Welcome to Gaia! ::

OK, so, as a network engineer who has studied topics on encryption and security, I know damn well how easy it is to recover stuff like a highly compromising legal declaration, or let's be honest, that folder of lewd Japanese drawings of fictional girls, so in order to avoid this I religiously encrypt absolutely everything I wouldn't like others to see and I erase my hard drives' contents every week. The only thing that keeps me from using full disk encryption is the fact that Truecrypt doesn't supports dual-boot systems, and I require Windows because I'm a huge fan of Touhou Project and I've had a rather hard time getting Touhou games running on Debian Wheezy (I've only managed to run EOSD, Imperishable Night and Mountain of Faith).

The erasure process goes like this:


  • Weekly erasing: Just a quick pass of Windows's Eraser utility, then I fill my Linux partition with /dev/urandom noise and then I run sfill and sswap to clear anything that remained as well as my swap partition.
  • Bi-weekly erasing: Create a Truecrypt volume spanning all the partition's free space, run one pass of Eraser on them, then /dev/urandom, sfill and sswap on my Linux partitions.
  • Monthly erasing: Eraser on Windows is run with Bruce Schneier's 7-pass method, Linux erasure is done with 7 passes of /dev/urandom as well. This is finished with one final pass of encrypted /dev/urandom on everything.
  • Annual erasing: Uses 35-pass Gutmann instead of Schneier's 7-pass. This is followed with 3 passes of encrypted /dev/urandom on all my drives' free space.
  • Destroying a drive with DBAN and restoring its contents with Clonezilla is out of the question because it would be extremely lengthy and I don't have that much time to spare.


Thing is, because I spend very little time at home these erasing cycles have been starting to become very time-consuming, so now I'm forced to cut back on my disk cleaning efforts. That, and I'm also starting to become far more careful to not save plaintext on my computer in the first place (I always open a private window on Chromium prior to browsing 4chan or Danbooru).

So, basically, the question is: are these disk cleaning procedures enough?
nouveau sereph's avatar

Shameless Enabler

I'm interested to know what you're involved in that has created such a climate of paranoia around your computer use.
Lanackse-Kanvae's avatar

Perfect Lunatic

10,950 Points
  • Dressed Up 200
  • Forum Regular 100
  • Elocutionist 200
To think that I've been called paranoid about my computer use.
HennesyXO
So, basically, the question is: are these disk cleaning procedures enough?
Enough for what?

Did you ever think about changing the location for your browsers cache and the temp folder to a location on an encrypted disk?
Sitwon's avatar

8,500 Points
  • Gaian 50
  • Member 100
  • Contributor 150
HennesyXO
So, basically, the question is: are these disk cleaning procedures enough?
Actually, I think you might be going over the top and putting yourself at unnecessary risk.

HennesyXO
OK, so, as a network engineer who has studied topics on encryption and security, I know damn well how easy it is to recover stuff like a highly compromising legal declaration, or let's be honest, that folder of lewd Japanese drawings of fictional girls, so in order to avoid this I religiously encrypt absolutely everything I wouldn't like others to see and I erase my hard drives' contents every week.
Ok, the encryption part makes sense, but erasing your hard drive every week really doesn't. What type of security is that supposed to buy you exactly? You're just putting wear and tear on the hard drive and increasing the chance of the drive failing and taking your data down with it.

HennesyXO
The only thing that keeps me from using full disk encryption is the fact that Truecrypt doesn't supports dual-boot systems,
That's fine. I think dual-boot setups are stupid anyways.

HennesyXO
and I require Windows because I'm a huge fan of Touhou Project and I've had a rather hard time getting Touhou games running on Debian Wheezy (I've only managed to run EOSD, Imperishable Night and Mountain of Faith).
This is why we have such great virtualization solutions available today. Run Windows in a VM. Or run Debian in a VM. Either way, use a VM and then you can use FDE and still run everything you need to.

HennesyXO
The erasure process goes like this:


  • Weekly erasing: Just a quick pass of Windows's Eraser utility, then I fill my Linux partition with /dev/urandom noise and then I run sfill and sswap to clear anything that remained as well as my swap partition.
You know, you could just setup an encrypted swap partition with a randomized password that changes on every boot. And I'm still not clear on what you're getting, other than wear and tear on your drive, by wiping it all the time.
HennesyXO
  • Bi-weekly erasing: Create a Truecrypt volume spanning all the partition's free space, run one pass of Eraser on them, then /dev/urandom, sfill and sswap on my Linux partitions.
  • If this is on Linux, why are you using Truecrypt rather than dm-crypt? Seems like an unnecessary third-party dependency. Also, you're moving the job from kernel-space to user-space where it's probably less secure.
    HennesyXO
  • Monthly erasing: Eraser on Windows is run with Bruce Schneier's 7-pass method, Linux erasure is done with 7 passes of /dev/urandom as well. This is finished with one final pass of encrypted /dev/urandom on everything.
  • What the hell is "encrypted /dev/urandom"? You're encrypting random data?
    HennesyXO
  • Annual erasing: Uses 35-pass Gutmann instead of Schneier's 7-pass. This is followed with 3 passes of encrypted /dev/urandom on all my drives' free space.
  • Destroying a drive with DBAN and restoring its contents with Clonezilla is out of the question because it would be extremely lengthy and I don't have that much time to spare.
  • So when you do these erasures, of the drive/partition, what are you doing with the data? How are you protecting your data while you're wiping the partition it's on?

    HennesyXO
    Thing is, because I spend very little time at home these erasing cycles have been starting to become very time-consuming, so now I'm forced to cut back on my disk cleaning efforts. That, and I'm also starting to become far more careful to not save plaintext on my computer in the first place (I always open a private window on Chromium prior to browsing 4chan or Danbooru).
    You're going to a lot of effort and spending a lot of time and energy that doesn't seem to be necessary or even advisable. Just use FDE and be done with it. (If you're running Linux as your primary OS, use dm-crypt and encrypt your swap partition.)
    HennesyXO
    So, basically, the question is: are these disk cleaning procedures enough?
    They are unnecessary and ill-advised.

    You only need to do a 7-pass wipe on your drive when you're disposing of it.

    Use dm-crypt on Linux and Truecrypt on Windows, and stop worrying.
    Well, then I guess it's decided: one single pass of random data is enough, and it's fast enough to run over the course of one night of sleep too. Once I have the time to do my annual Windows reinstall I'll set up the required encryption and s**t.

    Also: no, it has to be a physical Windows, because my shitputer has no hardware virtualization and runs on a 2005 vintage GPU, which means it can barely run Starcraft 1 or Microsoft Office on a VM. I won't be able to afford anything superior in at least 4 months.
    So, put off your annual reinstall until then.
    I think you should really considering looking up some more recent information on disk overwrite recovery. All of the experiments and papers are from, or reference, work done in the 90s.

    This was back when drives were in 40GB range, so drive density per platter was MUCH lower than the 2TB drives of today. The individual cells, and edges around them, were identifiable on an STM microscope.

    Now-a-days the drive density is so high that it's much, MUCH harder (read: impossible) to work like this. The sectors are just too damn small. If the drive itself can't read it (in that it has actually been overwritten with SOMETHING), it's fine.

    http://www.nber.org/sys-admin/overwritten-data-guttman.html
    http://eraser.heidi.ie/forum/viewtopic.php?f=42&t=5509 (has several links in the threads)

    If you can point me to a single example of retrieving a target file from a 2TB drive that has ever been overwritten I'll be happy to eat my hat.
    HennesyXO
    Well, then I guess it's decided: one single pass of random data is enough, and it's fast enough to run over the course of one night of sleep too. Once I have the time to do my annual Windows reinstall I'll set up the required encryption and s**t.

    Also: no, it has to be a physical Windows, because my shitputer has no hardware virtualization and runs on a 2005 vintage GPU, which means it can barely run Starcraft 1 or Microsoft Office on a VM. I won't be able to afford anything superior in at least 4 months.
    I take it 4 months from now is when your epic Swiss bank account hacking schemes are going to come to fruition...?
    in before it's something illegal.
    Just use TrueCrypt (with a double partition so you have plausible deniability) emotion_awesome

    When you're done with your hard drive, destroy the physical media. All the wipe procedures you list just mean a greater chance for you to accidentally erase something you'd want to keep.

    Quick Reply

    Submit
    Manage Your Items
    Other Stuff
    Get Items
    Get Gaia Cash
    Where Everyone Hangs Out
    Other Community Areas
    Virtual Spaces
    Fun Stuff
    Gaia's Games