Re: Shredding a removable drive (OT)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Jan 25, 2019 at 06:45:25PM -0800, Jonathan Ryshpan wrote:

I'm using shred on some 2Tb USB disk drive that I plan to give away.
So far it has taken 8 hours to shred 50% of the drive, which implies
that it will take about 16 hours to shred the whole drive.  I have
another 2 drives to go.

Is there a quicker way to protect my data when I give the drives away,
other than smashing the drives to bits?


I think, yes: simply encrypting the whole disk should do it: IIRC this
should be *a lot* faster than piping /dev/urandom to a disk, or even
using shred:

Excerpt from
/usr/share/doc/cryptsetup/FAQ :

------------------------------------------------------------
* 2.19 How can I wipe a device with crypto-grade randomness?

 The conventional recommendation if you want to not just do a
 zero-wipe is to use something like

   cat /dev/urandom >  <taget-device>

 That is very slow and painful at 10-20MB/s on a fast computer.
 Using cryptsetup and a plain dm-crypt device with a random key,
 it is much faster and gives you the same level of security. The
 defaults are quite enough.

 For device set-up, do the following:

   cryptsetup open --type plain -d /dev/urandom /dev/<block-device> to_be_wiped

 This maps the container as plain under /dev/mapper/to_be_wiped with a
random password. For the actual wipe you have several options. Simple wipe without progress-indicator: 

   cat /dev/zero > /dev/mapper/to_be_wiped

 Progress-indicator by dd_rescue:

   dd_rescue -w /dev/zero /dev/mapper/to_be_wiped

 Progress-indicator by my "wcs" stream meter (available from
 http://www.tansi.org/tools/index.html ):

   cat /dev/zero | wcs > /dev/mapper/to_be_wiped


 Remove the mapping at the end and you are done.
----------------------------------------------------------------


Last line above ("Remove the mapping ... ") simply means, IIUC: close
the encrypted device:

cryptsetup -v close to_be_wiped

I think I even tested sth. like that at some point. Anyways: here is
someone who seems to have done it actually, similary to the mentioned
FAQ:
https://www.redhat.com/archives/dm-devel/2016-July/msg00239.html

And sure: if you want an extra layer of security: disassembing the
disk after encryption and smashing the platters won't hurt ... :)

HTH,
Wolfgang
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux