Fastest Secure Wipe?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • kc8adu
    Super Moderator
    • Nov 2003
    • 8832
    • U.S.A!

    #21
    Re: Fastest Secure Wipe?

    a simple zero fill will confound all but the most determined TLA and they will be spending a lot to get very little data.
    if a TLA has that sort of interest in your data you have big problems and physical destruction is the only acceptable wiping method.

    Comment

    • Curious.George
      Badcaps Legend
      • Nov 2011
      • 2305
      • Unknown

      #22
      Re: Fastest Secure Wipe?

      Originally posted by jondoe
      There pass should be DoD 5220.22-M standard.
      Times change -- the gummit is usually slow to catch up. (I suspect they still propose hiding under your desk in the event of nuclear attack)

      The domains on modern drives are so small that its unlikely even the spooks would be able to recover something you've (physically) overwritten -- even if with nonrandom, const data.

      Years ago, you could "read" magnetic media with special solutions and a good microscope. (Obviously, a machine could do this better than human.)

      Efforts are now moving into recovering data from FLASH devices that have been overwritten -- amusing when you consider the charges involved correspond to a handful of atoms!

      If you think you need to spend two extra passes wiping your disk, please don't post, here, as none of us wants to be an accessory to whatever illegal activity in which you're involved! <frown>

      https://www.nber.org/sys-admin/overw...a-guttman.html

      Comment

      • dskall
        Badcaps Legend
        • Oct 2016
        • 2905
        • usa

        #23
        Re: Fastest Secure Wipe?

        I would think 1 pass would be sufficient if it is to just sell the drive. Otherwise wipe it with cloth then use bleachbit and finish with a hammer if you are trying to hide something.
        I assume no responsibility for any stupid suggestions I might post.

        Comment

        • jondoe
          Badcaps Veteran
          • Nov 2016
          • 547
          • UK

          #24
          Re: Fastest Secure Wipe?

          I don't think you need to be doing illegal activity to want to securely wipe your data from the average joe I have a paper shredder, that doesn't make me a criminal either

          Comment

          • Curious.George
            Badcaps Legend
            • Nov 2011
            • 2305
            • Unknown

            #25
            Re: Fastest Secure Wipe?

            Originally posted by jondoe
            I don't think you need to be doing illegal activity to want to securely wipe your data from the average joe I have a paper shredder, that doesn't make me a criminal either
            If you think you need three pass DoD-standard to "clean" the drive, you're either overly paranoid or trying to hide something that you're afraid the spooks will come looking for!

            Comment

            • jondoe
              Badcaps Veteran
              • Nov 2016
              • 547
              • UK

              #26
              Re: Fastest Secure Wipe?

              Sure thing buddy

              Comment

              • Curious.George
                Badcaps Legend
                • Nov 2011
                • 2305
                • Unknown

                #27
                Re: Fastest Secure Wipe?

                Originally posted by jondoe
                Sure thing buddy
                We recycle (literally) thousands of drives annually. Never anything more than overwriting the entire surface with data -- once. This is adequate in the eyes of our many corporate donors (after all, it's their data we're ensuring is elided).

                But, hey, if you've got all that spare time on your hands to:
                • write zeroes to every sector
                • verify every sector has been written to zeroes
                • write ones to every sector
                • verify every sector has been written to ones
                • write "random" data to every sector
                • verify that random data has been written
                then, by all means, do it -- keeps you out of the bars (and from doing anything productive with your life )

                Of course, we can then argue as to how you define "random" as most machines don't have truly good, replenishable sources of entropy. And, how you capture a copy of all of that random data for use in the verification pass...

                Comment

                • Curious.George
                  Badcaps Legend
                  • Nov 2011
                  • 2305
                  • Unknown

                  #28
                  Re: Fastest Secure Wipe?

                  Originally posted by dskall
                  I would think 1 pass would be sufficient if it is to just sell the drive. Otherwise wipe it with cloth then use bleachbit and finish with a hammer if you are trying to hide something.
                  The things you have to be wary of are devices that use solid state memory. They often have more memory onboard than is made directly available to the user (think of it as "spare sectors"). And, the controller on (in) the device is continually reshuffling those sectors so the physical portion of the device that you're accessing as "sector 248" can vary over time -- even if you don't alter the contents of that sector!

                  [FLASH suffers from write and read "wear" -- electrons leaking out/in. The on-board controller's role is to make that data look like it isn't "wearing"]

                  As a result, stuff that you stored and thought you'd "erased"/overwritten may not actually have been overwritten/erased.

                  The same sort of thing is true in other places, as well. E.g., your photocopier probably stores copies of the most recently "copied" pages on an internal storage medium (disk/nonvolatile memory). Ditto for your printer.

                  And, if you think folks don't go poking around "foreign" media to see what may have been "left behind", you're truly naive!

                  (Damn near every machine I purchase at auction has a live OS still present on the disk; often tempted to contact some of those folks and spook them into wondering just what else they may have "left behind"...)

                  Comment

                  • jondoe
                    Badcaps Veteran
                    • Nov 2016
                    • 547
                    • UK

                    #29
                    Re: Fastest Secure Wipe?

                    Originally posted by Curious.George
                    We recycle (literally) thousands of drives annually. Never anything more than overwriting the entire surface with data -- once. This is adequate in the eyes of our many corporate donors (after all, it's their data we're ensuring is elided).
                    I've worked with some national recyclers, a single write pass is not considered good enough, BYMMV

                    Different strokes for different folks!

                    Comment

                    • Curious.George
                      Badcaps Legend
                      • Nov 2011
                      • 2305
                      • Unknown

                      #30
                      Re: Fastest Secure Wipe?

                      Originally posted by jondoe
                      I've worked with some national recyclers, a single write pass is not considered good enough, BYMMV

                      Different strokes for different folks!
                      Challenge them to recover ANY data from ANY of the drives. If it's "not considered good enough", then they should have no problem recovering SOMETHING -- given all of the drives they have at their disposal! You can appeal to their desire for fame and fortune -- as having that ability would make them a sought-after supplier! All the headlines they could garner...

                      Most of it is folks relying on old information that was pie-in-the-sky, at best.

                      Consider:
                      https://www.vidarholen.net/~vidar/ov...drive_data.pdf
                      whose summary indicates:
                      The fallacy that data can be forensically recovered using an
                      electron microscope or related means needs to be put to rest
                      Note that this references drives that are almost 10 years behind today's technology (which use smaller magnetic domains). Also, when reading the paper, note that the recovery process doesn't tell you when you've correctly recovered a bit (we aren't even talking about bytes!) so even if you see something that looks like recovered data, there is nothing to guarantee that it's not just a pattern appearing in RANDOM data.

                      To answer the OP's question, the "fastest secure wipe" is just to write a single pass (of damn near ANYTHING) over the entire medium as anything more than that would obviously be SLOWER!

                      Comment

                      • jondoe
                        Badcaps Veteran
                        • Nov 2016
                        • 547
                        • UK

                        #31
                        Re: Fastest Secure Wipe?

                        The largest recycle place in this country uses Blancco, which is recommend by the National Cyber Security Centre, based on Infosec Standard 5, which is similar to the American DDOD 5220.22-M. They recommend a single random overwrite *with* verification as a baseline and a 3 wipe pass as an enhanced wipe.

                        They know a lot more about wiping data than you or I, so I'll go with their suggestions. I guess the first option would be the fastest for the OP.

                        Comment

                        • Curious.George
                          Badcaps Legend
                          • Nov 2011
                          • 2305
                          • Unknown

                          #32
                          Re: Fastest Secure Wipe?

                          Originally posted by jondoe
                          The largest recycle place in this country uses Blancco, which is recommend by the National Cyber Security Centre, based on Infosec Standard 5, which is similar to the American DDOD 5220.22-M. They recommend a single random overwrite *with* verification as a baseline and a 3 wipe pass as an enhanced wipe.

                          They know a lot more about wiping data than you or I, so I'll go with their suggestions. I guess the first option would be the fastest for the OP.
                          I repeat, challenge them to recover ANY data and demonstrate the ability to repeatably do so (i.e., not just "get lucky").

                          Or, did you not understand the reference that I cited? Can you please share with us -- or, have the good folks at "the largest recycle place in the country" -- share with us their justificiation (beyond "marketing hype) for spending three times longer to process a drive than is really necessary?

                          [Even at 100MB/s write rate, it takes 16 minutes to wipe 100GB (which is a small disk by today's standards). Then, another 16 minutes to verify the written data (has to be done after the entire medium has been written, not piecemeal, along the way). So, 30 minutes per 100GB per pass. Plus the time to log the drive as being processed and physically move it from the "in" stack to the "out" stack. Then, exception handling for the drives that won't spin-up, won't write or won't verify. Wiping disks takes a LOT of time and resources!]

                          A recycler has no knowledge of how well the drive was or was not performing prior to receiving it. (Ask yourself how they handle drives that fail to verify?) The OP knows whether or not he was having problems with the drive and whether it may contain "grown defects" that represent buried data that his wipe WON'T erase. He also knows what is likely to have been stored on the medium over its life time (is he a porn-a-holic? does he do ecommerce? electronic tax filing?)

                          A recycler also receives drives from a variety of sources (individuals and corporations and government agencies) and a variety of vintages (18 months old to 10 years old, or older). The 45MB (that's MEGA not GIGA) drive I pulled from my Compaq 386 portable (30 years old) is far more susceptible to digital forensics than the 4G drives I bought last year. (you don't expect a recycler to have in place two different processing options and intimate knowledge of every device that he may be called on to process).

                          I speak from 15+ years working in recycling and listening to the requirements donors place on us for their systems to be recycled. Some folks won't even have considered the fact that their is still "live data" residing on their equipment. Some won't be aware that their equipment (e.g., copiers, printers) actually CAN contain residual data. Some will have wiped the drives themselves (whatever they think is adequate). Some will pull the drives and dispose of them elsewhere (drop it overboard on a Caribbean cruise). Some drill holes through the platter stack. Some cut the platter stack with a radial arm saw. Some shoot the drives with a .38 or .45.

                          Note that we make no guarantees for drives that the donor has rendered inoperable by such actions. They are processed AS-IS as scrap metal. Drives that we discover to be inoperable are disassembled and the platters shattered.

                          I trust our process for my personal data -- and that's a pretty strong endorsement (do I know, for sure, that some other recycler isn't just giving lip service to their stated process?)

                          Comment

                          • jondoe
                            Badcaps Veteran
                            • Nov 2016
                            • 547
                            • UK

                            #33
                            Re: Fastest Secure Wipe?

                            I saw your references, that doesn't change my mind on the matter. I speak from 20+ years experience, but I dunno, your button might be bigger than mine, right?

                            I've worked with the largest recycle outfit in the country and plenty of organizations with sensitive data in my time. The recyclers uses multi bay volume eraser hardware for wiping, and FYI, if the drive fails wipe verification it's shredded, into lots of tiny bits and melted down for scrap.

                            If the National Cyber Security Centre, a Government body, suggest to the common man in the street that a 3 wipe pass is your very best bet, I suspect they are in a better position than you or I understand the matter and give advice on it.

                            Comment

                            • Curious.George
                              Badcaps Legend
                              • Nov 2011
                              • 2305
                              • Unknown

                              #34
                              Re: Fastest Secure Wipe?

                              Originally posted by jondoe
                              I saw your references, that doesn't change my mind on the matter. I speak from 20+ years experience, but I dunno, your button might be bigger than mine, right?
                              Of course it is!

                              I've worked with the largest recycle outfit in the country and plenty of organizations with sensitive data in my time. The recyclers uses multi bay volume eraser hardware for wiping, and FYI, if the drive fails wipe verification it's shredded, into lots of tiny bits and melted down for scrap.
                              Do you understand how marketing works? It is uniquely different from SCIENCE. Science deals with the real and the possible. Marketing deals with perceptions. Why else would MS spend so much effort on FUD to discredit the FOSS world? Esp when THEIR products clearly suffer from the problems they insinuate plague the FOSS products!

                              Ans: marketing. perceptions.

                              "No one ever got fired for buying IBM" -- and, if its not YOUR (personal) money thats being spent, why not go top shelf? Esp if that reduces the risk to you, personally, for having made a bad (though economical) decision?

                              If you tell the contractor who's building your home that you want screws used instead of nails -- and won't accept bids from folks that don't use screws -- he'll gladly bill you for the extra cost of the hardware AND the labor to install it. despite the fact that it won't make a significant difference to the quality of your house!

                              Tell me I have to run 17 passes (Gutmann's original paper) over the data and I'll bill you for those 17 passes. And, being ethical, I'll actually do them -- and laugh at how foolish you are with your monies and time!

                              Meanwhile, I'll quote your competitors a rate that is considerably cheaper for a single pass wipe and you'll wonder why their operating expenses are so much lower than yours!

                              If the National Cyber Security Centre, a Government body, suggest to the common man in the street that a 3 wipe pass is your very best bet, I suspect they are in a better position than you or I understand the matter and give advice on it.
                              And, we all know the government's documented procedures are current with technology, right? I toured NORAD in the 80's. They were having new computers installed -- that had been ordered a decade earlier. But, admittedly, that's for nothing as important (national defense) as data wiping. No need to be "current", there!

                              You do note that the government doesn't even use the standards that THEY created regarding encryption, etc.? Clearly, someone realizes that the paperwork and standards process is way behind reality... Maybe they'll get around to updating the standards to reflect current technology? And, then updating them, again, as the technology would have progressed in the time it takes the committees to approve the previous updates?

                              "Standards are great. EVERYBODY should have one!"

                              But, hey, I'm sure they decided that they should update the disk wiping policy before any of these other written procedures!

                              Comment

                              • sparker1
                                Badcaps Veteran
                                • Sep 2011
                                • 343
                                • Australia

                                #35
                                Re: Fastest Secure Wipe?

                                Originally posted by stj
                                there is a hardware based secure wipe, you can activate it with the manufacturer tools.
                                it really depends what you want to hide - are they from the clintons? hillary wiped them with a cloth
                                Clintons recommend and always use bleachbit.

                                Comment

                                • petehall347
                                  Badcaps Legend
                                  • Jan 2015
                                  • 4423
                                  • United Kingdom

                                  #36
                                  Re: Fastest Secure Wipe?


                                  one or more should do it
                                  Attached Files

                                  Comment

                                  • goontron
                                    5000!
                                    • Dec 2011
                                    • 4108
                                    • US

                                    #37
                                    Re: Fastest Secure Wipe?

                                    Originally posted by petehall347
                                    [IMG]
                                    one or more should do it
                                    I was thinking more along the lines of one of these myself, but i know the UK doesn't use natural gas much anymore, so you may be SOL on this account.
                                    Last edited by goontron; 01-04-2018, 06:46 PM.
                                    Things I've fixed: anything from semis to crappy Chinese $2 radios, and now an IoT Dildo....

                                    "Dude, this is Wyoming, i hopped on and sent 'er. No fucking around." -- Me

                                    Excuse me while i do something dangerous


                                    You must have a sad, sad boring life if you hate on people harmlessly enjoying life with an animal costume.

                                    Sometimes you need to break shit to fix it.... Thats why my lawnmower doesn't have a deadman switch or engine brake anymore

                                    Follow the white rabbit.

                                    Comment

                                    • petehall347
                                      Badcaps Legend
                                      • Jan 2015
                                      • 4423
                                      • United Kingdom

                                      #38
                                      Re: Fastest Secure Wipe?

                                      Originally posted by goontron
                                      I was thinking more along the lines of one of these myself, but i know the UK doesn't use natural gas much anymore, so you may be SOL on this account.
                                      plenty of lpg stocks .

                                      Comment

                                      • Curious.George
                                        Badcaps Legend
                                        • Nov 2011
                                        • 2305
                                        • Unknown

                                        #39
                                        Re: Fastest Secure Wipe?

                                        Originally posted by petehall347

                                        one or more should do it
                                        Thermite would be much more interesting!

                                        The problem with destructive techniques is that they tend to render the dives "valueless" for resale...

                                        Comment

                                        • jondoe
                                          Badcaps Veteran
                                          • Nov 2016
                                          • 547
                                          • UK

                                          #40
                                          Re: Fastest Secure Wipe?

                                          Of course it is!
                                          I'll show you mine if you show me yours, but no touching, K?

                                          Do you understand how marketing works? It is uniquely different from SCIENCE. Science deals with the real and the possible. Marketing deals with perceptions. Why else would MS spend so much effort on FUD to discredit the FOSS world? Esp when THEIR products clearly suffer from the problems they insinuate plague the FOSS products!

                                          Ans: marketing. perceptions.
                                          I do understand science and marketing, thanks for asking. The Gov doesn't need to appeal to FUD and marketing with it's recommendations, although I appreciate the manufactures do. Regardless, I'm still going with the gov's recommendations, they know more about it than you, despite your ability to read and use google, they are likely in an authoritative position on the matter, you are not.

                                          And, we all know the government's documented procedures are current with technology, right? I toured NORAD in the 80's. They were having new computers installed -- that had been ordered a decade earlier. But, admittedly, that's for nothing as important (national defense) as data wiping. No need to be "current", there!

                                          You do note that the government doesn't even use the standards that THEY created regarding encryption, etc.? Clearly, someone realizes that the paperwork and standards process is way behind reality... Maybe they'll get around to updating the standards to reflect current technology? And, then updating them, again, as the technology would have progressed in the time it takes the committees to approve the previous updates?

                                          "Standards are great. EVERYBODY should have one!"

                                          But, hey, I'm sure they decided that they should update the disk wiping policy before any of these other written procedures!
                                          IIRC, the guidance was updated about 2 years ago, which is fairly recent in the grand scheme of things. The security services of the UK refresh equipment very frequently (weeks and months, not years), so I don't think your cute NORAD anecdote is relevant in this instance.

                                          I used the quote function there, I hope you liked it.

                                          Comment

                                          Related Topics

                                          Collapse

                                          • ktcar214
                                            Need help for HP ProBook 445R G6 Secure boot key removal from BIOS dump
                                            by ktcar214
                                            Hello.
                                            I tried to add a custom secure boot key (for secure booting Linux) to my bios, but after this, my laptop bricked. After adding secure boot key (via PowerShell) and enabling secure boot my laptop turns on, shows HP logo, and after 5 seconds it turns off and on, and it repeats forever.

                                            My goal is to either turn off secure boot or remove my custom key from BIOS dump.

                                            I'll attach my bios dump (version R79_011700) from my bios chip 25b127dsig, my keys (PK/KEK/db), and bios dump from another HP ProBook 445R G6(I found it on this forum. URL: https://www.ba...
                                            12-07-2021, 08:57 AM
                                          • badcaps411
                                            Lenovo T15 gen 1 secure boot
                                            by badcaps411
                                            Hello,

                                            I have a Lenovo T15 gen 1 where I can't get the secure boot disabled. I think it is related to the security chip. The BIOS is completely free, no password or anything. The only problem is that the option to disable secure boot is grayed out. Trying to boot it, GRUB 2.02 starts and expects a certain Software. If you want to change something you need to enter a username and password. While experimenting, I was able to load the firmware from the hard drive. There I found signed files, in one also the hashed password (cracking probably not possible in lifetime). It was probably...
                                            12-08-2022, 01:00 PM
                                          • howardc64
                                            A1312 (27” iMac 2009-2011) A1407 (Thunderbolt Display) A1316 (Cinema Display) Display Black Screen Repair
                                            by howardc64
                                            Problem

                                            This is an LG edge LED lit LCD Display. The LEDs are on the bottom edge of the display. There are 2 bars (left and right) Each bar has many LEDs and a 6 pin connector. Each pin drive several LEDs thus is the highest current flow / heat junction. The weak lead free solder gradually fails with thermal expansion/contraction cycling and increases resistance. PSU will compensate up to a point, then when the current is too high, PSU just shut down the backlight causing a dark display. I have even seen one which the connector just fell off as solder points became completely detached....
                                            08-04-2024, 10:36 PM
                                          • gsegpitd
                                            Asrock rx570 - sam001.009 - secure memory validation failure
                                            by gsegpitd
                                            I'm trying to diagnose my Asrock Phantom gaming D Radeon RX570 8G which produces an error 43 upon loading Windows drivers.

                                            "./tserver -boardtest=quickmfg" fails with message "sam001.009", which implies this is a "secure memory validation" failure.

                                            I can't seem to find any useful information regarding this failure, or this "secure memory" in general, on my own and am now under the assumption the gpu bga itself will need replacement (which is somewhat beyond my capabilities/comfort zone).

                                            Does anyone have any further...
                                            07-05-2022, 08:05 AM
                                          • Xristakis795
                                            question about secure an oled tv without the display
                                            by Xristakis795
                                            hi to all
                                            can you suggest something to lie with secure an oled tv without the display dangerous to scratch ?
                                            can i lie it in just in a wooden table without to use flat pads ?
                                            05-13-2023, 12:12 PM
                                          • Loading...
                                          • No more items.
                                          Working...