Securely wipe individual partition?

Discussion in 'NZ Computing' started by Miguel, Apr 3, 2007.

  1. Miguel

    Miguel Guest

    Hi all....Using Xubuntu 6.10

    sudo fdisk -l gives:

    Device Boot Start End Blocks Id System
    /dev/hda1 * 1 1275 10241406 7 HPFS/NTFS
    /dev/hda2 1276 2551 10249470 83 Linux ext2
    /dev/hda3 2552 9602 56637157+ 83 Linux reiserfs
    /dev/hda4 9603 9729 1020127+ 82 Linux swap

    Does anyone know of a way to do a reasonably secure delete on an
    individual partition (hda3). Not paranoia levels, not even DOD-3, just
    a step up from "flagged for overwriting".

    I think I'm going to use:

    dd if=/dev/zero of=/dev/hda3 bs=1k

    but want to know if anyone can suggest something a bit more secure,
    similar to DBAN but on an individual partition.

    FWIW, cos hda3 is formatted with Reiserfs I know that a full disk DOD
    wipe by DBAN is the accepted way to securely erase the individual
    partition but I can't be bothered re-making the four partitions and
    then re-installing images of hda1 and hda2. Too much like hard work
    for what is simply basic housekeeping.

    Any advice appreciated


    PS And did you know that Reiserfs uses dancing trees, which obsolete
    the balanced tree, neither did I and I've no idea
    what it means but I like the image of dancing trees inside my computer.
    Miguel, Apr 3, 2007
    1. Advertisements

  2. Miguel

    Shane Guest

    use dd if=/dev/random or if=/dev/urandom
    (Using /dev/zero means winding back the clock is a little easier :)
    I have nfi about wiping partitions *securely*, ext2 was the last fs that
    shred supported (man shred), the best is to run /dev/random (man random)
    over your fs a few times (say 20) and then run /dev/zero over that until you
    feel safe.
    Shred essentially worked as I mentioned, overwriting junk data a few times,
    but onto mounted partitions.

    Oh I better mention why /dev/random over /dev/zero
    Your original data will be easier to recover if a known pattern has been run
    over it. Using /dev/random should (in theory) put complete crap over your
    data, so anyone looking to retrieve it will not be sure which is your data
    and which isnt (mmkay)
    Your data will still be recoverable, but only to those with really big
    computers, white suits, and all the time in the world they want (ie.
    the .govt, and .mil)
    and if you find a better solution let us all know by posting it back? :)

    Oh and One fun thing you can bork is the partition table :)
    Shane, Apr 3, 2007
    1. Advertisements

  3. Miguel

    Ross Guest

    It is impossible to recover any data that has been overwitten once.

    It was suggested years ago that this was theoretically possible, but
    with electron microscopes they can recover about 20%(?) of the bits
    and it would take someone working full-time for a billion years to
    recover that much of a modern hard-drive. And how do you get the other
    80%, guesswork?
    Ross, Apr 3, 2007
  4. Miguel

    Shane Guest

    Your claims are backed up here. The recovery of overwritten data is seen as
    an urban myth.
    The requirements of military forces and intelligence agencies that disk
    drives with confidential information be destroyed rather than erased is
    sometimes offered as evidence that these agencies can read overwritten
    data. I expect the real explanation is far more prosaic. The technician
    tasked with discarding a hard drive may or may not have enough computer
    knowledge to know if running the command "urandom >/dev/sda2c1" has covered
    an entire disk with random data, or only one partition, nor is it easy to
    confirm that it was done. How would you confirm that the overwrite was not
    pseudo-random? Smashing the drive with a sledgehammer is easy to do, easy
    to confirm, and very hard to get wrong. The GPL'ed package DBAN is an
    apparent attempt to address this uncertainty without destroying hardware.

    The article is written from the POV that such data recovery hasnt been
    proved to be occurring, however it doesnt make the jump to "Data recovery
    of overwritten data is impossible"

    (I note the author suggests using urandom, however the manpage for random
    suggests urandom has a (very faint) possibility of using data with no
    Shane, Apr 3, 2007
  5. Miguel

    Miguel Guest

    <snip Ross>
    It is impossible to recover any data that has been overwitten once.

    That's what THEY want you to think (adjusts tinfoil hat to stop
    government mind rays :)

    <snip Shane>
    Oh I better mention why /dev/random over /dev/zero

    I was thinking of /dev/random but there's less typing involved with /
    dev/zero so less to go wrong :)

    However there's no urgency involved in finding a "secure deletion for
    individual partition" method. I'll keep looking around. It's just
    something I'd like in my toolkit.

    Anyway, I use dmcrypt to make hda3 secure so in effect I'm looking for
    a method of securely deleting 50GB of random data. Fairly pointless I

    Miguel, Apr 4, 2007
  6. Miguel

    jasen Guest

    Unless you have hardware random numbers /dev/urandom will be much faster than
    /dev/random because when /dev/random runs out of entropy it stalls so you
    have to wiggle the mouse or punch a few keys give it some more entropy.

    An easy way to test this is do "od /dev/random" if it stalls
    amost immediately you don't have hardware random, if it just
    keeps mscrolling you do. ( ^c to quit )

    dd from /dev/zero will return a drive to "as-new" content
    and is enough for privacy, especially over an encrypted volume

    jasen, Apr 7, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.