l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2009 Sep 09 21:21

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Most efficient way to wipe hard drives
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Most efficient way to wipe hard drives



On Wed 09 Sep 09, 11:11 AM, Ted Deppner <ted@psyber.com> said:
> use -q.  4 times instead of 34 (or -Q 1 depending on your desires).
> 
> As was already said, dd works fine for this in most all cases.  If you
> really wanted security you'd destroy the HD with shaped charges or by
> grinding to bits.  The apparent "need" to actually wipe an entire HD
> indicates a poorly designed security process(es) in the first place,
> or gross paranoia.
> 
> Look up "attack trees" by Schneier.  If an group had thousands of
> dollars to spend, they'd social engineer you or steal a laptop when
> you were at lunch.  If you really had data that valuable you'd already
> have encrypted hard drives, no laptops, no thumb drives, metal
> detectors, physical security, and grind up your equipment when it was
> end-of-lifed.  Oh, and "no cost" wouldn't be an issue.
> 
> That said, I do wipe my hard drives, but a -q.  Nothing will stop a
> determined attacker, or a government, but a wipe will keep prying eyes
> from prying.
> 
> >> The requirements:
> >> * No cost and is usable in a business
> >> * Securely erase so well that no proprietary information can be
> >> recovered, by say an experienced attacker with thousands of dollars to
> >> spend on equipment
> >> * Require a minimum of interaction (to free technicians to work on other tasks)



I was just going to write a similar thing.

Writing a bunch of zeros with dd is fine if you want to avoid prying eyes of
casual observers.  The problem is when someone with nearly limitless
resources wants your data.

The problem is that writing *uniform* data won't stop a person with nearly
limitless resources from recovering data.  I would imagine that they would
have specialized hardware to look at ... I'm not sure what to call it ...
"residual hysteresis".  Basically, overwriting your data will realign most,
but not all, magnetic dipoles on the platter.  Picking off what used to be
represented at a location would be a problem similar to picking off a
background hum on a music recording.  If you know what to look for,
filtering becomes a whole lot easier.  It would be a not-so-difficult
application of harmonic analysis.

Unless you want to protect yourself from Russian spies, zeroing out with dd
is fine.  However, using wipe will give you extra protection at no cost, so
why not use it?

   aptitude install wipe

If dd (or even wipe) is not secure enough, then I agree with Ted about an
ipsofacto poorly designed security process or paranoia.

Pete
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.