On 07/02/14 15:29, Matt Garman wrote:

FWIW, I use a program called "shred" when I'm done with a disk.  It
makes N (default = 3) passes of writing random data to the disk, and
an optional final pass of zeroes.  It's time-consuming to complete,
but takes only 30 seconds to get going.  Even more convenient if you
have one of those USB hard drive docks, so you can take the drive out
of your system.

Based on what I've read, that should be sufficient to keep anyone
without a Dept of Defense budget from recovering you data.  The DOD
probably already has your data anyway, so that's a non-issue.  :)

Even with the full resources of NSA, there is no way to read useful data
from a disk that has had a single pass of writing zeros.  Multi-pass
disk erasure is a case of some companies getting very rich from a myth
based on a single academic paper with theories about how /some/ data
/might/ be recoverable from overwritten disks.  It was never more than
an idea at the time, and it applies even less to modern disks.

In an experiment, researchers wrote some bits to a sample of hard drive
material, overwrote them once, then tried to read the old data.  I can't
find the reference (I really wish I could), so my figures may be a bit
off - but they are in the right ballpark.  I believe it was about 32
bits they wrote.  They managed to recover 7 bits that they were
confident were correct - after spending months with equipment such as
electron microscopes.

The most convincing argument, however, is the economic one - if it were
possible to recover erased data (that has been overwritten once) with
any reliability, then disk recovery firms would be offering such a
service.  These folks can get your photos back after disks have been
"destroyed" in fires - but they cannot get data back if it has been erased.


The only thing you can't erase are re-mapped sectors - but hopefully
those will be rare!

With SSD's it's a bit different - re-mapping and garbage collection
means that there is the possibility of some data being left on partially
filled blocks.

On Fri, Feb 7, 2014 at 2:07 AM, David Brown [off-list ref] wrote:

quoted

On 06/02/14 19:09, Piergiorgio Sartor wrote:

quoted

Hi all,

this question is only partially related to Linux MD,
but since the experts are here, I think it would not
be a big problem to ask here.

I'm considering a storage system.
This is based on HDD "rust".
It should have RAID-6, for protection agaist disk
failure(s).
It should have LUKS (or similar), in order to simplify
HDD disposal (disk that are still somehow readable will
not need to be wiped out before dumping them).
It should have LVM, as flexible partition system.

It strikes me as a bad idea to use encryption of any sort "to save time
when dumping old disks".  Physically destroying hard disks is not /that/
hard.  Unless you are keeping plans for a nuclear missile, then a few
whacks with a hammer will be good enough.  Breaking the electronics
means it costs many thousands of dollars to get the data off the disk
again - you don't even need to open the drive and get out the platters
(opening the drive is time-consuming - destroying the platters after
opening is easy).  And with raid, little of the data on the disk is
intelligible unless you have the full stripe (minus parity) - just ask
anyone who has tried to recover from one too many disk failures.

And of course, just dd'ing /dev/zero to the first few MB of the disk
will make it unreadable for most hackers - even if they have all the
disks in a set, and know how they were configured.  And you could donate
the old disks to windows users - then they are guaranteed unreadable!

Disk encryption slows everything down, and adds lots of complications to
the system.  It is less of an issue with drives with built-in
encryption, but still a complete waste of time and money if all you want
is "safe" disposal of old disks.

The /only/ thing disk encryption is useful for is if you fear the disks
will be physically stolen by someone who is after your data (or customs
guards in dodgy countries, which amounts to the same thing).  So if you
fear that your company will be the target of top-range thieves who will
steal your disks for the data, then encryption is a good idea.  Of
course, better locks and alarm systems would be a better investment.


Once you have eliminated the "E", then I believe HRL is the common
arrangement, although sometimes you also do physical partitioning of the
disks first, so that you can have different bits with different raid
types.  A multi-way raid1 partition first for /boot can make booting
easier, a set of raid1 pairs works well for swap (for emergency use
only), and then the rest of each disk makes up your raid6 array.


--
To unsubscribe from this list: send the line "unsubscribe linux-raid" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe linux-raid" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html