On 07/02/14 15:29, Matt Garman wrote: > FWIW, I use a program called "shred" when I'm done with a disk. It > makes N (default = 3) passes of writing random data to the disk, and > an optional final pass of zeroes. It's time-consuming to complete, > but takes only 30 seconds to get going. Even more convenient if you > have one of those USB hard drive docks, so you can take the drive out > of your system. > > Based on what I've read, that should be sufficient to keep anyone > without a Dept of Defense budget from recovering you data. The DOD > probably already has your data anyway, so that's a non-issue. :) > Even with the full resources of NSA, there is no way to read useful data from a disk that has had a single pass of writing zeros. Multi-pass disk erasure is a case of some companies getting very rich from a myth based on a single academic paper with theories about how /some/ data /might/ be recoverable from overwritten disks. It was never more than an idea at the time, and it applies even less to modern disks. In an experiment, researchers wrote some bits to a sample of hard drive material, overwrote them once, then tried to read the old data. I can't find the reference (I really wish I could), so my figures may be a bit off - but they are in the right ballpark. I believe it was about 32 bits they wrote. They managed to recover 7 bits that they were confident were correct - after spending months with equipment such as electron microscopes. The most convincing argument, however, is the economic one - if it were possible to recover erased data (that has been overwritten once) with any reliability, then disk recovery firms would be offering such a service. These folks can get your photos back after disks have been "destroyed" in fires - but they cannot get data back if it has been erased. The only thing you can't erase are re-mapped sectors - but hopefully those will be rare! With SSD's it's a bit different - re-mapping and garbage collection means that there is the possibility of some data being left on partially filled blocks. > > > On Fri, Feb 7, 2014 at 2:07 AM, David Brown <david.brown@xxxxxxxxxxxx> wrote: >> On 06/02/14 19:09, Piergiorgio Sartor wrote: >>> Hi all, >>> >>> this question is only partially related to Linux MD, >>> but since the experts are here, I think it would not >>> be a big problem to ask here. >>> >>> I'm considering a storage system. >>> This is based on HDD "rust". >>> It should have RAID-6, for protection agaist disk >>> failure(s). >>> It should have LUKS (or similar), in order to simplify >>> HDD disposal (disk that are still somehow readable will >>> not need to be wiped out before dumping them). >>> It should have LVM, as flexible partition system. >>> >> >> >> It strikes me as a bad idea to use encryption of any sort "to save time >> when dumping old disks". Physically destroying hard disks is not /that/ >> hard. Unless you are keeping plans for a nuclear missile, then a few >> whacks with a hammer will be good enough. Breaking the electronics >> means it costs many thousands of dollars to get the data off the disk >> again - you don't even need to open the drive and get out the platters >> (opening the drive is time-consuming - destroying the platters after >> opening is easy). And with raid, little of the data on the disk is >> intelligible unless you have the full stripe (minus parity) - just ask >> anyone who has tried to recover from one too many disk failures. >> >> And of course, just dd'ing /dev/zero to the first few MB of the disk >> will make it unreadable for most hackers - even if they have all the >> disks in a set, and know how they were configured. And you could donate >> the old disks to windows users - then they are guaranteed unreadable! >> >> Disk encryption slows everything down, and adds lots of complications to >> the system. It is less of an issue with drives with built-in >> encryption, but still a complete waste of time and money if all you want >> is "safe" disposal of old disks. >> >> The /only/ thing disk encryption is useful for is if you fear the disks >> will be physically stolen by someone who is after your data (or customs >> guards in dodgy countries, which amounts to the same thing). So if you >> fear that your company will be the target of top-range thieves who will >> steal your disks for the data, then encryption is a good idea. Of >> course, better locks and alarm systems would be a better investment. >> >> >> Once you have eliminated the "E", then I believe HRL is the common >> arrangement, although sometimes you also do physical partitioning of the >> disks first, so that you can have different bits with different raid >> types. A multi-way raid1 partition first for /boot can make booting >> easier, a set of raid1 pairs works well for swap (for emergency use >> only), and then the rest of each disk makes up your raid6 array. >> >> >> -- >> To unsubscribe from this list: send the line "unsubscribe linux-raid" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html > -- > To unsubscribe from this list: send the line "unsubscribe linux-raid" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-raid" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
