Bug#392480: debian-installer: add support for "cleaning" hard drives
I would like to see the ability to clean hard disks (by securely overwriting
all blocks) added to debian-installer.
When I reuse a hard disk (or before I get rid of one), before I install I like
to clean all data off the drive by overwriting it. My reasons for doing so are,
1.) There may be sensitive data still on the disk, that if someone compromised
the system or physically obtained the disk (especially in the case of laptops)
they might be able to collect. It is good to start from a known clean state
knowing that only the data you put on the drive is there and you can take
precautions to protect it.
2.) If a system is compromised (either by an attacker, a user error, or a
partial drive failure), any remnants of old data will hinder any forensics
analysis of the drive. If you are starting from a state of known contents (all
the blocks set to a particular pattern or at least random) then you can find
The ability to do this is becoming increasing more important as we are
beginning to see with the problems of large companies/institutions losing
people's personal data and the resulting identity theft and fraud. This could
be a neat feature that Debian introduces first.
I recently did some searches to determine the best way of doing this. While a
simple dd might work for most cases, I had heard that some attackers currently
have the ability to read up seven writes back, so I thought there might be a
better way. Most things I found while searching cited a canonical paper,
"Secure Deletion of Data from Magnetic and Solid-State Memory"
Peter Gutmann <firstname.lastname@example.org>
There are also some government standards for wiping disks,
American DoD 5220-22.M ( http://www.dss.mil/isec/nispom_0195.htm )
Canadian RCMP TSSIT OPS-II
I found a few good solutions available in Debian already
* shred - part of coreutils package, doesn't mention the Gutmann paper, but
seems to use a similar technique.
* wipe - Uses the techiniques recommended by Gutmann, read the man page for
fun, it's pretty tin-foil-hat which frankly is how I like my security tools
Just for those interested a few additional data points,
* "Darik's Boot and Nuke" is a bootable iso that supports all the best methods
of doing this. http://dban.sourceforge.net/
* MacOSX includes a secure deletion utility called "srm". Their "recycle
basket" desktop feature has the ability to do a "secure empty"
I have been using d-i to do this already by bringing up the network and then
dropping to a shell and wget'ing shred. Then I run something like,
"./shred -v -u -n 10 /dev/sda"
That takes maybe an hour for an 18gb u160 10k rpm scsi disk and scales
linearly as you go up (ie 4x that for a 72gb disk). If the machine has
multiple disks I run several of them in parallel, and that seems to run in the
same time it takes one (ie they are disk bound).
I think this feature could be really useful for a lot of people, although
probably only available in expert mode.
What do you think?