Our Full-Service B2B Marketing Program Delivers Sales-Ready Leads Click to Learn More!
Welcome Guest | Sign In

LinuxInsider Talkback

ECT News Community   »   LinuxInsider Talkback   »   Re: Securing Your Linux System Bit by Bit

Re: Securing Your Linux System Bit by Bit
Posted by jafcobend on 2018-01-10 18:52:46
In reply to Jonathan Terrasi
I beg to differ with the nay-sayers. Overwriting every addressable byte on your disk with '0' will definitely add a significant barrier to anyone trying to recover that data.

Can some magnetic residue of the original data be remaining on the disk? Maybe. But the cost of the equipment and expertise to recover it is going to steep. Maybe if your of interest to a well funded spy or criminal organization will you have a real concern.

Flash is a little different story. Flash cells should erase cleaner. But there is the reserve sectors and the question of whether they are rotated through with the usual wear leveling algorithms. But this can be addressed with multiple passes. I would probably use 0 (/dev/zero) on the first pass and then 0xff on the second and repeat the cycle again. If the spare sectors are part of the wear leveling cycle 4x the storage capacity will be more than enough to hit them. I leave off with the 0xff because that leaves the flash in the native "erased" state, ready for writing new data.

I don't know of a readily available source of 0xff bytes but the code to generate them with a compiled language is stupid simple. I wrote such a tool a long time back, which I still use. I would use a compiled language because we are talking about generating a *LOT* of bytes and interpreted languages will take much longer.

Some things to consider:

'dd' writes to the kernel's cache, like most programs. So you need to make sure the cache gets flushed to the device. Using the "sync" command as root can do that or shutdown/reboot will force the flush.

You can pipe any source of data into dd if you want to use a different erase pattern. Just use the standard pipe (|) arrangement. You could also use /dev/random or /dev/urandom to write random data. The first is probably completely useless as it would take a very long time for your system to generate the random data. The latter is faster because the random data is of lesser quality. It will still take a long time.

I would contend with the authors remark that this procedure is CPU bound. Although his formula is not as efficient as it could be its mostly an I/O bound operation. On a decent SATA or SCSI system I have routinely kept a drive saturated with I/O, this way, while not observing a noticeable impact on the rest of the system. The main thing you have to do is tell dd to use a larger buffer with the "bs", block size, option. I use 1M and it seems to provide real good throughput... and yes it will write a partial block if needed.

So something like:

dd if=/dev/zero of=/dev/sda bs=1M

And, yes, a tool like "shred" will do a more thorough job at trying to prevent someone scrounging magnetic residue.

 * Topic  Author  Date
Re: Securing Your Linux System Bit by Bit  Jonathan Terrasi  2017-06-13 15:07:17
Re: Securing Your Linux System Bit by Bit  jafcobend  2018-01-10 18:52:46
Re: Securing Your Linux System Bit by Bit  nicodemus  2017-06-21 09:32:17
Re: Securing Your Linux System Bit by Bit  2SquidsFor1Penny  2017-06-14 14:47:07
Re: Securing Your Linux System Bit by Bit  2SquidsFor1Penny  2017-06-15 12:08:54
Re: Securing Your Linux System Bit by Bit  2SquidsFor1Penny  2017-06-15 08:32:09
Re: Securing Your Linux System Bit by Bit  2SquidsFor1Penny  2017-06-14 21:57:27
Re: Securing Your Linux System Bit by Bit  larryecrisp  2017-06-14 05:19:22
Jump to:
Your Name: [modify]
* Subject: [edit]
Choose Icon:

Submissions containing gratuitous promotions or advertisements
will not be posted. [Message Board and Community Rules]

* Comments:

Notify me by e-mail when someone responds to my post.

Facebook Twitter LinkedIn Google+ RSS
Freshsales - HiveXchange
Should more CEO positions be held by women?
Yes, qualified women have been excluded due to gender discrimination.
No, companies should not hire CEOs based on affirmative action.
Yes, women tend to have better temperaments and skills for the role.
No, few women are strong enough leaders for the role.
More women should be CEOs of companies that cater to women.
Women should not be CEOs of companies in male-dominated industries.