[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#392480: debian-installer: add support for "cleaning" hard drives

David =?iso-8859-1?Q?H=E4rdeman?= writes...

> If you are concerned with the safety of your personal data being left
> from a previous installation, I assume you're also (and even more so)
> worried about your personal data being kept safe in the new
> installation?
> 
> If so, I'd assume that you'd do an install to an encrypted
> partition...and if you do, debian-installer (or partman-crypto to be
> more precise) will already wipe the disk with one round of random data.
> 
> That should be sufficient for anything but the worst tin foil hat
> scenarios.

I recently discovered that Peter Gutmann added an Epilogue to his original 
paper,

http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
(search for Epilogue)
or reprinted at
http://www.forensicswiki.org/wiki/Epilogue_to_Gutmann's_1996_paper

in it he explains that with modern drives, a few passes of random data is the 
best you can hope to do.

I think your suggestion of using partman-crypto to wipe the disk with one 
round of random data is probably OK. I haven't tried using it yet, can you do 
this step without also creating a new crypto filesystem on the disk as well? 
Ideally you could just do the wipe only so if you were just trying to clean 
the disk you could stop there and not bother to put anything else on it(for 
cleanliness reasons, not because of the time/cpu it takes to generate the new 
filesystem).

So I consider the wishlist to be able to wipe the disk closed, but I'd like to 
be able to do it without also creating a new filesystem if possible (this 
could be in expert mode of course).

Thanks,

-- 
Matt Taggart
taggart@debian.org
Reply to: