List members, I'm running SUSE 9.2 Pro... can anyone recommend an app or technique for securely wiping the contents on an external usb hard drive with a single 120GB reiserfs partition? - unfortunately because of the case design - cracking the case and removing the drive so it can be connected directly to an IDE controller is not an option - fdisk'ing the drive, just wiping the partition table, reformating, etc. are not sufficient - I need an option that will make the drive's current contents reasonably unrecoverable - it's been suggested that I repeatedly do "dd i=/dev/urandom o=/dev/sda && dd i=/dev/zero o=/dev/sda" - and I will do this if necessary - but would rather not take the days that this is likely to take - it's also been suggested to use 'shred' - however, in the man pages for shred is says that because of the redundancies and protections built into the Reiser filesystem - that shed will not truely and securely wipe the files - there is a reasonable chance of recovery after shreddig files on Reiser Thanks, Eric Eric Baenen Program Manager - Scientific Network Environments General Dynamics - Advanced Information Systems Phone: 937-255-8180 FAX: 937-255-8845 2255 H Street (AFRL/HEC) Area B Bldg 248 Rm 108 Wright Patterson AFB, OH 45433
Eric, On Monday 25 April 2005 07:25, Baenen Eric P Contr AFRL/HEC wrote:
List members,
I'm running SUSE 9.2 Pro... can anyone recommend an app or technique for securely wiping the contents on an external usb hard drive with a single 120GB reiserfs partition?
...
- it's been suggested that I repeatedly do "dd i=/dev/urandom o=/dev/sda && dd i=/dev/zero o=/dev/sda" - and I will do this if necessary - but would rather not take the days that this is likely to take
If you want all the data on the disk eradicated, this will work. And unless you're data is so valuable that people are out there just waiting for the opportunity to apply extreme data recovery measures just to get some fragments of what used to be there, doing it once is sufficient. If the data really is that sensitive and that valuable, then do it twice. But more importantly, nothing is going to be faster than this, except perhaps degaussing the unit. Besides, it's not going to take days. It would probably be done by now if you'd started the "dd" command when you sent this mail.
...
Thanks,
Eric
Randall Schulz
On Mon April 25 2005 9:37 am, Randall R Schulz wrote:
Eric,
On Monday 25 April 2005 07:25, Baenen Eric P Contr AFRL/HEC wrote:
List members,
I'm running SUSE 9.2 Pro... can anyone recommend an app or technique for securely wiping the contents on an external usb hard drive with a single 120GB reiserfs partition?
...
- it's been suggested that I repeatedly do "dd i=/dev/urandom o=/dev/sda && dd i=/dev/zero o=/dev/sda" - and I will do this if necessary - but would rather not take the days that this is likely to take
If you want all the data on the disk eradicated, this will work. And unless you're data is so valuable that people are out there just waiting for the opportunity to apply extreme data recovery measures just to get some fragments of what used to be there, doing it once is sufficient. If the data really is that sensitive and that valuable, then do it twice.
But more importantly, nothing is going to be faster than this, except perhaps degaussing the unit. Besides, it's not going to take days. It would probably be done by now if you'd started the "dd" command when you sent this mail.
Another option is to run "wipe" which is probably similar to "shred". I'm pretty sure that you can wipe an entire file-system or disk (aka "wipe /dev/hda1". -Nick -- <<< Knock, knock, Neo. >>> /`-_ Nick LeRoy The Condor Project { }/ http://www.cs.wisc.edu/~nleroy http://www.cs.wisc.edu/condor \ / nick.leroy@linuxmail.org The University of Wisconsin |_*_| 608-265-5761 Department of Computer Sciences
Baenen Eric P Contr AFRL/HEC schrieb:
List members,
I'm running SUSE 9.2 Pro... can anyone recommend an app or technique for securely wiping the contents on an external usb hard drive with a single 120GB reiserfs partition?
- unfortunately because of the case design - cracking the case and removing the drive so it can be connected directly to an IDE controller is not an option
- fdisk'ing the drive, just wiping the partition table, reformating, etc. are not sufficient - I need an option that will make the drive's current contents reasonably unrecoverable
- it's been suggested that I repeatedly do "dd i=/dev/urandom o=/dev/sda && dd i=/dev/zero o=/dev/sda" - and I will do this if necessary - but would rather not take the days that this is likely to take
- it's also been suggested to use 'shred' - however, in the man pages for shred is says that because of the redundancies and protections built into the Reiser filesystem - that shed will not truely and securely wipe the files - there is a reasonable chance of recovery after shreddig files on Reiser
Thanks,
Eric
Hi, look for dcfldd. dcfldd is much faster than the "normal" dd. i.e. wiping a 300GB Harddisk will take round about 4,5 h of single pass wiping with dcfldd and about 6 h with the normal dd. Take dcfldd! Regards, Christian
Given that you work for the Military, I'd recommend that you have a talk to your local IT people about what they recommend. No doubt they'd have quite stringent rules and regulations for disposing of storage devices that held sensitive information. That's if you are using this drive to transfer information between work and home! In which case I'd hope it was all encrypted as well! However if it's just your own personal hard-drive (that's never held sensitive Air Force information) then running "dd i=/dev/urandom o=/dev/sda" a few times would probably do it. Having said that, I read once that hi-tech hardware data recovery devices can still retrieve "old" information from a hard-drive from its lingering magnetic imprint even AFTER its been wiped over with new data. But those devices are probably only routinely employed by foreign governments, competitors engaging in industrial esponiage and of course data retrievel specialists :)
-----Original Message----- From: Baenen Eric P Contr AFRL/HEC [mailto:Eric.Baenen@wpafb.af.mil] Sent: Tuesday, 26 April 2005 2:25 a.m. To: Suse-Security List (E-mail) Subject: [suse-security] Securely wiping external usb hard drive
List members,
I'm running SUSE 9.2 Pro... can anyone recommend an app or technique for securely wiping the contents on an external usb hard drive with a single 120GB reiserfs partition?
- unfortunately because of the case design - cracking the case and removing the drive so it can be connected directly to an IDE controller is not an option
- fdisk'ing the drive, just wiping the partition table, reformating, etc. are not sufficient - I need an option that will make the drive's current contents reasonably unrecoverable
- it's been suggested that I repeatedly do "dd i=/dev/urandom o=/dev/sda && dd i=/dev/zero o=/dev/sda" - and I will do this if necessary - but would rather not take the days that this is likely to take
- it's also been suggested to use 'shred' - however, in the man pages for shred is says that because of the redundancies and protections built into the Reiser filesystem - that shed will not truely and securely wipe the files - there is a reasonable chance of recovery after shreddig files on Reiser
Thanks,
Eric
Eric Baenen Program Manager - Scientific Network Environments General Dynamics - Advanced Information Systems
Phone: 937-255-8180 FAX: 937-255-8845 2255 H Street (AFRL/HEC) Area B Bldg 248 Rm 108 Wright Patterson AFB, OH 45433
Hi, On Monday 25 April 2005 23:35, Mike Tierney wrote:
Given that you work for the Military, I'd recommend that you have a talk to
I would be very surprised if any sensitive data would be on a removable media in a ready accessible form (not encrypted). If it is... how many are already missing? BB
Arjen, On Tuesday 26 April 2005 01:19, Arjen Runsink wrote:
Hi,
On Monday 25 April 2005 23:35, Mike Tierney wrote:
Given that you work for the Military, I'd recommend that you have a talk to
I would be very surprised if any sensitive data would be on a removable media in a ready accessible form (not encrypted).
Prepare to be surprised...
If it is... how many are already missing?
<http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2005/03/28/financial/f151143S80.DTL>
BB
Randall Schulz
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 by default dd uses 512 byte blocks. If you use just "plain" dd if= of= it will indeed take several hours. Try using more large blocks. eg: dd if=/dev/zero of=/dev/sda bs=4096k This should finish _a lot_ faster ;) Baenen Eric P Contr AFRL/HEC wrote:
List members,
I'm running SUSE 9.2 Pro... can anyone recommend an app or technique for securely wiping the contents on an external usb hard drive with a single 120GB reiserfs partition?
- unfortunately because of the case design - cracking the case and removing the drive so it can be connected directly to an IDE controller is not an option
- fdisk'ing the drive, just wiping the partition table, reformating, etc. are not sufficient - I need an option that will make the drive's current contents reasonably unrecoverable
- it's been suggested that I repeatedly do "dd i=/dev/urandom o=/dev/sda && dd i=/dev/zero o=/dev/sda" - and I will do this if necessary - but would rather not take the days that this is likely to take
- it's also been suggested to use 'shred' - however, in the man pages for shred is says that because of the redundancies and protections built into the Reiser filesystem - that shed will not truely and securely wipe the files - there is a reasonable chance of recovery after shreddig files on Reiser
Thanks,
Eric
Eric Baenen Program Manager - Scientific Network Environments General Dynamics - Advanced Information Systems
Phone: 937-255-8180 FAX: 937-255-8845 2255 H Street (AFRL/HEC) Area B Bldg 248 Rm 108 Wright Patterson AFB, OH 45433
- -- ========================================= inf. Manuel SUBREDU Network Engineer at RoEduNet Iasi Phone: +40 (232) 201007 +40 (742) 088067 Email: diablo@iasi.roedu.net website: http://manuel.iasi.roedu.net ========================================= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCbf23NrNZEFCIDAcRAuOJAJ94//dqWah6Tc3b0cIzRLkmCkVgMwCfX26A TjJBG1/Fh4MgBB1KpXr6lAE= =Kfi2 -----END PGP SIGNATURE-----
On Monday 25 April 2005 16:25, Baenen Eric P Contr AFRL/HEC wrote:
I'm running SUSE 9.2 Pro... can anyone recommend an app or technique for securely wiping the contents on an external usb hard drive with a single 120GB reiserfs partition?
Depending on what level of security you need, your only option may be to destroy the drive by throwing it into a running NMR scanner machine (not really, but exposing the drive to a strong rapidly changing magnetic field would probably make it sufficiently difficult to recover anything written to the drive). It may be a bit on the expensive side, though. I would expect data retention policies for those who require the kind of security the domain you're posting from implies require that no media with sensitive information should never ever get outside the physical security perimeter, anyway. This may or may not be true, however, and the reasonable thing to do is let "badblocks -w -t random -p 999999" run at least overnight (which is probably the same as running the dd lines you've been told about, at least a few times). Micromagnetoscopy (or whatever it's called) will still enable most data to be recovered after several random write passes, if what one reads in various scientific journals can be relied upon. It is much, MUCH easier to have the entire disk encrypted from the start with a strong encryption scheme, and just get rid of the keys when you want the data to become useless. -- Jure Koren, n.i.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jure Koren schrieb:
On Monday 25 April 2005 16:25, Baenen Eric P Contr AFRL/HEC wrote:
I'm running SUSE 9.2 Pro... can anyone recommend an app or technique for securely wiping the contents on an external usb hard drive with a single 120GB reiserfs partition?
Depending on what level of security you need, your only option may be to destroy the drive by throwing it into a running NMR scanner machine (not really, but exposing the drive to a strong rapidly changing magnetic field would probably make it sufficiently difficult to recover anything written to the drive). It may be a bit on the expensive side, though.
If you get that paranoid try this: Physical destruction of CD/DVD-Media: Nuke it in the microwave, this is the final solution Physical destruction of Harddrive: Put the drive into your bake oven at highest temperature for ~1/2 hour. This melts the plastic surface with embedded magnetic particles. Afterwards put it into a steel-shredder or the next blast furnace if your near a steel facility. This will make any recovery nearly impossible. <fun-tag on> But don't do this funny thing which happend at german police selling a used harddrive with sensitive data: http://www.heise.de/newsticker/result.xhtml?url=/newsticker/meldung/58353&words=Polizei%20Festplatte <fun-tag off> Reguards Philippe - -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift! Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQD1AwUBQm4GT0Ng1DRVIGjBAQLK0AcAplfR+ud0xS13BPJQeFmT+D13v9BtD5Ym VX8hF8XMneJy9uWTTGfUG+djQ9N/+9Xb00qk2Dwti8cPNBTueYPWD3aPMWRqjYB+ EzIh40YC/EGC/9QMPKNX/ubbdUUmAU07XX/pw6WPkzdTTrP90W1B1wln0g/F3BPe b0+Oyya2LY6oahbMixPgga2hHIJ15QO/mkW1X/xL6TXo/EL0ls8k3szlTxuDlC9k HKJSBbRp12QXDJAnjQXnoybS8MNmp2WcYSv6tbmnpHb/N4shUlodxNMOcdaoIi2Y 5/JEeyvL2sk= =PQKm -----END PGP SIGNATURE-----
Depending on what level of security you need, your only option may be to destroy the drive by throwing it into a running NMR scanner machine (not really, but exposing the drive to a strong rapidly changing magnetic field would probably make it sufficiently difficult to recover anything written to the drive). It may be a bit on the expensive side, though.
How much monetary value can a second-hand 120GB USB drive have nowadays? If the data is so valueable/sensitive (nuclear launch codes or something like that) that there is the slightest chance that people might actually try recover the data (with whatever sophisticated technique available), you should physically destroy the device. On a military base, there should be plenty ways available to do so (be creative). In all other cases, a single sweep with random data should be enough.
On Tuesday 26 April 2005 11:30, Arjen de Korte wrote:
Depending on what level of security you need, your only option may be to destroy the drive by throwing it into a running NMR scanner machine (not really, but exposing the drive to a strong rapidly changing magnetic field would probably make it sufficiently difficult to recover anything written to the drive). It may be a bit on the expensive side, though. How much monetary value can a second-hand 120GB USB drive have nowadays?
It's not the drive, it's the huge superconductor magnets you need to destroy the micromagnetic traces of bits written to the drive in the past. -- Jure Koren, n.i.
How much monetary value can a second-hand 120GB USB drive have nowadays? It's not the drive, it's the huge superconductor magnets you need to destroy the micromagnetic traces of bits written to the drive in the past.
There are much cheaper ways to do that (a blowtorch or a bucket filled with strong acid to dissolve the plates), but that was not my point. Before spending any amount of time trying to erase all traces of data that were once on a hard disk, you should consider if it is worth the effort. After overwriting the data once with random data, the drive itself (without tampering) won't reveal any of it (otherwise, it would not be able to hold any data after being written once). If the data that was once on the disk requires you to spend more effort on it (to ward off more sophisticated methods of data recovery), scrap the thing and buy a new one. Even at the hourly wage of someone flipping burgers, you will quickly spend more than a second-hand 120GB USB disk is worth.
On Tuesday 26 April 2005 13:27, Arjen de Korte wrote:
After overwriting the data once with random data, the drive itself (without tampering) won't reveal any of it (otherwise, it would not be able to hold any data after being written once). If the data that was once on the disk requires you to spend more effort on it (to ward off more sophisticated methods of data recovery), scrap the thing and buy a new one. Even at the hourly wage of someone flipping burgers, you will quickly spend more than a second-hand 120GB USB disk is worth.
Yes, note that the NMR scanner proposal was not a serious one. The best way not to have such problems is to encrypt all data _by default_, and just destroy the keys needed to decrypt before giving the media away. This way, the data is reasonably secure (very secure, actually), and you can spare the media, too. -- Jure Koren, n.i.
participants (10)
-
Arjen de Korte -
Arjen Runsink -
Baenen Eric P Contr AFRL/HEC -
Christian Lange -
Jure Koren -
Mike Tierney -
Nick LeRoy -
Philippe Vogel -
Randall R Schulz -
Subredu Manuel