Thermite, yep that'll do it :-P -------- Original message -------- From: Daniel Cross <daniel@ritualmedia.co.nz> Date: To: David Zuccaro <david.zuccaro@optusnet.com.au> Cc: luv-main@luv.asn.au Subject: Re: Disk Washing Well, in that case probably Dban will be sufficient for your needs. If still going with dd I agree with the bs=1M switch. Incidentally, a discussion with a friend this evening lead us to the decision that a good way (although involved) to erase a drive would be: 1) Open disk enclusure. 2) Use bench grinder to create aluminium powder from the top of the disk enclosure 3) find something rusty, (or another source of iron oxide) and create powder. 4) mix 50:50 by volume. 5) if available add some magnesium (left over guy fawks sparklers?) 6) pour powder over HDD spindles. 7) Light and step well back while the platters melt. I might try this in coming months and report my results ;) Daniel On Mon, Sep 2, 2013 at 6:30 PM, David Zuccaro <david.zuccaro@optusnet.com.au> wrote: On Mon, 2013-09-02 at 17:45 +1000, Daniel Cross wrote:
I guess it depends on your threat model, so rewinding a bit - who are you wanting to prevent accessing your data? This greatly informs the conversation. The methods offered above, and in many of the replies thus far, assume a very sophisticated adversary.
Daniel
Let us assume that the adversary is not a three-letter-government-agency; not that I consent to three-letter-government-agencies accessing any of my information.
In all seriousness, I think the best way to quickly wipe a drive is to get the drive firmware to do it. This has a few advantages.. 1. It's really fast, as its close to the metal. 2. If the wiping stops half way, due to power failure, when the drive next starts the wiping will continue, also if the drive has physical faults, the firmware will try to prevent read of the data even if it can't successfully wipe. 3. Presumably reallocated bad sectors are also wiped (not true with dd). Part of the ATA spec says that you can set a drive password. Another part says if you lose the password you can recover the drive, but only by wiping the data first. So how would you do this? 1. Use hdparm to set a password 2. Use hdparm to reset the password (Wiping continues in the background). Reference: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase -Noah On Tuesday, September 3, 2013, Christopher M. Bailey wrote:
Thermite, yep that'll do it :-P
-------- Original message -------- From: Daniel Cross <daniel@ritualmedia.co.nz <javascript:_e({}, 'cvml', 'daniel@ritualmedia.co.nz');>> Date: To: David Zuccaro <david.zuccaro@optusnet.com.au <javascript:_e({}, 'cvml', 'david.zuccaro@optusnet.com.au');>> Cc: luv-main@luv.asn.au <javascript:_e({}, 'cvml', 'luv-main@luv.asn.au');> Subject: Re: Disk Washing
Well, in that case probably Dban will be sufficient for your needs. If still going with dd I agree with the bs=1M switch.
Incidentally, a discussion with a friend this evening lead us to the decision that a good way (although involved) to erase a drive would be:
1) Open disk enclusure. 2) Use bench grinder to create aluminium powder from the top of the disk enclosure 3) find something rusty, (or another source of iron oxide) and create powder. 4) mix 50:50 by volume. 5) if available add some magnesium (left over guy fawks sparklers?) 6) pour powder over HDD spindles. 7) Light and step well back while the platters melt.
I might try this in coming months and report my results ;)
Daniel
On Mon, Sep 2, 2013 at 6:30 PM, David Zuccaro < david.zuccaro@optusnet.com.au <javascript:_e({}, 'cvml', 'david.zuccaro@optusnet.com.au');>> wrote:
On Mon, 2013-09-02 at 17:45 +1000, Daniel Cross wrote:
I guess it depends on your threat model, so rewinding a bit - who are you wanting to prevent accessing your data? This greatly informs the conversation. The methods offered above, and in many of the replies thus far, assume a very sophisticated adversary.
Daniel
Let us assume that the adversary is not a three-letter-government-agency; not that I consent to three-letter-government-agencies accessing any of my information.
On Tue, 3 Sep 2013, "Noah O'Donoghue" <noah.odonoghue@gmail.com> wrote:
1. It's really fast, as its close to the metal. 2. If the wiping stops half way, due to power failure, when the drive next starts the wiping will continue, also if the drive has physical faults, the firmware will try to prevent read of the data even if it can't successfully wipe. 3. Presumably reallocated bad sectors are also wiped (not true with dd).
You are assuming that the wiping does what it claims to do. I would be more inclined to trust that when I've written 100G of data to a 100G disk then whatever was there before is really gone. Disk firmware is presumably at least as buggy as any other software and the wiping functionality probably wouldn't get much testing. For consumer levels of data protection dropping a drive from 1.5M on concrete after using dd would be a good option. Most people who try to steal data will be put off by a broken drive head assembly. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
On 09/03/2013 10:02 PM, Russell Coker wrote:
You are assuming that the wiping does what it claims to do. I would be more inclined to trust that when I've written 100G of data to a 100G disk then whatever was there before is really gone.
This is the bit I haven't understood. If you want to protect the contents of a drive which not write pictures of your cat to the drive until it is full. If you align the block/disk size with the file then presumably there won't be any gaps or if there is then those fragments wont be enough to build any significant information. P
On Wed, 4 Sep 2013, Piers Rowan <piers.rowan@recruitonline.com.au> wrote:
On 09/03/2013 10:02 PM, Russell Coker wrote:
You are assuming that the wiping does what it claims to do. I would be more inclined to trust that when I've written 100G of data to a 100G disk then whatever was there before is really gone.
This is the bit I haven't understood. If you want to protect the contents of a drive which not write pictures of your cat to the drive until it is full. If you align the block/disk size with the file then presumably there won't be any gaps or if there is then those fragments wont be enough to build any significant information.
With a filesystem it will be difficult to discover where on the disk a particular file is, there are ways of doing this (generally only used by boot- loader installation programs) but it will be too inconvenient to be useful. If you write to the entire disk it will wipe it all, no particular alignment is needed. Hard drives store things in sectors of 512 bytes or 4K (for newer/larger disks) so you just need to write to every sector. With hard drives there is the possibility that marginal sectors were remapped which could then be recovered. There is also the possibility that analogue signals that remain from previous writes that are discarded as noise in the normal read process can be read. Both of those are out of reach of most attackers. For SSDs there are different issues, the controller does a fair bit of work to map sector writes to erase blocks. Really if you want data to be safe then encrypt it on the disk. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
On 4/09/2013 9:27 AM, Russell Coker wrote:
For SSDs there are different issues, the controller does a fair bit of work to map sector writes to erase blocks.
Really if you want data to be safe then encrypt it on the disk.
This is especially important for SSDs as it is basically up to the controller / firmware to carry out special "wear leveling" to help give the whole drive longer life. So, encrypt first, then store data, secure erase or destroy later... The whole wear leveling scenario means that you can never really know where the data will actually be written and if a logical sector has been moved or replaced physically; if replaced, then the original data may still be intact on the drive, even if you think that it has been over-written -- it's one of those things specific to SSDs. Cheers A.
participants (5)
-
Andrew McGlashan -
Christopher M. Bailey -
Noah O'Donoghue -
Piers Rowan -
Russell Coker