| 1 |
On Sunday 12 Jul 2015 13:35:25 Marc Joliet wrote: |
| 2 |
> Hi, |
| 3 |
> |
| 4 |
> I have to failed drives that I want to give away for recycling purposes, |
| 5 |
> but want to be sure to properly clear them first. They used be part of a |
| 6 |
> btrfs RAID10 array, but needed to be replaced (with "btrfs replace"). (In |
| 7 |
> the meantime I converted the array to RAID1 with only two drives.) |
| 8 |
> |
| 9 |
> My question is how precisely the disks should be cleared. From various |
| 10 |
> sources I know that overwriting them with random data a few times is |
| 11 |
> enough to render old versions of data unreadable. I'm guessing 3 times |
| 12 |
> ought to be enough, but maybe even that small amount is overly paranoid |
| 13 |
> these days? |
| 14 |
> |
| 15 |
> As to the actual command, I would suspect something like "dd |
| 16 |
> if=/dev/urandom of=/dev/sdx bs=4096" should suffice, and according to |
| 17 |
> https://wiki.archlinux.org/index.php/Random_number_generation#.2Fdev.2Furan |
| 18 |
> dom, /dev/urandom ought to be random enough for this task. Or are cat/cp |
| 19 |
> that much faster? |
| 20 |
> |
| 21 |
> Any thoughts? |
| 22 |
> |
| 23 |
> Greetings |
| 24 |
|
| 25 |
I use urandom a couple of times (3 to 5), because random takes too long and I |
| 26 |
don't store state secrets on my disks. Then I dd onto it a final round of |
| 27 |
/dev/zero. Finally, run hdparm to securely erase it for good measure.[1] All |
| 28 |
of this could be an overkill, but do it out of habit these days. |
| 29 |
|
| 30 |
It is worth saying that I use haveged to increase entropy: |
| 31 |
|
| 32 |
[I] sys-apps/haveged |
| 33 |
Available versions: |
| 34 |
1.5 |
| 35 |
~ 1.7a |
| 36 |
1.7a-r1 |
| 37 |
~ 1.9.1 |
| 38 |
Installed versions: 1.7a-r1(12:46:23 04/21/14) |
| 39 |
Homepage: http://www.issihosts.com/haveged/ |
| 40 |
Description: A simple entropy daemon using the HAVEGE algorithm |
| 41 |
|
| 42 |
I should clarify that disks which contained financial data are dealth with a |
| 43 |
high speed angle grinder, after I remove the outer casing of the drive and don |
| 44 |
a pair of goggles.[2] *Only then* do I recycle the bits left. ;-) |
| 45 |
|
| 46 |
|
| 47 |
[1] https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase |
| 48 |
|
| 49 |
[2] You can also use a hammer, a drill, or any similar implement which will |
| 50 |
completely break the physical disk platters to bits. |
| 51 |
|
| 52 |
-- |
| 53 |
Regards, |
| 54 |
Mick |
Archives