My disk erasing procedures -- do you think that's enough?

[Da_Nuke]

OK, so, as a network engineer who has studied topics on encryption and security, I know damn well how easy it is to retrieve supposedly erased stuff from an HD like a highly compromising legal declaration, or let's be honest, that folder of lewd Japanese drawings of fictional girls, so in order to avoid this I religiously encrypt absolutely everything I wouldn't like others to see and I erase my hard drives' contents every week. The only thing that keeps me from using full disk encryption is the fact that Truecrypt doesn't supports dual-boot systems, and I require Windows because I'm a huge fan of Touhou Project in my experience it's been rather hard to get Touhou games running on Debian Wheezy (I've only managed to run EOSD, Imperishable Night and Mountain of Faith).

The erasure process goes like this:

• Weekly erasing: Just a quick pass of Windows's Eraser utility, then I fill my Linux partition with /dev/urandom noise and then I run sfill and sswap to clear anything that remained as well as my swap partition.
  
• Bi-weekly erasing: Create a Truecrypt volume spanning all the partition's free space, run one pass of Eraser on them, then /dev/urandom, sfill and sswap on my Linux partitions.
  
• Monthly erasing: Eraser on Windows is run with Bruce Schneier's 7-pass method, Linux erasure is done with 7 passes of /dev/urandom as well. This is finished with one final pass of encrypted /dev/urandom on everything.
  
• Annual erasing: Uses 35-pass Gutmann instead of Schneier's 7-pass. This is followed with 3 passes of encrypted /dev/urandom on all my drives' free space.
  
• Destroying a drive with DBAN and restoring its contents with Clonezilla is out of the question because it would be extremely lengthy and I don't have that much time to spare.

Thing is, because I spend very little time at home these erasing cycles have been starting to become very time-consuming, so now I'm forced to cut back on my disk cleaning efforts. That, and I'm also starting to become far more careful to not save plaintext on my computer in the first place (I always open a private window on Chromium prior to browsing 4chan or Danbooru).

So, basically, the question is: are these disk cleaning procedures enough?

[BoneKracker]

No. Stop deceiving yourself with all this flailing. You are still not protected. There is only one way you can be adequately protected, and that is to operate entirely in RAM without a hard disk altogether (or from a read-only disk). This is what you need:
http://opensource.dyc.edu/tinhat

Keep in mind, however, that data can actually be recovered from RAM chips for a while even after a computer has been shut down, and this can be used to recover encryption keys for any disk encryption anyway. So to be safe, you must power off the system and then sit there to maintain absolute physical control over the RAM for at least a 5-minute power dissipation interval (10 minutes to be super, super safe).
https://citp.princeton.edu/research/memory/

For variable persistent data (including things like /var /home and so on), you should use an encrypted removable flash stick (i.e. jump drive, thumb drive, etc.). If you yourself fall into their clutches, you can then swallow it or shove it deep (deeper than a tall man's fingers) in your ass.
_________________
Oldthinkers unbellyfeel INGSOC.
-- Headline of a document on Winston Smith's terminal in his cubicle at the Ministry of Truth, seen briefly in the background in one scene of the movie rendition of Nineteen Eighty-Four.

[Muso]

Bleach + Sledgehammer = Erased.
_________________
If I had a dollar for every time capitalism was blamed for the problems caused by government, I'd be a fat filmmaker with a baseball cap

[aidanjt]

If you're that paranoid, then just do full-disk encryption ffs. And run windows in a VM (VMware 8 actually produces very usable 3D accel).
_________________

[cach0rr0]

my setup for my boxen that require windows:

-grub and /boot on unencrypted usb stick
-crypt keys on separate usb stick, that's really a micro-sd adapter. I can swallow a microsd card in a pinch.
-sda1 == windows, only encrypted containers via truecrypt
-sda2-* == gentoo, dmcrypt=>lvm volumes, everything encrypted

more than sufficient, and functional.

your weekly overwrites are absurdly excessive. seriously. I'm the guy talking about swallowing a micro-sd card, and I'm saying your weekly overwrites are absurd.

[username234]

[aidanjt]

Yeah I tend to just dd /dev/zero over spinners and use hdparm --security-erase on ssds. That's ample to make the data entirely inaccessible to pretty much anyone (certainly for SSDs, since every block is reset to all zeroes). The ATA erase command can be done on spinners too but it isn't any faster than dd.
_________________

[energyman76b]

dd if/dev/zero is even save enough for all the paranoids out there. Doing more does not increase your security.
_________________

[danomac]

For the drives at work, I take the drives apart, remove the platters, and use my belt sander with a 40-grit sandpaper on them. Doubtful that'll be recoverable.

[aidanjt]

[nomilieu]

[jdmulloy]

What do you mean Truecrypt doesn't support dual boot? I'm 0pretty sure you can just encrypt the Windows partition and use dmcrypt for the Linux partition. I use dmcrypt on my home workstation and laptop. I don't bother encrypting the Windows 7 partition on my workstation since it's pretty much just for gaming. I'd suggest just using dmcrypt on Linux and not doing anything sensitive on Windows. Even if you did use encryption on Windows you're still susceptible to viruses so again I would recommend not ever doing anything sensitive on Windows. Also if you have a higher end version of Windows Vista/7 you can use bitlocker to encrypt the drive. Of course this does mean you have to trust that Microsoft didn't screw up the implementation or provide a backdoor for governments.
_________________
Joe Mulloy | http://twitter.com/jdmulloy | Ron Paul in 2012! | 5-1-07 | Unban Playfool | Fire your "Too big to fail" bank http://moveyourmoney.info

[sts]

Yeah, what everyone else said:

1) dm-crypt is the defacto FDE for linux.

2) All you need to irrevocably erase data is to overwrite it (such as with /dev/zero) at the device level. Data recovery relies on filesystem metadata and filesystem laziness (not overwriting deleted files). The Gutmann method was developed for outdated technology (MFM/RLL encoded disks), all you're doing is reducing the life of your hard drive. Also the "Secure Erase" standard is supported by hdparm if you'd like to use that.

[If you're using SSD, things are a bit more tricky. Might want to use FDE from the start since full erasure is hard to guarantee.]


Disk encryption is good protection against a stolen hard drive but you can't really do much for protection against the gov (or any sufficiently motivated organization with vast resources). If you're doing something illegal or you've otherwise captured their attention they'll just find other ways to convict (ISP records, email, server logs, data leakage, arresting you while you are using your laptop and everything is open, etc) or compel you to decrypt the drive.

[sts]

[BoneKracker]

[nomilieu]

[charly]

PEBKAC

(all security, that is)
_________________
"Isn't it enough to see that a garden is beautiful without having to believe that there are fairies at the bottom of it too?" - Douglas Adams

[charly]

[sts]

[charly]

[jdmulloy]

[BoneKracker]

And, if you do write it down, be sure to shove it deep in your ass.
_________________
Oldthinkers unbellyfeel INGSOC.
-- Headline of a document on Winston Smith's terminal in his cubicle at the Ministry of Truth, seen briefly in the background in one scene of the movie rendition of Nineteen Eighty-Four.

[aidanjt]

[cach0rr0]

by the by, is dmcrypt on SSD's still a no-go?

reorganizing my travel gear, gong to snag a new Thinkpad

if dmcrypt is still a no-go with SSD, I buy one with a 7200RPM disk that's big enough for my media
if dmcrypt and SSD's can play nicely with each other now (i.e. is the built-in wear-leveling sufficient? is a periodic wiper.sh sufficient?), I snag one with an SSD, and bring along a small external drive in my kit

[aidanjt]

The only real big problem with dm-crypt on SSD is that TRIM is disabled, and performance gets hit by the random noise already written to all cells. It wont significantly shorten the lifespan of the disk, but performance will be nowhere near the same as an unencrypted disk.

Maybe you'd be more interested in one of the hybrid drives which pretty much use flash as a huge buffer.
_________________