Ubuntu/shred?
-
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.
When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..
Single format doesn't destroy the data, you need to actually overwrite it.
-
@marcinozga said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.
When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..
Single format doesn't destroy the data, you need to actually overwrite it.
Yes, that's what I believe I'm doing by the entre write of 0's on the entire array...
Sound pretty safe. So I will stick with it. -
@marcinozga said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.
Wouldn't this leave quite a risk of the data being on a drive still?
I have mixed the drives. Destroyed the arrays, and set as Raid0. Then, running shred on those new Raid 0 arrays...Risk? Unlikely. If you mix few drives from each array in few servers, there's no way to recover it unless you get the original set of drives together. The more drives and servers, the lower the chances of re-assembling the array. You're not donating these to NSA, are you?
No, lol. Two servers are going to a School to be their production environment. Another server is going to a different School to be a lab machine so students can try virtualisation.
-
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.
When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..
Single format doesn't destroy the data, you need to actually overwrite it.
Yes, that's what I believe I'm doing by the entre write of 0's on the entire array...
Sound pretty safe. So I will stick with it.RAID array is different than single disk or SD card.
-
@marcinozga said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.
When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..
Single format doesn't destroy the data, you need to actually overwrite it.
Yes, that's what I believe I'm doing by the entre write of 0's on the entire array...
Sound pretty safe. So I will stick with it.RAID array is different than single disk or SD card.
From the process of what has already been done, gparted formatting the array, destroying the array and now writing 0'd to the array should be sufficient.
You aren't expecting the DoD to come knocking on your door, nor do you expect (forsee) a forensic researcher to be tearing apart the system to recover the data from these systems.
-
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.
Wouldn't this leave quite a risk of the data being on a drive still?
I have mixed the drives. Destroyed the arrays, and set as Raid0. Then, running shred on those new Raid 0 arrays...Risk? Unlikely. If you mix few drives from each array in few servers, there's no way to recover it unless you get the original set of drives together. The more drives and servers, the lower the chances of re-assembling the array. You're not donating these to NSA, are you?
No, lol. Two servers are going to a School to be their production environment. Another server is going to a different School to be a lab machine so students can try virtualisation.
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
Let me illustrate what will happen when you mix disks. In a set of 6 disks in 3 servers you have some data, but that data is completely unknown to bad actor. So:
ABCDEF - in server 1, abcdef in server 2, and 123456 in server 3. After mixing you end up with Ae2DE4 in server 1, a3BF16 in server 2 and bcCd5f in server 3. After writing some random data you'll have Ae2DEx, a3BF1y, and bcCd5z. Now go ahead and try to recover original data, not knowing what it was in first place. And do it on school's time and budget.
-
@marcinozga said in Ubuntu/shred?:
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
But kids in a lab do.
-
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
But kids in a lab do.
And since when kids in labs are allowed to sit there for hours swapping disks between servers?
-
@dashrender and if they are like the kids in my labs then they will be absolutely malicious just for the fun of it
-
@marcinozga said in Ubuntu/shred?:
ABCDEF - in server 1, abcdef in server 2, and 123456 in server 3. After mixing you end up with Ae2DE4 in server 1, a3BF16 in server 2 and bcCd5f in server 3. After writing some random data you'll have Ae2DEx, a3BF1y, and bcCd5z. Now go ahead and try to recover original data, not knowing what it was in first place. And do it on school's time and budget.
Is is of course true, but doesn't paint the picture accurately. Each of your above listed slots of data, represented by A and a and 1, etc are blocks of data, possibly more than 4KB worth A tone of valuable data could be stored in 4KB.
-
Eurgh... even the 0's on the array are taking ages. Been running it since lunch, 40 GiB/3.7TiB finished, 1%
-
@jmoore said in Ubuntu/shred?:
@dashrender and if they are like the kids in my labs then they will be absolutely malicious just for the fun of it
^^This. Let the kids play with it, they'll do the job for you.
-
@marcinozga said in Ubuntu/shred?:
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
But kids in a lab do.
And since when kids in labs are allowed to sit there for hours swapping disks between servers?
That's not the point, or even required. They could pull images off the drives, then mess with the data like putting paper shreddings back together if they wanted to.
My point is that when there is a will, there is a way. And you hear stories all the time about how some kid some some completely unexpected thing in school - so I would expect no less to be possible here.
-
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
But kids in a lab do.
And since when kids in labs are allowed to sit there for hours swapping disks between servers?
That's not the point, or even required. They could pull images off the drives, then mess with the data like putting paper shreddings back together if they wanted to.
My point is that when there is a will, there is a way. And you hear stories all the time about how some kid some some completely unexpected thing in school - so I would expect no less to be possible here.
Yep, agree. But by doing what I've done, its pretty safe. So, I am happy with that.
-
@marcinozga said in Ubuntu/shred?:
@jmoore said in Ubuntu/shred?:
@dashrender and if they are like the kids in my labs then they will be absolutely malicious just for the fun of it
^^This. Let the kids play with it, they'll do the job for you.
No, you're missing my point - which is that the kids might go out of their way to reconstruct the data, so they won't be doing the job of destroying the data, they will be be doing the opposite and rebuilding it - why - because they can.
What are the chances of this? Low I would say, but not anywhere near zero. And kids in a lab, it's higher than the chances that someone would try to get data off an old copy machine HD I would think.
-
@jimmy9008 said in Ubuntu/shred?:
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
But kids in a lab do.
And since when kids in labs are allowed to sit there for hours swapping disks between servers?
That's not the point, or even required. They could pull images off the drives, then mess with the data like putting paper shreddings back together if they wanted to.
My point is that when there is a will, there is a way. And you hear stories all the time about how some kid some some completely unexpected thing in school - so I would expect no less to be possible here.
Yep, agree. But by doing what I've done, its pretty safe. So, I am happy with that.
Cool - as for your format commands - why did you put the drives back into an array? Leave them all separate, and write zeros to each one independently. Also, zeros along won't protect your data. True random data is the only way to really get there, and even then, only with multiple passes. But a single track of zeros gives an attacker knowledge of what they are trying to look past, i.e. your track of zeros. By using random data, the attacker has more work to find what the previous magnetic field was.
-
@dashrender said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
But kids in a lab do.
And since when kids in labs are allowed to sit there for hours swapping disks between servers?
That's not the point, or even required. They could pull images off the drives, then mess with the data like putting paper shreddings back together if they wanted to.
My point is that when there is a will, there is a way. And you hear stories all the time about how some kid some some completely unexpected thing in school - so I would expect no less to be possible here.
Yep, agree. But by doing what I've done, its pretty safe. So, I am happy with that.
Cool - as for your format commands - why did you put the drives back into an array? Leave them all separate, and write zeros to each one independently. Also, zeros along won't protect your data. True random data is the only way to really get there, and even then, only with multiple passes. But a single track of zeros gives an attacker knowledge of what they are trying to look past, i.e. your track of zeros. By using random data, the attacker has more work to find what the previous magnetic field was.
Added into one array as that just made sense at the time. From the array utility, destroy the array. Then create new array raid 0 of all disks. (Just made sense). Lol.
I thought that random was great, but you are pretty much unlikely to pull anything off of the drives once zeroed... (especially if the disks were moved too), which I can still do.
-
I'm pretty late here... zeros is not faster because the speed is determined by the drive, not the system. The system can create content or just put zeroes all faster than the drive can write them to disk.
-
@scottalanmiller said in Ubuntu/shred?:
I'm pretty late here... zeros is not faster because the speed is determined by the drive, not the system. The system can create content or just put zeroes all faster than the drive can write them to disk.
I read that as the CPU doesn't have to 'think' of the random data, its faster, as its only doing 0's. That processing to generate the random data is skipped - though, like I said... I don't really know about shred etc hence asking
-
@jimmy9008 said in Ubuntu/shred?:
@scottalanmiller said in Ubuntu/shred?:
I'm pretty late here... zeros is not faster because the speed is determined by the drive, not the system. The system can create content or just put zeroes all faster than the drive can write them to disk.
I read that as the CPU doesn't have to 'think' of the random data, its faster, as its only doing 0's. That processing to generate the random data is skipped - though, like I said... I don't really know about shred etc hence asking
Right, and my point was that the CPU was not the bottleneck, so that the CPU has to do "less" doesn't change the speed of the process. Someone is assuming that this is 1980 and that disks are faster than CPUs
