[ale] erasing ext3 filesystems securely

Jeff Hubbs hbbs at comcast.net
Mon Jun 6 23:01:49 EDT 2005


A while back, my customer had an old Compaq server that needed its drive
wiped.  Their IT department supplied a floppy with some free-download
DOS utility that claimed to do an "approved" overwrite pass on a
drive.  

The problem was that this was no desktop - it was a server with hardware
RAID and the floppy couldn't bring up the RAID controller.  Furthermore,
I questioned the validity of something which gave you no way to verify
that was actually doing what it said it did.

Bringing the machine and the RAID controller up with a Gentoo LiveCD, I
dd'ed ones and zeroes (with /dev/zero - I can't remember how I produced
ones) to the drives (all set up as a RAID 5 array all the way across - I
had no way to reconfigure arrays) and then used /dev/random for the
randomization steps.  

I learned very quickly that /dev/random is really slow.  Why?  It's
trying to be really, really random.  /dev/urandom is quicker and is
probably an acceptable tradeoff.  Of course, this whacks boot sectors,
partition tables, and partition contents.

Jeff

On Mon, 2005-06-06 at 21:27 -0500, Denny Chambers wrote:
> What if you mount you EXT3 FS as a EXT2 FS. Then no journaling will be done.
> 
> John Wells wrote:
> 
> >Guys,
> >
> >After letting shred run for 20+ hours on the drive I plan to return to
> >Circuit City, I finally bothered to read the man page (doh) and found the
> >following relevant excerpt:
> >----
> >CAUTION: Note that shred relies on a very important assumption: that the
> >filesystem overwrites data in place. This is the traditional way to do
> >things, but many modern filesystem designs do not satisfy this assumption.
> >The following are examples of filesystems on which shred is not effective:
> >
> >* log-structured or journaled filesystems, such as those supplied with
> >
> >    AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
> >----
> >
> >
> >So...that's down the tubes.  Trying to google for the subject line and
> >other  combinations hasn't turned up any definitive sources either.
> >
> >I don't need CIA level deletion here, but I would like to be reasonably 
> >certain that noone could restore my data after the drive is returned.
> >
> >Is there a utility out there that can handle ext3 deletion?
> >
> >Thanks, as always.
> >
> >John
> >
> >
> >_______________________________________________
> >Ale mailing list
> >Ale at ale.org
> >http://www.ale.org/mailman/listinfo/ale
> >
> >
> >  
> >
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list