From owner-freebsd-questions@freebsd.org Fri Jul 14 19:56:17 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 08273DAAEED for ; Fri, 14 Jul 2017 19:56:17 +0000 (UTC) (envelope-from srs0=kjah=6r=mail.sermon-archive.info=doug@sermon-archive.info) Received: from mail.sermon-archive.info (sermon-archive.info [71.177.216.148]) by mx1.freebsd.org (Postfix) with ESMTP id E93F673961 for ; Fri, 14 Jul 2017 19:56:16 +0000 (UTC) (envelope-from srs0=kjah=6r=mail.sermon-archive.info=doug@sermon-archive.info) Received: from [10.0.1.251] (mini [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 3x8NjQ4RRCz2fkbM; Fri, 14 Jul 2017 12:56:10 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: Unusual Question From: Doug Hardie In-Reply-To: <20170714095950.GA72707@erix.ericsson.se> Date: Fri, 14 Jul 2017 12:56:10 -0700 Cc: freebsd-questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <4B439F2B-B175-480C-8EEE-C200AA16A456@mail.sermon-archive.info> References: <888578F8-AD68-4993-823C-152789F3C929@mail.sermon-archive.info> <20170714095950.GA72707@erix.ericsson.se> To: Raimo Niskanen X-Mailer: Apple Mail (2.3273) X-Virus-Scanned: clamav-milter 0.99.2 at mail X-Virus-Status: Clean X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2017 19:56:17 -0000 > On 14 July 2017, at 02:59, Raimo Niskanen = wrote: >=20 > This thread reminds me of the argument that you should always encrypt = your > hard disk. For a remote site you could have the key on a key = partition for > some crypto systems. >=20 > Then all you have to do is destroy the key, which is much easier. >=20 > (For an SSD drive to protect against harcore forensics I do not know = how to > ensure that the data is gone, though) >=20 >=20 > On Thu, Jul 13, 2017 at 09:44:30PM -0700, David Christensen wrote: >> On 07/09/17 02:57, Doug Hardie wrote: >>> I have a FreeBSD 9.3 remote server that needs to be purged. I know = that rm -rf / will remove all the directory entries, but I need to write = over the drive. I thought that dd if=3D/dev/zero of=3D/dev/ada0 might = do the trick, but it gives an not permitted error. The whole thing can = crash and burn at the end. This is an unmanned site so moving drives is = not viable. >>=20 >> If the machine has BIOS and the system drive isn't too large, write = an=20 >> assembly program that fits into the MBR bootstrap code area to wipe = the=20 >> rest of the drive, assemble the program, write it into the MBR, and = reboot. >>=20 >>=20 >> Bonus: the program deletes the MBR when done wiping the rest of the = drive. Encryption does not prevent object reuse. It may delay it a bit = depending on the strength of the key generation/algorithm used. = However, the data can be recovered. Given enough horse power, or good = information into the key generation process, the data can be made = available. In most cases, it's actually pretty easy. Overwriting is = the only method that makes the information non-recoverable (and still = leaves the media useful). Years ago in the USAF, we used to use a power sander to remove all the = oxide from the disk. It left a bright, shiny aluminum disk that had no = information on it. The bits were still there on the oxide particles, = but the sander blew them all over the place and its highly unlikely that = anyone could have gathered them all up, let alone put them back into the = proper order. One of those disks was made into a going away memento and = is displayed here. The other option was a thermite grenade which was = tested and verified was extremely effective. Even the platter vanished.