[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#392480: debian-installer: add support for "cleaning" hard drives

On Wed, Oct 11, 2006 at 03:27:13PM -0700, Matt Taggart wrote:
I would like to see the ability to clean hard disks (by securely overwriting all blocks) added to debian-installer. When I reuse a hard disk (or before I get rid of one), before I install I like to clean all data off the drive by overwriting it. My reasons for doing so are,

1.) There may be sensitive data still on the disk, that if someone compromised the system or physically obtained the disk (especially in the case of laptops) they might be able to collect. It is good to start from a known clean state knowing that only the data you put on the drive is there and you can take precautions to protect it.

2.) If a system is compromised (either by an attacker, a user error, or a partial drive failure), any remnants of old data will hinder any forensics analysis of the drive. If you are starting from a state of known contents (all the blocks set to a particular pattern or at least random) then you can find deleted logs/files/etc.

The ability to do this is becoming increasing more important as we are beginning to see with the problems of large companies/institutions losing people's personal data and the resulting identity theft and fraud. This could be a neat feature that Debian introduces first.

If you are concerned with the safety of your personal data being left from a previous installation, I assume you're also (and even more so) worried about your personal data being kept safe in the new installation?

If so, I'd assume that you'd do an install to an encrypted partition...and if you do, debian-installer (or partman-crypto to be more precise) will already wipe the disk with one round of random data.

That should be sufficient for anything but the worst tin foil hat scenarios.

David Härdeman

Reply to: