Ubuntu/shred?



  • Hey folks,

    I'm donating a few older servers to charity and want to wipe the arrays. I usually go to DBAN for this (as the drives are donated too), but it is failing to run on all these servers - so gave up and using Ubuntu boot disk instead which is running perfectly...

    So, one of the servers has 6TB of 7.2k SAS drives. I'd usually run this where I cant get DBAN to work:

    sudo shred -n 1 -v -z /dev/sda

    That will fill the whole drive with random data fully, (one pass), and then fill with zeros (second pass). I think that's correct anyway.

    The data its self isn't really that important or a worry to the company if found. But we should make a decent attempt in wiping it. So I just want to do a reasonable wipe to make a 'quick effort' rather than 'best effort'... and we don't want to wait days and days for the process to finish. Being a 6TB array (in raid 0), it would take a long time... So, how secure is running this instead?

    sudo shred -n 0 -v -z /dev/sda

    That would do no first random pass, and will just fill the drive with zeros right?
    Is that pretty much cleaned? Or would getting the data bac be trivial?

    I imagine zeros, rather than random and then zeros, would be much faster - and still pretty secure wipe - but want to check as no experience on the recovery side of what is possible...

    So, use -n 1, or -n 0 would be fine?

    Best,
    Jim



  • Why not follow up with gparted and do a complete format of the system afterwards?



  • Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...

    I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...



  • If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.



  • @marcinozga said in Ubuntu/shred?:

    If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.

    Wouldn't this leave quite a risk of the data being on a drive still?
    I have mixed the drives. Destroyed the arrays, and set as Raid0. Then, running shred on those new Raid 0 arrays...



  • @gjacobse said in Ubuntu/shred?:

    Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...

    I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...

    We're donating with the drives, so will be wiping them to a reasonable standard.
    Just trying to find out id one pass of 0's is actually a reasonable standard....



  • @dustinb3403 said in Ubuntu/shred?:

    Why not follow up with gparted and do a complete format of the system afterwards?

    How long would that format take? I presume it does the same as zeroing the drive anyway?



  • @jimmy9008 said in Ubuntu/shred?:

    @dustinb3403 said in Ubuntu/shred?:

    Why not follow up with gparted and do a complete format of the system afterwards?

    How long would that format take? I presume it does the same as zeroing the drive anyway?

    Formatting will depend on the drive size,.. larger the drive, the longer it will take.



  • @jimmy9008 said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...

    I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...

    We're donating with the drives, so will be wiping them to a reasonable standard.
    Just trying to find out id one pass of 0's is actually a reasonable standard....

    I would go multi pass with random data... single pass to me just isn't enough



  • @gjacobse said in Ubuntu/shred?:

    @jimmy9008 said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...

    I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...

    We're donating with the drives, so will be wiping them to a reasonable standard.
    Just trying to find out id one pass of 0's is actually a reasonable standard....

    I would go multi pass with random data... single pass to me just isn't enough

    That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...



  • @jimmy9008 said in Ubuntu/shred?:

    @marcinozga said in Ubuntu/shred?:

    If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.

    Wouldn't this leave quite a risk of the data being on a drive still?
    I have mixed the drives. Destroyed the arrays, and set as Raid0. Then, running shred on those new Raid 0 arrays...

    Risk? Unlikely. If you mix few drives from each array in few servers, there's no way to recover it unless you get the original set of drives together. The more drives and servers, the lower the chances of re-assembling the array. You're not donating these to NSA, are you?



  • If you setup raid 0 after swapping the drives, and intentionally failed the arrays by pulling drives you're going to destroy the data further.

    You can absolutely do a few passes of random data, or just write 0's to each array.

    Seems like overkill to me though if you've already swapped the drives around, destroyed the existing arrays, and rebuilt them to raid 0.



  • @jimmy9008 said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    @jimmy9008 said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...

    I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...

    We're donating with the drives, so will be wiping them to a reasonable standard.
    Just trying to find out id one pass of 0's is actually a reasonable standard....

    I would go multi pass with random data... single pass to me just isn't enough

    That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...

    I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.

    When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..



  • @gjacobse said in Ubuntu/shred?:

    @jimmy9008 said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    @jimmy9008 said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...

    I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...

    We're donating with the drives, so will be wiping them to a reasonable standard.
    Just trying to find out id one pass of 0's is actually a reasonable standard....

    I would go multi pass with random data... single pass to me just isn't enough

    That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...

    I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.

    When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..

    Single format doesn't destroy the data, you need to actually overwrite it.



  • @marcinozga said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    @jimmy9008 said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    @jimmy9008 said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...

    I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...

    We're donating with the drives, so will be wiping them to a reasonable standard.
    Just trying to find out id one pass of 0's is actually a reasonable standard....

    I would go multi pass with random data... single pass to me just isn't enough

    That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...

    I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.

    When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..

    Single format doesn't destroy the data, you need to actually overwrite it.

    Yes, that's what I believe I'm doing by the entre write of 0's on the entire array...
    Sound pretty safe. So I will stick with it.



  • @marcinozga said in Ubuntu/shred?:

    @jimmy9008 said in Ubuntu/shred?:

    @marcinozga said in Ubuntu/shred?:

    If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.

    Wouldn't this leave quite a risk of the data being on a drive still?
    I have mixed the drives. Destroyed the arrays, and set as Raid0. Then, running shred on those new Raid 0 arrays...

    Risk? Unlikely. If you mix few drives from each array in few servers, there's no way to recover it unless you get the original set of drives together. The more drives and servers, the lower the chances of re-assembling the array. You're not donating these to NSA, are you?

    No, lol. Two servers are going to a School to be their production environment. Another server is going to a different School to be a lab machine so students can try virtualisation.



  • @jimmy9008 said in Ubuntu/shred?:

    @marcinozga said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    @jimmy9008 said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    @jimmy9008 said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...

    I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...

    We're donating with the drives, so will be wiping them to a reasonable standard.
    Just trying to find out id one pass of 0's is actually a reasonable standard....

    I would go multi pass with random data... single pass to me just isn't enough

    That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...

    I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.

    When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..

    Single format doesn't destroy the data, you need to actually overwrite it.

    Yes, that's what I believe I'm doing by the entre write of 0's on the entire array...
    Sound pretty safe. So I will stick with it.

    RAID array is different than single disk or SD card.



  • @marcinozga said in Ubuntu/shred?:

    @jimmy9008 said in Ubuntu/shred?:

    @marcinozga said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    @jimmy9008 said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    @jimmy9008 said in Ubuntu/shred?:

    @gjacobse said in Ubuntu/shred?:

    Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...

    I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...

    We're donating with the drives, so will be wiping them to a reasonable standard.
    Just trying to find out id one pass of 0's is actually a reasonable standard....

    I would go multi pass with random data... single pass to me just isn't enough

    That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...

    I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.

    When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..

    Single format doesn't destroy the data, you need to actually overwrite it.

    Yes, that's what I believe I'm doing by the entre write of 0's on the entire array...
    Sound pretty safe. So I will stick with it.

    RAID array is different than single disk or SD card.

    From the process of what has already been done, gparted formatting the array, destroying the array and now writing 0'd to the array should be sufficient.

    You aren't expecting the DoD to come knocking on your door, nor do you expect (forsee) a forensic researcher to be tearing apart the system to recover the data from these systems.



  • @jimmy9008 said in Ubuntu/shred?:

    @marcinozga said in Ubuntu/shred?:

    @jimmy9008 said in Ubuntu/shred?:

    @marcinozga said in Ubuntu/shred?:

    If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.

    Wouldn't this leave quite a risk of the data being on a drive still?
    I have mixed the drives. Destroyed the arrays, and set as Raid0. Then, running shred on those new Raid 0 arrays...

    Risk? Unlikely. If you mix few drives from each array in few servers, there's no way to recover it unless you get the original set of drives together. The more drives and servers, the lower the chances of re-assembling the array. You're not donating these to NSA, are you?

    No, lol. Two servers are going to a School to be their production environment. Another server is going to a different School to be a lab machine so students can try virtualisation.

    Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.

    Let me illustrate what will happen when you mix disks. In a set of 6 disks in 3 servers you have some data, but that data is completely unknown to bad actor. So:

    ABCDEF - in server 1, abcdef in server 2, and 123456 in server 3. After mixing you end up with Ae2DE4 in server 1, a3BF16 in server 2 and bcCd5f in server 3. After writing some random data you'll have Ae2DEx, a3BF1y, and bcCd5z. Now go ahead and try to recover original data, not knowing what it was in first place. And do it on school's time and budget.



  • @marcinozga said in Ubuntu/shred?:

    Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.

    But kids in a lab do.



  • @dashrender said in Ubuntu/shred?:

    @marcinozga said in Ubuntu/shred?:

    Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.

    But kids in a lab do.

    And since when kids in labs are allowed to sit there for hours swapping disks between servers?



  • @dashrender and if they are like the kids in my labs then they will be absolutely malicious just for the fun of it



  • @marcinozga said in Ubuntu/shred?:

    ABCDEF - in server 1, abcdef in server 2, and 123456 in server 3. After mixing you end up with Ae2DE4 in server 1, a3BF16 in server 2 and bcCd5f in server 3. After writing some random data you'll have Ae2DEx, a3BF1y, and bcCd5z. Now go ahead and try to recover original data, not knowing what it was in first place. And do it on school's time and budget.

    Is is of course true, but doesn't paint the picture accurately. Each of your above listed slots of data, represented by A and a and 1, etc are blocks of data, possibly more than 4KB worth A tone of valuable data could be stored in 4KB.



  • Eurgh... even the 0's on the array are taking ages. Been running it since lunch, 40 GiB/3.7TiB finished, 1%



  • @jmoore said in Ubuntu/shred?:

    @dashrender and if they are like the kids in my labs then they will be absolutely malicious just for the fun of it

    ^^This. Let the kids play with it, they'll do the job for you.



  • @marcinozga said in Ubuntu/shred?:

    @dashrender said in Ubuntu/shred?:

    @marcinozga said in Ubuntu/shred?:

    Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.

    But kids in a lab do.

    And since when kids in labs are allowed to sit there for hours swapping disks between servers?

    That's not the point, or even required. They could pull images off the drives, then mess with the data like putting paper shreddings back together if they wanted to.

    My point is that when there is a will, there is a way. And you hear stories all the time about how some kid some some completely unexpected thing in school - so I would expect no less to be possible here.



  • @dashrender said in Ubuntu/shred?:

    @marcinozga said in Ubuntu/shred?:

    @dashrender said in Ubuntu/shred?:

    @marcinozga said in Ubuntu/shred?:

    Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.

    But kids in a lab do.

    And since when kids in labs are allowed to sit there for hours swapping disks between servers?

    That's not the point, or even required. They could pull images off the drives, then mess with the data like putting paper shreddings back together if they wanted to.

    My point is that when there is a will, there is a way. And you hear stories all the time about how some kid some some completely unexpected thing in school - so I would expect no less to be possible here.

    Yep, agree. But by doing what I've done, its pretty safe. So, I am happy with that.



  • @marcinozga said in Ubuntu/shred?:

    @jmoore said in Ubuntu/shred?:

    @dashrender and if they are like the kids in my labs then they will be absolutely malicious just for the fun of it

    ^^This. Let the kids play with it, they'll do the job for you.

    No, you're missing my point - which is that the kids might go out of their way to reconstruct the data, so they won't be doing the job of destroying the data, they will be be doing the opposite and rebuilding it - why - because they can.

    What are the chances of this? Low I would say, but not anywhere near zero. And kids in a lab, it's higher than the chances that someone would try to get data off an old copy machine HD I would think.



  • @jimmy9008 said in Ubuntu/shred?:

    @dashrender said in Ubuntu/shred?:

    @marcinozga said in Ubuntu/shred?:

    @dashrender said in Ubuntu/shred?:

    @marcinozga said in Ubuntu/shred?:

    Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.

    But kids in a lab do.

    And since when kids in labs are allowed to sit there for hours swapping disks between servers?

    That's not the point, or even required. They could pull images off the drives, then mess with the data like putting paper shreddings back together if they wanted to.

    My point is that when there is a will, there is a way. And you hear stories all the time about how some kid some some completely unexpected thing in school - so I would expect no less to be possible here.

    Yep, agree. But by doing what I've done, its pretty safe. So, I am happy with that.

    Cool - as for your format commands - why did you put the drives back into an array? Leave them all separate, and write zeros to each one independently. Also, zeros along won't protect your data. True random data is the only way to really get there, and even then, only with multiple passes. But a single track of zeros gives an attacker knowledge of what they are trying to look past, i.e. your track of zeros. By using random data, the attacker has more work to find what the previous magnetic field was.



  • @dashrender said in Ubuntu/shred?:

    @jimmy9008 said in Ubuntu/shred?:

    @dashrender said in Ubuntu/shred?:

    @marcinozga said in Ubuntu/shred?:

    @dashrender said in Ubuntu/shred?:

    @marcinozga said in Ubuntu/shred?:

    Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.

    But kids in a lab do.

    And since when kids in labs are allowed to sit there for hours swapping disks between servers?

    That's not the point, or even required. They could pull images off the drives, then mess with the data like putting paper shreddings back together if they wanted to.

    My point is that when there is a will, there is a way. And you hear stories all the time about how some kid some some completely unexpected thing in school - so I would expect no less to be possible here.

    Yep, agree. But by doing what I've done, its pretty safe. So, I am happy with that.

    Cool - as for your format commands - why did you put the drives back into an array? Leave them all separate, and write zeros to each one independently. Also, zeros along won't protect your data. True random data is the only way to really get there, and even then, only with multiple passes. But a single track of zeros gives an attacker knowledge of what they are trying to look past, i.e. your track of zeros. By using random data, the attacker has more work to find what the previous magnetic field was.

    Added into one array as that just made sense at the time. From the array utility, destroy the array. Then create new array raid 0 of all disks. (Just made sense). Lol.

    I thought that random was great, but you are pretty much unlikely to pull anything off of the drives once zeroed... (especially if the disks were moved too), which I can still do.


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.