I've been looking into securely deleting the contents of a hard disk.
Previously (pre-2001 disks) were designed using a longitudinal write processes, to gain the high capacity the disks are now using new heads and write methods, the data is written in a perpendicular fashion to fit more data in less amount of platter space at greater speeds. Given that this is the case with new drives, the old methodology of multi-pass writing to obscure your old data is no longer necessary, which was once required by the DoD 5220 documents on wiping magnetic harddisks. Now the error rate in perpendicular writes are more volatile, and residuals of previously written portions of the disk are extremely unlikely to be recoverable.
Enter SE (Secure Erase). CMRR - Center for Magnetic Recording Research developed a tool, that was funded by NSA. The interesting thing about this application is that it utililzes the ATA command set that is included with ATA drives according to the ATA specification. Basically the Secure Erase program is invoking the ATA command for telling the disk to execute the secure erase function that exists on these ATA compliant disks. It is faster than doing a DBAN wipe, and according to the article linked below, more secure.
There are two options for executing the command, the first is a single pass that erases all blocks of data. The second wipes and replaces the in-drive encryption key if the disk is using full disk encryption, which makes all written data useless as the encrypted data on the platters is randomized. Drives that support full disk encryption have an in-drive encryption key that encrypts data on the drive electronics before being magnetically written to the disk. Enhanced Secure Delete is the second option, and it doesn't take very long to overwrite the encryption key.
Here's a citation(for those of you with academic access you might want to check the paper out):
http://ieeexplore.ieee.org/xpl/freeabs_all.js … er=5189548
http://cmrr.ucsd.edu/people/hughes/secureerase.shtml
Previously (pre-2001 disks) were designed using a longitudinal write processes, to gain the high capacity the disks are now using new heads and write methods, the data is written in a perpendicular fashion to fit more data in less amount of platter space at greater speeds. Given that this is the case with new drives, the old methodology of multi-pass writing to obscure your old data is no longer necessary, which was once required by the DoD 5220 documents on wiping magnetic harddisks. Now the error rate in perpendicular writes are more volatile, and residuals of previously written portions of the disk are extremely unlikely to be recoverable.
Enter SE (Secure Erase). CMRR - Center for Magnetic Recording Research developed a tool, that was funded by NSA. The interesting thing about this application is that it utililzes the ATA command set that is included with ATA drives according to the ATA specification. Basically the Secure Erase program is invoking the ATA command for telling the disk to execute the secure erase function that exists on these ATA compliant disks. It is faster than doing a DBAN wipe, and according to the article linked below, more secure.
There are two options for executing the command, the first is a single pass that erases all blocks of data. The second wipes and replaces the in-drive encryption key if the disk is using full disk encryption, which makes all written data useless as the encrypted data on the platters is randomized. Drives that support full disk encryption have an in-drive encryption key that encrypts data on the drive electronics before being magnetically written to the disk. Enhanced Secure Delete is the second option, and it doesn't take very long to overwrite the encryption key.
Here's a citation(for those of you with academic access you might want to check the paper out):
http://ieeexplore.ieee.org/xpl/freeabs_all.js … er=5189548
http://cmrr.ucsd.edu/people/hughes/secureerase.shtml
so how do i run `se`? for example, what steps do i need to take in order to wipe a disk using `se` on freebsd 7.0?
"In conclusion, to provide the highest confidence in
meeting government laws protecting user privacy,
use the SE command in computer storage devices,
where possible. Otherwise, use block-overwrite utilities
on entire drives. Use secure physical destruction
of devices that contain data with the highest security
classification level (for example, top secret and
above). This will provide the highest data sanitization
confidence while also meeting federal and state
legal requirements." --ibid.
"In conclusion, to provide the highest confidence in
meeting government laws protecting user privacy,
use the SE command in computer storage devices,
where possible. Otherwise, use block-overwrite utilities
on entire drives. Use secure physical destruction
of devices that contain data with the highest security
classification level (for example, top secret and
above). This will provide the highest data sanitization
confidence while also meeting federal and state
legal requirements." --ibid.
I'm not sure there is an adequate tool to do a secure erase on FreeBSD. At the cmrr ucsd link you can get a bootable disk that can do the command. The benefit there is that it has a set of the default passwords that it checks if there happens to be an ATA password set on the device.
Here's an open source app that attempts to implement it in linux, but it has a lot of warnings:
http://linux.die.net/man/8/hdparm
This is one seemingly proper implementation, along with other tools:
http://www.santools.com/smartmonux.html
Smartmon-ux has a BSD equivalent but in the man pages there doesn't seem to be support for the SECURITY ERASE UNIT - ATA command set
Oh I think I found it (*BSD's)!
http://www.roe.ch/ATA_Security
Also for specifics on the ATA Command Set, here is the committee that decides on implementation:
http://www.t13.org/
Here's an open source app that attempts to implement it in linux, but it has a lot of warnings:
http://linux.die.net/man/8/hdparm
This is one seemingly proper implementation, along with other tools:
http://www.santools.com/smartmonux.html
Smartmon-ux has a BSD equivalent but in the man pages there doesn't seem to be support for the SECURITY ERASE UNIT - ATA command set
Oh I think I found it (*BSD's)!
http://www.roe.ch/ATA_Security
Also for specifics on the ATA Command Set, here is the committee that decides on implementation:
http://www.t13.org/
> At the cmrr ucsd link you can get a bootable disk that can do the command.
oh, ok. i missed that. thanks!
http://cmrr.ucsd.edu/people/hughes/HDDEraseWeb.zip
oh, ok. i missed that. thanks!
http://cmrr.ucsd.edu/people/hughes/HDDEraseWeb.zip
> Oh I think I found it (*BSD's)!
cool! it's not in freebsd-current yet. maybe some day.
http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/127918
cool! it's not in freebsd-current yet. maybe some day.
http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/127918
I have encountered some drives that do not support the ATA command set (older drives). In the case of older drives I suggest sticking with DBAN or a similar product, I am also testing Kill Disk, which does a similar DoD 3 phase write, and various other standards-enforced methods [US Army, Airforce, German, etc.].
There was a pretty good talk on this at Shmoocon last year.
by scott moulton? :D
Yep
well, hdderase worked on a pata 20gb disk attached to the motherboard. but it did not detect a sata disk attached to a sil3114 pci controller.
i had to use dban to get the sata disk wiped.
i had to use dban to get the sata disk wiped.
so in the non-enhanced more, this is functionally identical to:
dd if=/dev/zero of=/dev/ada0 bs=1M
yeah?
dd if=/dev/zero of=/dev/ada0 bs=1M
yeah?
can someone confirm?
also, what do i use when neither hdderase ("secure erase") nor dban will work?
also, what do i use when neither hdderase ("secure erase") nor dban will work?
Just use dd. Simple and works. And not dependent on the correct implementation of the secure erase feature.
is that command correct? will i get the command prompt when it is finished?
dd is a little mysterious to me
dd is a little mysterious to me
Yes.
On FreeBSD you can use ^T to see the status.
What is mysterious about dd?
It's the same as ``cat /dev/zero > /dev/ada0'', except that dd works on blocks and not characters.
On FreeBSD you can use ^T to see the status.
What is mysterious about dd?
It's the same as ``cat /dev/zero > /dev/ada0'', except that dd works on blocks and not characters.
i don't know if it's going to take 2 minutes or 2 weeks to finish
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 2880 2.8 0.1 5336 1720 v3 DL+ 5:42PM 16:06.71 dd if=/dev/zero of=/dev/ada5 bs=1M root 2878 2.5 0.1 5336 1720 v2 DL+ 5:42PM 15:35.49 dd if=/dev/zero of=/dev/ada4 bs=1M root 5214 0.0 0.0 3428 952 0 R+ 11:08PM 0:00.00 ps aux
they have been running for over five hours. gogogo!
(/dev/ada4 and /dev/ada5 are 2 TB each.)
> On FreeBSD you can use ^T to see the status.
i should have paid attention to this. i just found the same information in a roundabout fashion.
i should have paid attention to this. i just found the same information in a roundabout fashion.