[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Guided install erase data

On Mon, 2013-04-08 at 22:16 -0400, Nick Jenkins wrote:
> Hello Debian,
> I am currently installing Wheezy and the "Erasing data" is taking a long 
> time for the encrypted LVM install.
> By a long time I mean 5 hours for 5% completed on erasing data.
> I was wondering what this process is actually doing.

I would think it is writing encrypted zero blocks.

> I have found with my job (Computer Forensic Specialist), that it only 
> takes 1 overwrite to securely wipe data. As well as DOD revision stating 
> 1 overwrite versus the 8 it used to be on disks manufactured after 2001.
> The command I use at work is dd bs=4096 if=/dev/zero of=/dev/sd* and on 
> a 2 TB hard disk takes 4 hours to completely wipe.

A block size of 4K is rather a waste of CPU time on a raw (unencrypted)
disk, but never mind.

> I am currently testing a block size of half the disk buffer to see if 
> that increases speed further.
> With that said, could I get some explanation of what is really happening 
> with this process? I think it would benefit all Debian users to have 
> this time consuming issue looked into.

The reason for using encryption while erasing the disk is to make it
impossible to tell which areas or even how much of the disk is used,
which can itself be sensitive information.

Depending on your level of paranoia, it might be acceptable to skip
encryption (and to enable discard on an encrypted SSD).  I don't know
whether the installer has an option to do that.


Ben Hutchings
Life would be so much easier if we could look at the source code.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: