Writing "ones" instead of "zeroes" when wiping disk

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

Writing "ones" instead of "zeroes" when wiping disk

Andreas Thulin-2
Hi!

Again, an ignorant question (as usual):

How might I do something similar to

# dd if=/dev/one of=/dev/sd0 bs=1M

as a complement to the usual and well-described

# dd if=/dev/zero of=/dev/sd0 bs=1M

followed by

# dd if=/dev/urandom of=/dev/sd0 bs=1M

in order to achieve paranoid disk-wiping?

BR
Andreas
Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

STeve Andre'
Don't bother.   Wiping the disk twice is enough.   If you are storing state
secrets melt the disk.

Back in the days of sub 1G disks it might have been possible to get inter
track gap data that was usable. Maybe.  But not multi T disks.

Sectors mapped out are a problem though, and multiple writes aren't going
to touch those.  If you encrypt the disk I question how much value a few
encrypted sectors would be to anyone.

Worry far more over lost usb sticks or portable usb disks.  That's a far
bigger problem.

STeve Andre'


Sent with AquaMail for Android
http://www.aqua-mail.com


On January 11, 2018 9:46:25 AM Andreas Thulin <[hidden email]> wrote:

> Hi!
>
> Again, an ignorant question (as usual):
>
> How might I do something similar to
>
> # dd if=/dev/one of=/dev/sd0 bs=1M
>
> as a complement to the usual and well-described
>
> # dd if=/dev/zero of=/dev/sd0 bs=1M
>
> followed by
>
> # dd if=/dev/urandom of=/dev/sd0 bs=1M
>
> in order to achieve paranoid disk-wiping?
>
> BR
> Andreas


Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

Ingo Schwarze
In reply to this post by Andreas Thulin-2
Hi Andreas,

Andreas Thulin wrote on Thu, Jan 11, 2018 at 02:45:21PM +0000:

> Again, an ignorant question (as usual):
> How might I do something similar to
> # dd if=/dev/one of=/dev/sd0 bs=1M

  jot -cs '' 512 255 255

writes 512 bytes with all bits set.  Feel free to use larger numbers
than 512.  For large numbers, this is certainly slower than dd
because it uses an explicit loop with some conditionals and one
printf(3) for each byte.

  perl -e 'print "\xff"x512'

may be faster.  If i needed maximum speed, i'd probably write a two-line
C program.

  while true; do echo -n "\0377"; done

works for the purist, but will hardly be fast.

Btw., you are asking for "Hello World!", kind of.
It may be hard to find a program that can't solve your task...  ;)

> as a complement to the usual and well-described
> # dd if=/dev/zero of=/dev/sd0 bs=1M
> followed by
> # dd if=/dev/urandom of=/dev/sd0 bs=1M
> in order to achieve paranoid disk-wiping?

I have no idea whether or not such paranoia makes sense.
Maybe, maybe not.

Yours,
  Ingo

Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

Base Pr1me
You can adapt my linux bash script for such pointlessly "paranoid"
purposes. I use it to prove to HIPAA auditors just how paranoid I can be,
and it's above NIST requirements in the US.

https://github.com/spoollord/shredder

Would require you to pkg_add pv base64. Or, just adapt the script without
those.

On Thu, Jan 11, 2018 at 8:26 AM, Ingo Schwarze <[hidden email]> wrote:

> Hi Andreas,
>
> Andreas Thulin wrote on Thu, Jan 11, 2018 at 02:45:21PM +0000:
>
> > Again, an ignorant question (as usual):
> > How might I do something similar to
> > # dd if=/dev/one of=/dev/sd0 bs=1M
>
>   jot -cs '' 512 255 255
>
> writes 512 bytes with all bits set.  Feel free to use larger numbers
> than 512.  For large numbers, this is certainly slower than dd
> because it uses an explicit loop with some conditionals and one
> printf(3) for each byte.
>
>   perl -e 'print "\xff"x512'
>
> may be faster.  If i needed maximum speed, i'd probably write a two-line
> C program.
>
>   while true; do echo -n "\0377"; done
>
> works for the purist, but will hardly be fast.
>
> Btw., you are asking for "Hello World!", kind of.
> It may be hard to find a program that can't solve your task...  ;)
>
> > as a complement to the usual and well-described
> > # dd if=/dev/zero of=/dev/sd0 bs=1M
> > followed by
> > # dd if=/dev/urandom of=/dev/sd0 bs=1M
> > in order to achieve paranoid disk-wiping?
>
> I have no idea whether or not such paranoia makes sense.
> Maybe, maybe not.
>
> Yours,
>   Ingo
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

L. V. Lammert
In reply to this post by STeve Andre'
On Thu, 11 Jan 2018, STeve Andre' wrote:

> Don't bother.   Wiping the disk twice is enough.   If you are storing state
> secrets melt the disk.
>
An anvil big hammer also works well and gives some exercise in the
process.

        Lee

Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

Raul Miller
On Thu, Jan 11, 2018 at 12:16 PM, L. V. Lammert <[hidden email]> wrote:
> On Thu, 11 Jan 2018, STeve Andre' wrote:
>
>> Don't bother.   Wiping the disk twice is enough.   If you are storing state
>> secrets melt the disk.
>>
> An anvil big hammer also works well and gives some exercise in the
> process.

Might be more secure to sell it to Hollywood, as a movie script.
They'll change it beyond recognition.

--
Raul

Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

x9p-2
In reply to this post by L. V. Lammert

On Thu, January 11, 2018 3:16 pm, L. V. Lammert wrote:

> On Thu, 11 Jan 2018, STeve Andre' wrote:
>
>> Don't bother.   Wiping the disk twice is enough.   If you are storing state
>> secrets melt the disk.
>>
> An anvil big hammer also works well and gives some exercise in the
> process.
>
> Lee
>
>

+1 to big hammer. boys are changing disk firmware nowadays... go figure...

cheers.

--
x9p | PGP : 0x03B50AF5EA4C8D80 / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

"I don't know where I'm going from here, but I promise it won't be boring." - David Bowie


Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

Andrew-2
In reply to this post by Andreas Thulin-2
On 01/11/18 14:45, Andreas Thulin wrote:

>Hi!
>
>Again, an ignorant question (as usual):
>
>How might I do something similar to
>
># dd if=/dev/one of=/dev/sd0 bs=1M
>
>as a complement to the usual and well-described
>
># dd if=/dev/zero of=/dev/sd0 bs=1M
>
>followed by

Personally, given your premise of "paran0id disk-wiping", then I would
take the next step of checking if a non-random sequence of "0"s are
still on the device. Are you ready for that rabbit h0le ?? hehehe ;-)

># dd if=/dev/urandom of=/dev/sd0 bs=1M
>
>in order to achieve paranoid disk-wiping?
>
>BR
>Andreas

Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

Jan Stary
In reply to this post by Andreas Thulin-2
On Jan 11 14:45:21, [hidden email] wrote:

> Hi!
>
> Again, an ignorant question (as usual):
>
> How might I do something similar to
>
> # dd if=/dev/one of=/dev/sd0 bs=1M
>
> as a complement to the usual and well-described
>
> # dd if=/dev/zero of=/dev/sd0 bs=1M
>
> followed by
>
> # dd if=/dev/urandom of=/dev/sd0 bs=1M
>
> in order to achieve paranoid disk-wiping?

Ones are not nearly as secure as zeros.

Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

worik
On 12/01/18 11:09, Jan Stary wrote:

> On Jan 11 14:45:21, [hidden email] wrote:
>> Hi!
>>
>> Again, an ignorant question (as usual):
>>
>> How might I do something similar to
>>
>> # dd if=/dev/one of=/dev/sd0 bs=1M
>>
>> as a complement to the usual and well-described
>>
>> # dd if=/dev/zero of=/dev/sd0 bs=1M
>>
>> followed by
>>
>> # dd if=/dev/urandom of=/dev/sd0 bs=1M
>>
>> in order to achieve paranoid disk-wiping?
> Ones are not nearly as secure as zeros.
>
Why not?  Is it not arbitrary?

Worik

--
      If not me then who?  If not now then when?  If not here then where?
                So, here I stand, I can do no other
      [hidden email] 021-1680650, (03) 4821804 Aotearoa (New Zealand)

Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

trondd-2
On Thu, January 11, 2018 5:12 pm, worik wrote:
> On 12/01/18 11:09, Jan Stary wrote:
>> On Jan 11 14:45:21, [hidden email] wrote:
>>> in order to achieve paranoid disk-wiping?
>> Ones are not nearly as secure as zeros.
>>
> Why not? Is it not arbitrary?
>

A 1 is too narrow to fully cover the original data.


Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

Nick Holland
In reply to this post by Andreas Thulin-2
On 01/11/18 09:45, Andreas Thulin wrote:

> Hi!
>
> Again, an ignorant question (as usual):
>
> How might I do something similar to
>
> # dd if=/dev/one of=/dev/sd0 bs=1M
>
> as a complement to the usual and well-described
>
> # dd if=/dev/zero of=/dev/sd0 bs=1M
>
> followed by
>
> # dd if=/dev/urandom of=/dev/sd0 bs=1M
>
> in order to achieve paranoid disk-wiping?

Another answer to your question might be to change those zeros to ones.
One way to do that:

# tr "\0" "\377" </dev/zero |dd of=ones.file bs=1k count=1
1+0 records in
1+0 records out
1024 bytes transferred in 0.000 secs (14017796 bytes/sec)

# hexdump ones.file                                        <
0000000    ffff    ffff    ffff    ffff    ffff    ffff    ffff    ffff
*
0000400

Worked!

Replace bs=1k with bs=1m, remove count=1 and of=/dev/rsdXc, and your
disks will be ... one with everything.  Try this and Ingo's process, I'd
think mine would be faster, but I'd never bet against Ingo. :)

As others have said, one zero pass is sufficient...or at least, will get
everything that 500 random passes will get (will miss locked out
sectors).  But yes, auditors and such...you don't have to agree with
them, just do what they say, and if I can take home big drives, I'll
happily do ten passes. :D

Personally, I do the zero pass LAST.  It's much easier to tell if a disk
is zeroed than it is to see if it has random data.  That way, if I get
confused and lose track of what disks I've cleared and which ones I
haven't, I can pop one in, take a look with fdisk, and if I see the
Signature and all partition types zero, I know I hit this one.

Our company policy is three passes, at least one zeros, at least one
pass of randoms.  When clearing PC stuff, I do two randoms, one zero.
When doing AIX, I use the IBM "erase disk" function, which does three
"patterns" and then a "random" pass.  I have reason to believe the
"random" pass is not very random, but I'm sure good enough after the
first three.

btw: OpenBSD has probably the fastest random number generator around,
You don't want to do a dd of /dev/random over a disk bigger than about
20MB (yes, MB) with AIX.  OpenBSD will fill your disk with crypto grade
random numbers pretty quickly.  It's worth putting OpenBSD on a USB
drive to clear disks (hint: disable the kernel and library relinks -- it
can add a lot of time on a slow flash drive).

btw: the "big hammer" isn't so great.  While it will render the drive
unusable as a drive, it doesn't do much to scramble the data on the
platters.  Remember, you don't have to reconstruct the entire database,
you just have to get some complete records to have PII problems.  At
least, that's my story, because the hammered drives aren't worth
anything to me. :)

Nick.

Nick.

Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

Todd C. Miller-2
In reply to this post by trondd-2
On Thu, 11 Jan 2018 22:09:32 -0500, "trondd" wrote:

> A 1 is too narrow to fully cover the original data.

You need to use an 8 to wipe out all seven segments.

 - todd

Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

Raimo Niskanen-7
In reply to this post by L. V. Lammert
On Thu, Jan 11, 2018 at 11:16:28AM -0600, L. V. Lammert wrote:
> On Thu, 11 Jan 2018, STeve Andre' wrote:
>
> > Don't bother.   Wiping the disk twice is enough.   If you are storing state
> > secrets melt the disk.
> >
> An anvil big hammer also works well and gives some exercise in the
> process.

Or a screwdriver and a pair of pliers if you want less excersise.


>
> Lee

--

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

Andreas Thulin-2
In reply to this post by Todd C. Miller-2
Thanks to all of you for either useful tips or good-to-read rants. :-) I’ll
try out tips from Nick & Todd, let’s see where that takes me.

BR, Andreas
fre 12 jan. 2018 kl. 05:22 skrev Todd C. Miller <[hidden email]>:

> On Thu, 11 Jan 2018 22:09:32 -0500, "trondd" wrote:
>
> > A 1 is too narrow to fully cover the original data.
>
> You need to use an 8 to wipe out all seven segments.
>
>  - todd
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

Etienne
In reply to this post by Andreas Thulin-2
On 11/01/18 14:45, Andreas Thulin wrote:
> in order to achieve paranoid disk-wiping?

I don't have a solution to offer for existing disks, but that made me
just think that it would be probably easy to create two partitions on a
disk, one that will be a keydisk
(https://www.openbsd.org/faq/faq14.html#softraidFDEkeydisk) and one that
would be the real partition holding the data, and the day you need to
wipe the disk, the only thing you need to wipe (a few times if you're
paranoid) is the keydisk partition, and the data will be unrecoverable.

Does that sound sensible, or am I missing something?

--
Étienne

Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

Philippe Meunier
In reply to this post by Nick Holland
Nick Holland wrote:
>Another answer to your question might be to change those zeros to ones.
>One way to do that:
>
># tr "\0" "\377" </dev/zero |dd of=ones.file bs=1k count=1

Who needs /dev/one (or /dev/zero or /dev/whatever) when you have /dev/random?

$ tr -cd "\377" < /dev/random

So I suggest that /dev/zero be removed, it's obviously redundant.  Getting
rid of all those zeroes will also save a lot of space on the installation
floppy.

Philippe


Reply | Threaded
Open this post in threaded view
|

Re: Writing "ones" instead of "zeroes" when wiping disk

Jordan Geoghegan
In reply to this post by Etienne
If you want to be super paranoid about things, use properly implemented
full disk encryption from the get go. Once you are ready to wipe the
disk, use what is standard for most Government/Business use: overwrite
with random data 7 times. If you want to be super aggressive about
things (yet for some reason refuse to just destroy the disk) you can do
14 runs alternating between random data and zeros.

In my opinion, this is overkill and just silly, if you're really that
concerned about the contents of your drive being discovered, full disk
encryption would make that concern largely irrelevant. After 7 disk
wipes with dd, no ones getting your data back off that drive, not for
all the tea in China.


On 01/12/18 02:27, Etienne wrote:

> On 11/01/18 14:45, Andreas Thulin wrote:
>> in order to achieve paranoid disk-wiping?
>
> I don't have a solution to offer for existing disks, but that made me
> just think that it would be probably easy to create two partitions on
> a disk, one that will be a keydisk
> (https://www.openbsd.org/faq/faq14.html#softraidFDEkeydisk) and one
> that would be the real partition holding the data, and the day you
> need to wipe the disk, the only thing you need to wipe (a few times if
> you're paranoid) is the keydisk partition, and the data will be
> unrecoverable.
>
> Does that sound sensible, or am I missing something?
>