[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] destroy old drives



Yet more reasons to use encrypted storage.

Isn't there an enterprise solution for this using key servers to unlock the
partitions at boot?  Take the server/disks off the LAN and there aren't any key
servers available.



On 4/11/19 4:31 PM, Alex Carver via Ale wrote:
> If someone really wants your data, holes don't matter.  The rest of the
> platter is still intact in that case and can have the data extracted.
> 
> There's also no guarantee that Dban can write enough to be sure that the
> magnetic domains are fully randomized deep in the platter.  The longer
> data sits statically on the disk  the more opportunity for the surface
> domain to imprint on deeper domains (this is actually a problem with
> magnetic tape, magnetic data can print through from one layer of tape to
> the next layer when it's wound on the spindle).
> 
> A serious entity can perform a deep level scan of the platter and
> retrieve the low level signal under the surface domains and see previous
> data.  The drive head typically isn't powerful enough to write that
> deeply because it has to keep the tracks narrow.
> 
> On 2019-04-11 12:13, Steve Litt via Ale wrote:
>> On Wed, 10 Apr 2019 22:11:42 -0400
>> Jim Kinney <jim.kinney at gmail.com> wrote:
>>
>>> Dban advantage: it can be done across hundreds or thousands of drives
>>> before larcenous third party "shredders" physically touch the drives.
>>
>> That's a good point.
>>
>> Doesn't dban take an hour or more? How many drives can I do with one
>> computer? How long would it take to test whether each is really blank?
>>
>> What might be nice with 1000 drives to do is dban followed by drilling
>> 3 holes in each drive. I'd say each drive would take 1 minute for 3
>> holes, so it's about 2 days for one employee to drill the holes. Or,
>> perhaps, one employee could both dban and drill the holes, drilling the
>> holes while the next batch is dbanning.