[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#392480: debian-installer: add support for "cleaning" hard drives

Package: debian-installer
Version: 20061011
Severity: wishlist

I would like to see the ability to clean hard disks (by securely overwriting 
all blocks) added to debian-installer.
When I reuse a hard disk (or before I get rid of one), before I install I like 
to clean all data off the drive by overwriting it. My reasons for doing so are,

1.) There may be sensitive data still on the disk, that if someone compromised 
the system or physically obtained the disk (especially in the case of laptops) 
they might be able to collect. It is good to start from a known clean state 
knowing that only the data you put on the drive is there and you can take 
precautions to protect it.

2.) If a system is compromised (either by an attacker, a user error, or a 
partial drive failure), any remnants of old data will hinder any forensics 
analysis of the drive. If you are starting from a state of known contents (all 
the blocks set to a particular pattern or at least random) then you can find 
deleted logs/files/etc.

The ability to do this is becoming increasing more important as we are 
beginning to see with the problems of large companies/institutions losing 
people's personal data and the resulting identity theft and fraud. This could 
be a neat feature that Debian introduces first.

I recently did some searches to determine the best way of doing this. While a 
simple dd might work for most cases, I had heard that some attackers currently 
have the ability to read up seven writes back, so I thought there might be a 
better way. Most things I found while searching cited a canonical paper,

"Secure Deletion of Data from Magnetic and Solid-State Memory"
Peter Gutmann <pgut001@cs.auckland.ac.nz>
https://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutma
nn/
There are also some government standards for wiping disks,
  American DoD 5220-22.M ( http://www.dss.mil/isec/nispom_0195.htm )
  Canadian RCMP TSSIT OPS-II

I found a few good solutions available in Debian already

* shred - part of coreutils package, doesn't mention the Gutmann paper, but 
seems to use a similar technique.

* wipe - Uses the techiniques recommended by Gutmann, read the man page for 
fun, it's pretty tin-foil-hat which frankly is how I like my security tools 
authors :)

Just for those interested a few additional data points,
* "Darik's Boot and Nuke" is a bootable iso that supports all the best methods 
of doing this. http://dban.sourceforge.net/
* MacOSX includes a secure deletion utility called "srm". Their "recycle 
basket" desktop feature has the ability to do a "secure empty"

I have been using d-i to do this already by bringing up the network and then 
dropping to a shell and wget'ing shred. Then I run something like,

 "./shred -v -u -n 10 /dev/sda"

That takes maybe an hour for an 18gb u160 10k rpm scsi disk and scales 
linearly as you go up (ie 4x that for a 72gb disk). If the machine has 
multiple disks I run several of them in parallel, and that seems to run in the 
same time it takes one (ie they are disk bound).

I think this feature could be really useful for a lot of people, although 
probably only available in expert mode.

What do you think?

Thanks,

-- 
Matt Taggart
taggart@debian.org
Reply to: