| 1 |
Em 12/07/2015 10:03, "Mick" <michaelkintzios@×××××.com> escreveu: |
| 2 |
> |
| 3 |
> On Sunday 12 Jul 2015 13:35:25 Marc Joliet wrote: |
| 4 |
> > Hi, |
| 5 |
> > |
| 6 |
> > I have to failed drives that I want to give away for recycling purposes, |
| 7 |
> > but want to be sure to properly clear them first. They used be part of |
| 8 |
a |
| 9 |
> > btrfs RAID10 array, but needed to be replaced (with "btrfs replace"). |
| 10 |
(In |
| 11 |
> > the meantime I converted the array to RAID1 with only two drives.) |
| 12 |
> > |
| 13 |
> > My question is how precisely the disks should be cleared. From various |
| 14 |
> > sources I know that overwriting them with random data a few times is |
| 15 |
> > enough to render old versions of data unreadable. I'm guessing 3 times |
| 16 |
> > ought to be enough, but maybe even that small amount is overly paranoid |
| 17 |
> > these days? |
| 18 |
> > |
| 19 |
> > As to the actual command, I would suspect something like "dd |
| 20 |
> > if=/dev/urandom of=/dev/sdx bs=4096" should suffice, and according to |
| 21 |
> > |
| 22 |
https://wiki.archlinux.org/index.php/Random_number_generation#.2Fdev.2Furan |
| 23 |
> > dom, /dev/urandom ought to be random enough for this task. Or are |
| 24 |
cat/cp |
| 25 |
> > that much faster? |
| 26 |
> > |
| 27 |
> > Any thoughts? |
| 28 |
> > |
| 29 |
> > Greetings |
| 30 |
> |
| 31 |
> I use urandom a couple of times (3 to 5), because random takes too long |
| 32 |
and I |
| 33 |
> don't store state secrets on my disks. Then I dd onto it a final round of |
| 34 |
> /dev/zero. Finally, run hdparm to securely erase it for good |
| 35 |
measure.[1] All |
| 36 |
> of this could be an overkill, but do it out of habit these days. |
| 37 |
> |
| 38 |
> It is worth saying that I use haveged to increase entropy: |
| 39 |
> |
| 40 |
> [I] sys-apps/haveged |
| 41 |
> Available versions: |
| 42 |
> 1.5 |
| 43 |
> ~ 1.7a |
| 44 |
> 1.7a-r1 |
| 45 |
> ~ 1.9.1 |
| 46 |
> Installed versions: 1.7a-r1(12:46:23 04/21/14) |
| 47 |
> Homepage: http://www.issihosts.com/haveged/ |
| 48 |
> Description: A simple entropy daemon using the HAVEGE |
| 49 |
algorithm |
| 50 |
> |
| 51 |
> I should clarify that disks which contained financial data are dealth |
| 52 |
with a |
| 53 |
> high speed angle grinder, after I remove the outer casing of the drive |
| 54 |
and don |
| 55 |
> a pair of goggles.[2] *Only then* do I recycle the bits left. ;-) |
| 56 |
> |
| 57 |
> |
| 58 |
> [1] https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase |
| 59 |
> |
| 60 |
> [2] You can also use a hammer, a drill, or any similar implement which |
| 61 |
will |
| 62 |
> completely break the physical disk platters to bits. |
| 63 |
> |
| 64 |
> -- |
| 65 |
> Regards, |
| 66 |
> Mick |
| 67 |
|
| 68 |
A physical damage is what I guess be the best choice for sensitive data. |
| 69 |
|
| 70 |
I use to disassemble the HDD and rub a strong magnet over the disks' |
| 71 |
surfaces. |
| 72 |
|
| 73 |
Just my 2c. |
| 74 |
|
| 75 |
Best regards, |
| 76 |
Francisco |
Archives