Re: Shredding a removable drive (OT)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Jan 27, 2019 at 11:32:52AM +0000, Patrick O'Callaghan wrote:

On Sun, 2019-01-27 at 02:29 +0100, Wolfgang Pfeiffer wrote:

I think, yes: simply encrypting the whole disk should do it: IIRC this
should be *a lot* faster than piping /dev/urandom to a disk,


Given that encrypting the disk means (at a minimum) reading the entire
contents and rewriting it,


No. I don't think data is written and rewritten. See below.

First off: thanks a lot, poc, for writing: because although I can't
agree with you so far on this, I found what I'd consider as being a
mistake in the procedure I suggested.

My tests show, that an external 500 GB (USB 2) disk is encrypted in
not even 10 secs (yes: 10. No typo). I think this is because
cryptsetup doesn't rewrite data from non-encrypted to encrypted. Don't
ask me why .. and the speed *might* have to do with the fact that only
~17% of the disk was filled with data

But thanks to your intervention, poc, I found that the initial command that
I quoted from the cryptsetup FAQ doesn't seem to actually encrypt the disk.
Bug? My mistake? No idea what went wrong. So I changed things.

My workaround, nearly as fast:

Create a randomly generated password key and pipe it into a file,
max. is here 8192kB (people can find the max size on their systems with
cryptsetup --help)

That's how it seems to work here - and careful everyone ofc: you
destroy a disk with some of the following:

0:
# Create the key-file:
head -c  8192K /dev/urandom > lukskey

1:
# Encrypt the disk:

cryptsetup  -s 512 -d lukskey -c aes-xts-plain64 luksFormat  /dev/sd[?]

# Again: didn't take 10 secs.

# Find your own favorite cipher (-c) and use it

# and re. /dev/sd[?] - yes: no partition seems being necessary to just
# destroy the disk

2:
# Check if the disk is encrypted:

cryptsetup luksDump /dev/sd[?]

3:
# And you can open the container like so:

cryptsetup -v open -d lukskey /dev/sd[?] test
Key slot 0 unlocked.
Command successful.

# Close it after usage:
cryptsetup -v close test

4:

Destroy the key, once you're finished (careful: the data on disk is
useless without it .. )

That's it. To pipe /dev/zero into that disk (I used dd), as sht. like
this was mentioned in the FAQ: with that USB2 disk here that took a
long time: ~ 53 minutes for just ~ 130 GB.

Let me know, please, in case of a mistake ..

TIA.

HTH, Regards
Wolfgang
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux