Ubuntu/shred?
-
@jimmy9008 said in Ubuntu/shred?:
@dustinb3403 said in Ubuntu/shred?:
Why not follow up with gparted and do a complete format of the system afterwards?
How long would that format take? I presume it does the same as zeroing the drive anyway?
Formatting will depend on the drive size,.. larger the drive, the longer it will take.
-
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
-
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
-
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.
Wouldn't this leave quite a risk of the data being on a drive still?
I have mixed the drives. Destroyed the arrays, and set as Raid0. Then, running shred on those new Raid 0 arrays...Risk? Unlikely. If you mix few drives from each array in few servers, there's no way to recover it unless you get the original set of drives together. The more drives and servers, the lower the chances of re-assembling the array. You're not donating these to NSA, are you?
-
If you setup raid 0 after swapping the drives, and intentionally failed the arrays by pulling drives you're going to destroy the data further.
You can absolutely do a few passes of random data, or just write 0's to each array.
Seems like overkill to me though if you've already swapped the drives around, destroyed the existing arrays, and rebuilt them to raid 0.
-
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.
When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..
-
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.
When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..
Single format doesn't destroy the data, you need to actually overwrite it.
-
@marcinozga said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.
When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..
Single format doesn't destroy the data, you need to actually overwrite it.
Yes, that's what I believe I'm doing by the entre write of 0's on the entire array...
Sound pretty safe. So I will stick with it. -
@marcinozga said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.
Wouldn't this leave quite a risk of the data being on a drive still?
I have mixed the drives. Destroyed the arrays, and set as Raid0. Then, running shred on those new Raid 0 arrays...Risk? Unlikely. If you mix few drives from each array in few servers, there's no way to recover it unless you get the original set of drives together. The more drives and servers, the lower the chances of re-assembling the array. You're not donating these to NSA, are you?
No, lol. Two servers are going to a School to be their production environment. Another server is going to a different School to be a lab machine so students can try virtualisation.
-
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.
When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..
Single format doesn't destroy the data, you need to actually overwrite it.
Yes, that's what I believe I'm doing by the entre write of 0's on the entire array...
Sound pretty safe. So I will stick with it.RAID array is different than single disk or SD card.
-
@marcinozga said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.
When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..
Single format doesn't destroy the data, you need to actually overwrite it.
Yes, that's what I believe I'm doing by the entre write of 0's on the entire array...
Sound pretty safe. So I will stick with it.RAID array is different than single disk or SD card.
From the process of what has already been done, gparted formatting the array, destroying the array and now writing 0'd to the array should be sufficient.
You aren't expecting the DoD to come knocking on your door, nor do you expect (forsee) a forensic researcher to be tearing apart the system to recover the data from these systems.
-
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.
Wouldn't this leave quite a risk of the data being on a drive still?
I have mixed the drives. Destroyed the arrays, and set as Raid0. Then, running shred on those new Raid 0 arrays...Risk? Unlikely. If you mix few drives from each array in few servers, there's no way to recover it unless you get the original set of drives together. The more drives and servers, the lower the chances of re-assembling the array. You're not donating these to NSA, are you?
No, lol. Two servers are going to a School to be their production environment. Another server is going to a different School to be a lab machine so students can try virtualisation.
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
Let me illustrate what will happen when you mix disks. In a set of 6 disks in 3 servers you have some data, but that data is completely unknown to bad actor. So:
ABCDEF - in server 1, abcdef in server 2, and 123456 in server 3. After mixing you end up with Ae2DE4 in server 1, a3BF16 in server 2 and bcCd5f in server 3. After writing some random data you'll have Ae2DEx, a3BF1y, and bcCd5z. Now go ahead and try to recover original data, not knowing what it was in first place. And do it on school's time and budget.
-
@marcinozga said in Ubuntu/shred?:
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
But kids in a lab do.
-
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
But kids in a lab do.
And since when kids in labs are allowed to sit there for hours swapping disks between servers?
-
@dashrender and if they are like the kids in my labs then they will be absolutely malicious just for the fun of it
-
@marcinozga said in Ubuntu/shred?:
ABCDEF - in server 1, abcdef in server 2, and 123456 in server 3. After mixing you end up with Ae2DE4 in server 1, a3BF16 in server 2 and bcCd5f in server 3. After writing some random data you'll have Ae2DEx, a3BF1y, and bcCd5z. Now go ahead and try to recover original data, not knowing what it was in first place. And do it on school's time and budget.
Is is of course true, but doesn't paint the picture accurately. Each of your above listed slots of data, represented by A and a and 1, etc are blocks of data, possibly more than 4KB worth A tone of valuable data could be stored in 4KB.
-
Eurgh... even the 0's on the array are taking ages. Been running it since lunch, 40 GiB/3.7TiB finished, 1%
-
@jmoore said in Ubuntu/shred?:
@dashrender and if they are like the kids in my labs then they will be absolutely malicious just for the fun of it
^^This. Let the kids play with it, they'll do the job for you.
-
@marcinozga said in Ubuntu/shred?:
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
But kids in a lab do.
And since when kids in labs are allowed to sit there for hours swapping disks between servers?
That's not the point, or even required. They could pull images off the drives, then mess with the data like putting paper shreddings back together if they wanted to.
My point is that when there is a will, there is a way. And you hear stories all the time about how some kid some some completely unexpected thing in school - so I would expect no less to be possible here.
-
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
But kids in a lab do.
And since when kids in labs are allowed to sit there for hours swapping disks between servers?
That's not the point, or even required. They could pull images off the drives, then mess with the data like putting paper shreddings back together if they wanted to.
My point is that when there is a will, there is a way. And you hear stories all the time about how some kid some some completely unexpected thing in school - so I would expect no less to be possible here.
Yep, agree. But by doing what I've done, its pretty safe. So, I am happy with that.
