> > >>>>
> > >>>>
> > >>>> _______________________________________________
> > >>>> clue mailing list
> > >>>> clue at cluedenver.org
> > >>>> http://cluedenver.org/mailman/listinfo/clue
> > >>>
> > >>
> > >>
> > >> _______________________________________________
> > >> clue mailing list
> > >> clue at cluedenver.org
> > >> http://cluedenver.org/mailman/listinfo/clue
> > >
> > >
> > > _______________________________________________
> > > clue mailing list
> > > clue at cluedenver.org
> > > http://cluedenver.org/mailman/listinfo/clue
> > >
> > _______________________________________________
> > clue mailing list
> > clue at cluedenver.org
> > http://cluedenver.org/mailman/listinfo/clue
> >
> _______________________________________________
> clue mailing list
> clue at cluedenver.org
> http://cluedenver.org/mailman/listinfo/clue
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20110601/bcc1319c/attachment.html

More information about the clue mailing list