From owner-freebsd-questions Sat Apr 15 11:51:48 2000 Delivered-To: freebsd-questions@freebsd.org Received: from pilsener.srv.ualberta.ca (pilsener.srv.ualberta.ca [129.128.5.19]) by hub.freebsd.org (Postfix) with ESMTP id DE06637B744 for ; Sat, 15 Apr 2000 11:51:45 -0700 (PDT) (envelope-from rorsten@gpu.srv.ualberta.ca) Received: from gpu1.srv.ualberta.ca (gpu1.srv.ualberta.ca [129.128.98.10]) by pilsener.srv.ualberta.ca (8.9.3/8.9.3) with ESMTP id MAA17980; Sat, 15 Apr 2000 12:51:44 -0600 (MDT) Received: from localhost (rorsten@localhost) by gpu1.srv.ualberta.ca (8.8.5/8.8.5) with ESMTP id MAA33650; Sat, 15 Apr 2000 12:51:44 -0600 Date: Sat, 15 Apr 2000 12:51:44 -0600 (MDT) From: Reid Orsten X-Sender: rorsten@gpu1.srv.ualberta.ca To: Ben Smithurst Cc: Scott Blachowicz , freebsd-questions@FreeBSD.ORG Subject: Re: Erasing an IDE disk In-Reply-To: <20000415165532.A16019@strontium.scientia.demon.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 15 Apr 2000, Ben Smithurst wrote: > Scott Blachowicz wrote: > > > I'm fixing to remove a disk from my system and give it to someone else. I want > > to erase it to try to make sure that no personal or sensitive data can be > > recovered from it. So, my first attempt was to install FreeBSD 4.0 on it, then > > try to do this kind of stuff: > > > > dd if=/dev/zero of=/dev/ad0s2c > > That will only erase slice 2, so that's not really good enough. You > won't be able to erase the whole disk unless nothing on ad0 is mounted > (did you check that; what does "mount" show?). I think what you'll have > to do is to put this disk in another FreeBSD system as ad1 (or ad2, or > whatever), and try erasing /dev/ad1 completely (not ad1s > or anything like that). Or, you could use the fixit CD (disc 2 in WC > sets), and use dd from there. > > As for the person who suggested /dev/urandom, I'm not sure > that would be better. It will use loads of CPU time, both > ways will stop a casual nosy person, and neither way will > stop someone who *really* wants the data off the disk. See > for more on this > sort of stuff. > > When I returned a disk to a shop recently because it was b0rken, I just > wrote 0x0, 0xff, then 0x0 over the whole disk. Given that when I took > it back they used Windows Scandisk to check if it really was faulty, I > think that was overkill. :-) > > -- > Ben Smithurst / ben@scientia.demon.co.uk / PGP: 0x99392F7D > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > Bruce Schneier, well respected cryptographer suggests the following method for erasing a disk securely: "I recommend overwriting a deleted file seven times: the first time with all ones, the second time with all zeroes, and five times with a cryptographically secure pseudo-random sequence." If its sensitive data, that's the way to go. Reid To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message