Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-13 Thread Jordan Geoghegan 
If you want to be super paranoid about things, use properly implemented 
full disk encryption from the get go. Once you are ready to wipe the 
disk, use what is standard for most Government/Business use: overwrite 
with random data 7 times. If you want to be super aggressive about 
things (yet for some reason refuse to just destroy the disk) you can do 
14 runs alternating between random data and zeros.


In my opinion, this is overkill and just silly, if you're really that 
concerned about the contents of your drive being discovered, full disk 
encryption would make that concern largely irrelevant. After 7 disk 
wipes with dd, no ones getting your data back off that drive, not for 
all the tea in China.



On 01/12/18 02:27, Etienne wrote:

On 11/01/18 14:45, Andreas Thulin wrote:

in order to achieve paranoid disk-wiping?


I don't have a solution to offer for existing disks, but that made me 
just think that it would be probably easy to create two partitions on 
a disk, one that will be a keydisk 
(https://www.openbsd.org/faq/faq14.html#softraidFDEkeydisk) and one 
that would be the real partition holding the data, and the day you 
need to wipe the disk, the only thing you need to wipe (a few times if 
you're paranoid) is the keydisk partition, and the data will be 
unrecoverable.


Does that sound sensible, or am I missing something?

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-12 Thread Philippe Meunier 
Nick Holland wrote:
>Another answer to your question might be to change those zeros to ones.
>One way to do that:
>
># tr "\0" "\377"

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-12 Thread Raimo Niskanen 
On Thu, Jan 11, 2018 at 11:16:28AM -0600, L. V. Lammert wrote:
> On Thu, 11 Jan 2018, STeve Andre' wrote:
> 
> > Don't bother.   Wiping the disk twice is enough.   If you are storing state
> > secrets melt the disk.
> >
> An anvil big hammer also works well and gives some exercise in the
> process.

Or a screwdriver and a pair of pliers if you want less excersise.


> 
>   Lee

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-12 Thread Etienne 

On 11/01/18 14:45, Andreas Thulin wrote:

in order to achieve paranoid disk-wiping?


I don't have a solution to offer for existing disks, but that made me 
just think that it would be probably easy to create two partitions on a 
disk, one that will be a keydisk 
(https://www.openbsd.org/faq/faq14.html#softraidFDEkeydisk) and one that 
would be the real partition holding the data, and the day you need to 
wipe the disk, the only thing you need to wipe (a few times if you're 
paranoid) is the keydisk partition, and the data will be unrecoverable.


Does that sound sensible, or am I missing something?

--
Étienne

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-12 Thread Andreas Thulin 
Thanks to all of you for either useful tips or good-to-read rants. :-) I’ll
try out tips from Nick & Todd, let’s see where that takes me.

BR, Andreas
fre 12 jan. 2018 kl. 05:22 skrev Todd C. Miller :

> On Thu, 11 Jan 2018 22:09:32 -0500, "trondd" wrote:
>
> > A 1 is too narrow to fully cover the original data.
>
> You need to use an 8 to wipe out all seven segments.
>
>  - todd
>
>

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread Todd C. Miller 
On Thu, 11 Jan 2018 22:09:32 -0500, "trondd" wrote:

> A 1 is too narrow to fully cover the original data.

You need to use an 8 to wipe out all seven segments.

 - todd

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread Nick Holland 
On 01/11/18 09:45, Andreas Thulin wrote:
> Hi!
> 
> Again, an ignorant question (as usual):
> 
> How might I do something similar to
> 
> # dd if=/dev/one of=/dev/sd0 bs=1M
> 
> as a complement to the usual and well-described
> 
> # dd if=/dev/zero of=/dev/sd0 bs=1M
> 
> followed by
> 
> # dd if=/dev/urandom of=/dev/sd0 bs=1M
> 
> in order to achieve paranoid disk-wiping?

Another answer to your question might be to change those zeros to ones.
One way to do that:

# tr "\0" "\377"

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread trondd 
On Thu, January 11, 2018 5:12 pm, worik wrote:
> On 12/01/18 11:09, Jan Stary wrote:
>> On Jan 11 14:45:21, andreasthu...@gmail.com wrote:
>>> in order to achieve paranoid disk-wiping?
>> Ones are not nearly as secure as zeros.
>>
> Why not? Is it not arbitrary?
>

A 1 is too narrow to fully cover the original data.

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread worik 
On 12/01/18 11:09, Jan Stary wrote:
> On Jan 11 14:45:21, andreasthu...@gmail.com wrote:
>> Hi!
>>
>> Again, an ignorant question (as usual):
>>
>> How might I do something similar to
>>
>> # dd if=/dev/one of=/dev/sd0 bs=1M
>>
>> as a complement to the usual and well-described
>>
>> # dd if=/dev/zero of=/dev/sd0 bs=1M
>>
>> followed by
>>
>> # dd if=/dev/urandom of=/dev/sd0 bs=1M
>>
>> in order to achieve paranoid disk-wiping?
> Ones are not nearly as secure as zeros.
>
Why not?  Is it not arbitrary?

Worik

-- 
  If not me then who?  If not now then when?  If not here then where?
So, here I stand, I can do no other
  r...@worik.org 021-1680650, (03) 4821804 Aotearoa (New Zealand)

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread Jan Stary 
On Jan 11 14:45:21, andreasthu...@gmail.com wrote:
> Hi!
> 
> Again, an ignorant question (as usual):
> 
> How might I do something similar to
> 
> # dd if=/dev/one of=/dev/sd0 bs=1M
> 
> as a complement to the usual and well-described
> 
> # dd if=/dev/zero of=/dev/sd0 bs=1M
> 
> followed by
> 
> # dd if=/dev/urandom of=/dev/sd0 bs=1M
> 
> in order to achieve paranoid disk-wiping?

Ones are not nearly as secure as zeros.

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread Andrew 

On 01/11/18 14:45, Andreas Thulin wrote:

Hi!

Again, an ignorant question (as usual):

How might I do something similar to

# dd if=/dev/one of=/dev/sd0 bs=1M

as a complement to the usual and well-described

# dd if=/dev/zero of=/dev/sd0 bs=1M

followed by


Personally, given your premise of "paran0id disk-wiping", then I would
take the next step of checking if a non-random sequence of "0"s are
still on the device. Are you ready for that rabbit h0le ?? hehehe ;-)


# dd if=/dev/urandom of=/dev/sd0 bs=1M

in order to achieve paranoid disk-wiping?

BR
Andreas

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread x9p 

On Thu, January 11, 2018 3:16 pm, L. V. Lammert wrote:
> On Thu, 11 Jan 2018, STeve Andre' wrote:
>
>> Don't bother.   Wiping the disk twice is enough.   If you are storing state
>> secrets melt the disk.
>>
> An anvil big hammer also works well and gives some exercise in the
> process.
>
>   Lee
>
>

+1 to big hammer. boys are changing disk firmware nowadays... go figure...

cheers.

--
x9p | PGP : 0x03B50AF5EA4C8D80 / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 
E7EE

"I don't know where I'm going from here, but I promise it won't be boring." - 
David Bowie

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread Raul Miller 
On Thu, Jan 11, 2018 at 12:16 PM, L. V. Lammert  wrote:
> On Thu, 11 Jan 2018, STeve Andre' wrote:
>
>> Don't bother.   Wiping the disk twice is enough.   If you are storing state
>> secrets melt the disk.
>>
> An anvil big hammer also works well and gives some exercise in the
> process.

Might be more secure to sell it to Hollywood, as a movie script.
They'll change it beyond recognition.

-- 
Raul

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread L. V. Lammert 
On Thu, 11 Jan 2018, STeve Andre' wrote:

> Don't bother.   Wiping the disk twice is enough.   If you are storing state
> secrets melt the disk.
>
An anvil big hammer also works well and gives some exercise in the
process.

Lee

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread STeve Andre' 
Don't bother.   Wiping the disk twice is enough.   If you are storing state 
secrets melt the disk.


Back in the days of sub 1G disks it might have been possible to get inter 
track gap data that was usable. Maybe.  But not multi T disks.


Sectors mapped out are a problem though, and multiple writes aren't going 
to touch those.  If you encrypt the disk I question how much value a few 
encrypted sectors would be to anyone.


Worry far more over lost usb sticks or portable usb disks.  That's a far 
bigger problem.


STeve Andre'


Sent with AquaMail for Android
http://www.aqua-mail.com


On January 11, 2018 9:46:25 AM Andreas Thulin  wrote:


Hi!

Again, an ignorant question (as usual):

How might I do something similar to

# dd if=/dev/one of=/dev/sd0 bs=1M

as a complement to the usual and well-described

# dd if=/dev/zero of=/dev/sd0 bs=1M

followed by

# dd if=/dev/urandom of=/dev/sd0 bs=1M

in order to achieve paranoid disk-wiping?

BR
Andreas

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread Base Pr1me 
You can adapt my linux bash script for such pointlessly "paranoid"
purposes. I use it to prove to HIPAA auditors just how paranoid I can be,
and it's above NIST requirements in the US.

https://github.com/spoollord/shredder

Would require you to pkg_add pv base64. Or, just adapt the script without
those.

On Thu, Jan 11, 2018 at 8:26 AM, Ingo Schwarze  wrote:

> Hi Andreas,
>
> Andreas Thulin wrote on Thu, Jan 11, 2018 at 02:45:21PM +:
>
> > Again, an ignorant question (as usual):
> > How might I do something similar to
> > # dd if=/dev/one of=/dev/sd0 bs=1M
>
>   jot -cs '' 512 255 255
>
> writes 512 bytes with all bits set.  Feel free to use larger numbers
> than 512.  For large numbers, this is certainly slower than dd
> because it uses an explicit loop with some conditionals and one
> printf(3) for each byte.
>
>   perl -e 'print "\xff"x512'
>
> may be faster.  If i needed maximum speed, i'd probably write a two-line
> C program.
>
>   while true; do echo -n "\0377"; done
>
> works for the purist, but will hardly be fast.
>
> Btw., you are asking for "Hello World!", kind of.
> It may be hard to find a program that can't solve your task...  ;)
>
> > as a complement to the usual and well-described
> > # dd if=/dev/zero of=/dev/sd0 bs=1M
> > followed by
> > # dd if=/dev/urandom of=/dev/sd0 bs=1M
> > in order to achieve paranoid disk-wiping?
>
> I have no idea whether or not such paranoia makes sense.
> Maybe, maybe not.
>
> Yours,
>   Ingo
>
>

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread Ingo Schwarze 
Hi Andreas,

Andreas Thulin wrote on Thu, Jan 11, 2018 at 02:45:21PM +:

> Again, an ignorant question (as usual):
> How might I do something similar to
> # dd if=/dev/one of=/dev/sd0 bs=1M

  jot -cs '' 512 255 255

writes 512 bytes with all bits set.  Feel free to use larger numbers
than 512.  For large numbers, this is certainly slower than dd
because it uses an explicit loop with some conditionals and one
printf(3) for each byte.

  perl -e 'print "\xff"x512'

may be faster.  If i needed maximum speed, i'd probably write a two-line
C program.

  while true; do echo -n "\0377"; done

works for the purist, but will hardly be fast.

Btw., you are asking for "Hello World!", kind of.
It may be hard to find a program that can't solve your task...  ;)

> as a complement to the usual and well-described
> # dd if=/dev/zero of=/dev/sd0 bs=1M
> followed by
> # dd if=/dev/urandom of=/dev/sd0 bs=1M
> in order to achieve paranoid disk-wiping?

I have no idea whether or not such paranoia makes sense.
Maybe, maybe not.

Yours,
  Ingo

Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread Andreas Thulin 
Hi!

Again, an ignorant question (as usual):

How might I do something similar to

# dd if=/dev/one of=/dev/sd0 bs=1M

as a complement to the usual and well-described

# dd if=/dev/zero of=/dev/sd0 bs=1M

followed by

# dd if=/dev/urandom of=/dev/sd0 bs=1M

in order to achieve paranoid disk-wiping?

BR
Andreas