Ubuntu/shred?
-
@jimmy9008 said in Ubuntu/shred?:
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
But kids in a lab do.
And since when kids in labs are allowed to sit there for hours swapping disks between servers?
That's not the point, or even required. They could pull images off the drives, then mess with the data like putting paper shreddings back together if they wanted to.
My point is that when there is a will, there is a way. And you hear stories all the time about how some kid some some completely unexpected thing in school - so I would expect no less to be possible here.
Yep, agree. But by doing what I've done, its pretty safe. So, I am happy with that.
Cool - as for your format commands - why did you put the drives back into an array? Leave them all separate, and write zeros to each one independently. Also, zeros along won't protect your data. True random data is the only way to really get there, and even then, only with multiple passes. But a single track of zeros gives an attacker knowledge of what they are trying to look past, i.e. your track of zeros. By using random data, the attacker has more work to find what the previous magnetic field was.
-
@dashrender said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@dashrender said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
But kids in a lab do.
And since when kids in labs are allowed to sit there for hours swapping disks between servers?
That's not the point, or even required. They could pull images off the drives, then mess with the data like putting paper shreddings back together if they wanted to.
My point is that when there is a will, there is a way. And you hear stories all the time about how some kid some some completely unexpected thing in school - so I would expect no less to be possible here.
Yep, agree. But by doing what I've done, its pretty safe. So, I am happy with that.
Cool - as for your format commands - why did you put the drives back into an array? Leave them all separate, and write zeros to each one independently. Also, zeros along won't protect your data. True random data is the only way to really get there, and even then, only with multiple passes. But a single track of zeros gives an attacker knowledge of what they are trying to look past, i.e. your track of zeros. By using random data, the attacker has more work to find what the previous magnetic field was.
Added into one array as that just made sense at the time. From the array utility, destroy the array. Then create new array raid 0 of all disks. (Just made sense). Lol.
I thought that random was great, but you are pretty much unlikely to pull anything off of the drives once zeroed... (especially if the disks were moved too), which I can still do.
-
I'm pretty late here... zeros is not faster because the speed is determined by the drive, not the system. The system can create content or just put zeroes all faster than the drive can write them to disk.
-
@scottalanmiller said in Ubuntu/shred?:
I'm pretty late here... zeros is not faster because the speed is determined by the drive, not the system. The system can create content or just put zeroes all faster than the drive can write them to disk.
I read that as the CPU doesn't have to 'think' of the random data, its faster, as its only doing 0's. That processing to generate the random data is skipped - though, like I said... I don't really know about shred etc hence asking
-
@jimmy9008 said in Ubuntu/shred?:
@scottalanmiller said in Ubuntu/shred?:
I'm pretty late here... zeros is not faster because the speed is determined by the drive, not the system. The system can create content or just put zeroes all faster than the drive can write them to disk.
I read that as the CPU doesn't have to 'think' of the random data, its faster, as its only doing 0's. That processing to generate the random data is skipped - though, like I said... I don't really know about shred etc hence asking
Right, and my point was that the CPU was not the bottleneck, so that the CPU has to do "less" doesn't change the speed of the process. Someone is assuming that this is 1980 and that disks are faster than CPUs
-
@scottalanmiller said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@scottalanmiller said in Ubuntu/shred?:
I'm pretty late here... zeros is not faster because the speed is determined by the drive, not the system. The system can create content or just put zeroes all faster than the drive can write them to disk.
I read that as the CPU doesn't have to 'think' of the random data, its faster, as its only doing 0's. That processing to generate the random data is skipped - though, like I said... I don't really know about shred etc hence asking
Right, and my point was that the CPU was not the bottleneck, so that the CPU has to do "less" doesn't change the speed of the process. Someone is assuming that this is 1980 and that disks are faster than CPUs
Ok, makes sense. No dates on the stuff I was reading online.
So, either way, would a zero of the entire array, then moving the disks between servers after already using array utility to destroy the array and make a raid 0... would that be pretty safe?
-
@jimmy9008 said in Ubuntu/shred?:
@scottalanmiller said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@scottalanmiller said in Ubuntu/shred?:
I'm pretty late here... zeros is not faster because the speed is determined by the drive, not the system. The system can create content or just put zeroes all faster than the drive can write them to disk.
I read that as the CPU doesn't have to 'think' of the random data, its faster, as its only doing 0's. That processing to generate the random data is skipped - though, like I said... I don't really know about shred etc hence asking
Right, and my point was that the CPU was not the bottleneck, so that the CPU has to do "less" doesn't change the speed of the process. Someone is assuming that this is 1980 and that disks are faster than CPUs
Ok, makes sense. No dates on the stuff I was reading online.
So, either way, would a zero of the entire array, then moving the disks between servers after already using array utility to destroy the array and make a raid 0... would that be pretty safe?
Decently safe, short of people going to forensic lengths to get a little data from the machine, there is nothing there.
-
@scottalanmiller said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@scottalanmiller said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@scottalanmiller said in Ubuntu/shred?:
I'm pretty late here... zeros is not faster because the speed is determined by the drive, not the system. The system can create content or just put zeroes all faster than the drive can write them to disk.
I read that as the CPU doesn't have to 'think' of the random data, its faster, as its only doing 0's. That processing to generate the random data is skipped - though, like I said... I don't really know about shred etc hence asking
Right, and my point was that the CPU was not the bottleneck, so that the CPU has to do "less" doesn't change the speed of the process. Someone is assuming that this is 1980 and that disks are faster than CPUs
Ok, makes sense. No dates on the stuff I was reading online.
So, either way, would a zero of the entire array, then moving the disks between servers after already using array utility to destroy the array and make a raid 0... would that be pretty safe?
Decently safe, short of people going to forensic lengths to get a little data from the machine, there is nothing there.
Ta
-
Any really critical data on those desktops? As long as it isn't like government secrets or something, I'd think that zeroing out is more than enough.
-
shredsounds better than what I normally do:dd if=/dev/random of=/dev/sda bs=4k/dev/urandom is a better RNG, but slower. Still, sounds like shred automates the process for you.
-
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....No it's not. DoD wiping is done with 7 passes. This is a very old standard and has been around a long time.
