Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[howto] Really Secure erase of hd or partition
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
kamikaze04
Guru
Guru


Joined: 28 Mar 2004
Posts: 366
Location: Valencia-Spain

PostPosted: Mon Dec 26, 2005 5:44 pm    Post subject: [howto] Really Secure erase of hd or partition Reply with quote

Hi,

I've been watching some time the way of wiping a hard disk or partition completely safe. I've got some harddisks with financial data of a company, and i want it to be well deleted.

I found this script in the internet, it sounds really well. Now i share it with all of you, for improvements or whatever.

:arrow: Purists will say that the only way of deleting completly sure is burning them or something like that. Well, i don't have NSA or things like that after my data, so i think no other company will waste thousands of $ in trying to recover it with "phisical way".

Code:

#!/bin/sh
# wipeall.sh
# by Thomas C. Greene (tcgreene@bellatlantic.net)
#
echo " -- This script will wipe your entire HDD (hda)"
echo " -- This is a rough hack with NO WARRANTY"
echo " -- USE AT YOUR OWN RISK!"
echo " -- Did you edit this file according to the README?"
echo " -- Press enter to continue"

read

echo " -- Are you absolutely certain that you want to wipe your entire HDD (hda)?"
echo " -- There will be no salvation if you are mistaken"
echo " -- Press Ctrl+C to exit now while you can"
echo " -- Otherwise..."
echo " -- Press enter to continue"

read

# dd if=/dev/urandom of=/dev/hda

# dd if=/dev/zero of=/dev/hda

echo " -- The wipe is finished"


Code:


#!/bin/sh
# wipefree.sh
# by Thomas C. Greene (tcgreene@bellatlantic.net)
#
echo " -- This script will wipe unused space on select parts of the root partition"
echo " -- This is a rough hack with NO WARRANTY"
echo " -- It will not be completely effective on journaled file systems"
echo " -- USE AT YOUR OWN RISK!"
echo " -- Press enter to continue"

read

dd if=/dev/urandom of=/home/cleanupfile
sync
rm /home/cleanupfile
sync

dd if=/dev/zero of=/home/cleanupfile
sync
rm /home/cleanupfile
sync

#repeat both dd's as many times as paranoic you are

echo " -- The wipe is finished"



Code:


#!/bin/sh
# wipeswap.sh
# by Thomas C. Greene (tcgreene@bellatlantic.net)
# and Conrad Wood (cnw@lemon-computing.com)
#
echo " -- This script will completely wipe the swap partition"
echo " -- This is a rough hack with NO WARRANTY"
echo " -- It will not be completely effective on journaled file systems"
echo " -- USE AT YOUR OWN RISK!"
echo " -- Did you edit this file according to the README?"
echo " -- Running this script from a GUI may cause application or system crashes"
echo " -- Press enter to continue"

read

for device in `swapoff -av |sed -e 's/.*\/dev\///g'`
do
 echo wiping /dev/$device
 # dd if=/dev/urandom of=/dev/$device
 # dd if=/dev/zero of=/dev/$device
done


I paste the README from the original author:

Code:

Wipefree.sh can be run safely from an active disk.  It will take considerable time but
should not interfere with running applications.

Wipeall.sh needs to be edited.  Un-comment the commands or it will do nothing. The
lines reading of=/dev/hda are an EXAMPLE which MUST be edited to reflect the device
you wish to wipe. Check /etc/fstab for the correct information and edit as needed.
Wipeall must be run from a different active hard disk, floppy or CD, for obvious
reasons.

Wipeswap.sh needs to be edited.  Un-comment the commands or it will do nothing. It
will automatically detect your swap device (thanks to Conrad Wood). Wipeswap is
best run from the console with nothing else running.  Otherwise application and even
system crashes may result.


_________________
Todo lo que quisiste saber sobre google en: www.noticiasgoogle.es
Back to top
View user's profile Send private message
tb7653
n00b
n00b


Joined: 26 Dec 2005
Posts: 9
Location: Germany

PostPosted: Mon Dec 26, 2005 7:04 pm    Post subject: Why not simple? Reply with quote

I'm not sure, but why not just shred the whole disk like this:
Code:
shred /dev/hda

_________________
In a world without walls and fences - who needs Windows and Gates?
Back to top
View user's profile Send private message
slycordinator
Advocate
Advocate


Joined: 31 Jan 2004
Posts: 3059
Location: Korea

PostPosted: Tue Dec 27, 2005 8:18 pm    Post subject: Re: Why not simple? Reply with quote

tb7653 wrote:
I'm not sure, but why not just shred the whole disk like this:
Code:
shred /dev/hda


shred manpage says:

Code:
CAUTION:  Note  that  shred relies on a very important assumption: that
       the file system overwrites data in place.  This is the traditional  way
       to  do  things, but many modern file system designs do not satisfy this
       assumption.  The following are examples of file systems on which  shred
       is not effective:

       * log-structured or journaled file systems, such as those supplied with

              AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)


And it had more listed.

edit:
But other than that shred pretty much IS what is being done by those scripts.
Back to top
View user's profile Send private message
tb7653
n00b
n00b


Joined: 26 Dec 2005
Posts: 9
Location: Germany

PostPosted: Wed Dec 28, 2005 6:35 pm    Post subject: shred Reply with quote

AFAIK the warning about journaled file systems etc is about using shred on a file.

From shreds info page:
Quote:
Generally speaking, it is more reliable to shred a device than a
file, since this bypasses the problem of file system design mentioned
above. However, even shredding devices is not always completely
reliable. For example, most disks map out bad sectors invisibly to the
application; if the bad sectors contain sensitive data, `shred' won't
be able to destroy it.


So it should be quite safe if used on a whole device, since it overwrites the existing filesystem anyway. Furthermore shred overwrites the data per default 25 times.
As you said the scripts seem to be a "simple version" of shred, so the same warnings apply to them.

Thomas
_________________
In a world without walls and fences - who needs Windows and Gates?
Back to top
View user's profile Send private message
slycordinator
Advocate
Advocate


Joined: 31 Jan 2004
Posts: 3059
Location: Korea

PostPosted: Wed Dec 28, 2005 11:28 pm    Post subject: Re: shred Reply with quote

tb7653 wrote:
As you said the scripts seem to be a "simple version" of shred, so the same warnings apply to them.


I fail to see any logic in this statement.

Lets assume there's a program that does a whole bunch of stuff but has problems working with journaled file systems. Lets say another program has a subset of those same features.

How can you possibly then conclude that the second program has the same problems?
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42838
Location: 56N 3W

PostPosted: Wed Dec 28, 2005 11:49 pm    Post subject: Reply with quote

slycordinator,

shred can be used on indiviadual files, where it depends on the underlying filesystem. As the man page says, some filesystems can defeat this.

When used on whole partitions or drives, the underlying filesystem is not used and shred and the scripts are almost equivelent. Shred does more passes.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Reikinio
Apprentice
Apprentice


Joined: 14 Aug 2005
Posts: 203
Location: Uruguay

PostPosted: Thu Dec 29, 2005 12:03 am    Post subject: Reply with quote

Just overwrite the hard-drive a few times using /dev/urandom and you're done.

If you're really paranoid, after overwritting the hard-drive with random crap, cut the hard-drive in pieces, set them on fire, separate the ashes into different plastic bags, throw them away at different locations, and kill yourself... now it's really erased.

Regards,
Back to top
View user's profile Send private message
kamikaze04
Guru
Guru


Joined: 28 Mar 2004
Posts: 366
Location: Valencia-Spain

PostPosted: Thu Dec 29, 2005 9:45 am    Post subject: Reply with quote

Reikinio:

As i said in my first post, i don't have the need of destroying the harddisk, however i'm really interested in knowing if those scripts erase ALL the data or, for example, if there are bad sectors marked in the hd, the info in that sector would keep intact.

My boss wants every byte in the hd to be erased, and that scripts are my actual solution, but as far as i can see...maybe i'm missing the data in that fucking bad sectors :(

Okey, let's see if any guru improves them.

About the number of passes, it really does not matter to my boss/company, just overwriting with zeros and after with random data is enough...
_________________
Todo lo que quisiste saber sobre google en: www.noticiasgoogle.es
Back to top
View user's profile Send private message
xming
Guru
Guru


Joined: 02 Jul 2002
Posts: 441

PostPosted: Thu Dec 29, 2005 11:48 am    Post subject: Reply with quote

Code:
dd if=/dev/urandom of=/dev/$device


will erase all data, every bit of /dev/$device gets overwritten. But, yes there is always a but, the data that was previously on the $device is still recoverable using specialized hardware, there is no way to get the data back by connecting the drive to another PC and try to do an unforamt (sic).

Code:
dd if=/dev/zero of=/dev/$device
just make hardware recovery easier.

How is this posible? Well no HD is perfect, after you have written all zeros, there is still some residue magnetism around every bit, because the place where the platter gets wirtting is not always the exact same place, with specialized hardware http://en.wikipedia.org/wiki/Magnetometer it is possible to read the bits manually. And overwrite you data with with all 0's or all 1's just makes the manual reading easier.

So I will suggest to overwrite your data at least 3 times with
Code:
dd if=/dev/urandom of=/dev/$device


xming
_________________
http://wojia.be
Back to top
View user's profile Send private message
kamikaze04
Guru
Guru


Joined: 28 Mar 2004
Posts: 366
Location: Valencia-Spain

PostPosted: Thu Dec 29, 2005 11:59 am    Post subject: Reply with quote

Thanks for your explanation xming.

Well, i think 0,rand,0,rand,0,rand will be enough for our security needs :)

Just for people interested: With 6 passes, i need 6 min/GB to be secured (1 min/GB for each pass)
_________________
Todo lo que quisiste saber sobre google en: www.noticiasgoogle.es
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42838
Location: 56N 3W

PostPosted: Thu Dec 29, 2005 3:31 pm    Post subject: Reply with quote

kamikaze04,

You cannot get at the data in bad sectors. The drive has mapped them out over its life, so the operating system never sees them. The data is still there but difficult to recover, since you cannot ask the drive to read them any longer.
You would need to erase the bad sector table stored in FLASH memory for that.

If you read the SMART data from the drive (emerge smartmontools) you can see how many bad sectors you have.
Some will have been there when the drive was made.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
gerard27
Advocate
Advocate


Joined: 04 Jan 2004
Posts: 2377
Location: Netherlands

PostPosted: Thu Dec 29, 2005 7:41 pm    Post subject: Reply with quote

Why not use bcwipe?
It is available in portage:/app-crypt/bcwipe.
Read the info and you will see that it is guaranteed to make even hardware
reading impossible.
Back to top
View user's profile Send private message
kamikaze04
Guru
Guru


Joined: 28 Mar 2004
Posts: 366
Location: Valencia-Spain

PostPosted: Thu Dec 29, 2005 8:30 pm    Post subject: Reply with quote

wow, i'm gonna read about bcwipe now !!! I will tell about it !
_________________
Todo lo que quisiste saber sobre google en: www.noticiasgoogle.es
Back to top
View user's profile Send private message
kamikaze04
Guru
Guru


Joined: 28 Mar 2004
Posts: 366
Location: Valencia-Spain

PostPosted: Thu Dec 29, 2005 8:39 pm    Post subject: Reply with quote

Oh yeah, i think it's time to forget my little scripts and begin using that program.

People interested, read the man, it is quite helpful

Thanks Gerard van Vuuren
_________________
Todo lo que quisiste saber sobre google en: www.noticiasgoogle.es
Back to top
View user's profile Send private message
tb7653
n00b
n00b


Joined: 26 Dec 2005
Posts: 9
Location: Germany

PostPosted: Thu Dec 29, 2005 10:23 pm    Post subject: Re: shred Reply with quote

Nice, I did not know that program.
But as I see it, it still has the same problems with journaling etc (when wiping files) and bad sectors (mapped out of reach), right?

@slycoordinator:
My point is, as Neddy Seagoon already posted: Shred has problems on journaled file systems, because it just overwrites the given file(s) a few times and depends on the os to write those changes over the previous data on the same spot (physically) on the disk. This assumption might just be wrong on files stored on journaled file systems. The script does basically the same so I expect the same problem there. When used on a device, this problem should not occur.

I recommended shred, because
  • I had things like the magnetometer in mind. So overwriting a few times with random data is safer than only once.
  • It is readily available on (almost) every linux box

But bcwipe seems even safer.
_________________
In a world without walls and fences - who needs Windows and Gates?
Back to top
View user's profile Send private message
xming
Guru
Guru


Joined: 02 Jul 2002
Posts: 441

PostPosted: Sat Dec 31, 2005 12:47 pm    Post subject: Reply with quote

Gerard van Vuuren wrote:
Why not use bcwipe?
It is available in portage:/app-crypt/bcwipe.
Read the info and you will see that it is guaranteed to make even hardware
reading impossible.


if you want to erase the whole drive there is no dfference between bcwipe and the script. After 35 times of rewriting everything is gone, I mean even your platters ;)
_________________
http://wojia.be
Back to top
View user's profile Send private message
furanku
l33t
l33t


Joined: 08 May 2003
Posts: 902
Location: Hamburg, Germany

PostPosted: Sat Dec 31, 2005 3:36 pm    Post subject: Reply with quote

How come that esp. a security tool seem to have some security issues? :roll:

Code:
/var/tmp/portage/bcwipe-1.5_p3/temp/cchV9zhX.o: In function `make_temp_dir':
wipe.c:(.text+0x2ccf): warning: the use of `mktemp' is dangerous, better use `mkstemp'


That doesn't really increase my confidence in that tool ...
Back to top
View user's profile Send private message
xbmodder
Guru
Guru


Joined: 25 Feb 2004
Posts: 404

PostPosted: Sat Dec 31, 2005 10:03 pm    Post subject: Reply with quote

you know for freespace destroyer. make it mount an ext3 partition with flags "-t ext2 -o remount,rw,noatime,nomtime"
that fixes journalling
_________________
http://xbmodder.us/
Back to top
View user's profile Send private message
remix
l33t
l33t


Joined: 28 Apr 2004
Posts: 797
Location: hawaii

PostPosted: Fri Feb 03, 2006 1:52 pm    Post subject: Reply with quote

what about DBAN? it should solve your needs right?

http://software.newsforge.com/article.pl?sid=05/09/14/178204&tid=79&tid=132

http://dban.sourceforge.net/
_________________
help the needy
Back to top
View user's profile Send private message
Eskarel
Apprentice
Apprentice


Joined: 07 May 2004
Posts: 257
Location: Perth Australia

PostPosted: Sat Mar 11, 2006 1:15 pm    Post subject: Reply with quote

The basic issue you're looking at with shred, or bcwipe, or with anything else is files versus partitions/devices.

All of these methods have problems with journalling file systems(ntfs, ext3, etc, though not fat32 or ext2). These systems log all your file writes to a journal which is then added to the disk at a later date in a more optimized file order. This accomplishes a number of things which I'm not going to go into here. For our purposes the basic problem occurs because data can be recovered from the journal as well as from the disk itself.

None of this applies if you perform these actions on the entire disk because the journal will be erased along with everything else and you're going to hit all the bits on the drive/partition.

That said, most of these programs are a waste of time. If you're hiding your files from the feds, this process is way to slow if they come knocking, and if you want real serious security it's terribly tedious.

I you really want secure you want physical destruction, about 5 minutes with a 5 pound sledge will secure your data far better than 5 hours with one of these programs, of ccourse this means you can't resell the computer or donate it to charity or whatever it is you usually do with them, or at least you can't do this with the hard drive, but if you're serious it's the only way to go. Ya can't pull data of a pile of rubble.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2968
Location: Germany

PostPosted: Sat Mar 11, 2006 2:49 pm    Post subject: Reply with quote

Using dd once or, if you're paranoid, a multiple-pass shred is completely sufficient. When used on a partition, it will screw up your data for good. About the 'specialized hardware' that can restore overwritten data: Such hardware does not exist. In the past few years, the data density of hard disks increased drastically; you won't find any device that is able to read data with more precision and higher resolution than the hard disk's very own read/write heads, which require a special environment to work - this environment resides inside your hard disk and is destroyed as soon as you open it (dust gets in etc.), making your hard disk unuseable. So the best you can do to analyze a disk's contents in more detail would be to replace the electronics of the drive. And the possibilities here are very limited - if there was a way to reliably read deleted data off a disk, this would actually mean that you can double (triple, quadruple, depending on how many times you may overwrite data without affecting readability) the capacity of any hard disk, which is just plain unrealistic. Even if it was possible to build special hardware like that, it would just not be feasible due to the sheer amount of data you'd have to read, and considering that nowadays there are much more effective ways to hide / distribute data for criminal purposes (encryption, internet etc.).

About bad sectors, the hard disk will prevent you accessing them, so yeah, you cannot overwrite them. Even if you find a way to remove the table that stores remapped sectors (by replacing the electronics for example), you'd probably end up not being able to write these sectors anyway since they would be just marked as bad again. It does not matter though; you should consider any disk that has bad sectors as defective. So re-using that disk for something important is out of the question anyway. You can just as well open it and use it as cool pocket mirror or something.
Back to top
View user's profile Send private message
Extintor
Tux's lil' helper
Tux's lil' helper


Joined: 09 Oct 2004
Posts: 113
Location: Stockholm, Sweden

PostPosted: Sat Mar 18, 2006 7:08 pm    Post subject: Data recovery Reply with quote

Eskarel wrote:

I you really want secure you want physical destruction, about 5 minutes with a 5 pound sledge will secure your data far better than 5 hours with one of these programs, of ccourse this means you can't resell the computer or donate it to charity or whatever it is you usually do with them, or at least you can't do this with the hard drive, but if you're serious it's the only way to go. Ya can't pull data of a pile of rubble.


Not quite right. I recently attended a speech on data recovery, erasing data and computer forensics held by an employee from Ibas.
He was specific to say that overwriting data is the only way it can't be recovered.
And yes, they can get data from a pile of rubble. For example from a ship that had been under the water for 6 months, a computer that had been in a fire and harddrives that had been drilled through.

xming wrote:

How is this posible? Well no HD is perfect, after you have written all zeros, there is still some residue magnetism around every bit, because the place where the platter gets wirtting is not always the exact same place, with specialized hardware http://en.wikipedia.org/wiki/Magnetometer it is possible to read the bits manually. And overwrite you data with with all 0's or all 1's just makes the manual reading easier.


The thing with residue magnetism is an urban myth from the time the harddrives were gigantic (think the seventies).
And even if you can read the information bitwise, is there no chance of getting anything but rubbish.

To kamikaze04:
Boot up with a livecd and do a shred on the entire disk.
This is completely sufficient.
Code:
gentoo # shred /dev/hda

_________________
Beerhazard | Nobelium | VIm | Perl | Ruby
Back to top
View user's profile Send private message
Eskarel
Apprentice
Apprentice


Joined: 07 May 2004
Posts: 257
Location: Perth Australia

PostPosted: Sun Mar 19, 2006 6:15 am    Post subject: Reply with quote

All of those examples are of incidental damage. A computer can catch fire without substantially damaging the drives, most hard drive internals are moderately sealed so under the right circumstances they would be in reasonable condition after such a short period of time, and while the drill will be nasty it won't provide substantial damage to the entire platter.

Hit it with a sledge a few times and see if you can get any data off of it, break your CD into tiny bits, see if you can get any data off of it. when I say I pile of rubble, I don't mean a hard drive that's seen hard times I mean a hard drive that is a pile of rubble.
Back to top
View user's profile Send private message
slick
Bodhisattva
Bodhisattva


Joined: 20 Apr 2003
Posts: 3495

PostPosted: Wed Apr 26, 2006 12:30 pm    Post subject: Reply with quote

You are an bad guy and want to sell your (cleaned) harddisk? Take a image of an unwanted CD your found in your mailbox (like advertising) and copy it (in a loop) over the whole cleaned disk until she's full. Who buy your old harddisk will have a lot of fun to analyse your "important" data ;-)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum