Hmm, maybe they haven’t heard that there are operating systems other than the ones that Microsoft provide which supply extremely tight encryption methods!
All my (data sensitive) hard drives are first filled entirely with random encrypted “garbage” before use, then setup with a LUKS encrypted partition.
I takes a long time, especially the bigger drives. My 1tb external took 14 hours to prepare, but I’m confident that it would take a very dedicated and experienced hacker or a tech savvy government agency to get anything off it!
Even Microsoft provide an encryption option in their higher priced versions of Vista I believe.
Touting “the only way” seems a little uneducated, and misinformative at worst.
Sadly they are not allowing feedback on that story :sarcastic:.
Yes, “Vernon’s Hard Disk Crusher” puts me to sleep. And Chrysantine
and growbag obviously have NO idea just how much code cracking power
the USA’s National Security Agency <http://www.nsa.gov/> has. Nothing
mentioned so far (not even the mighty Micro$oft) can keep them from
reading your mail.
Despite what they say in this video, some (most probably) of the data
is STILL recoverable if you use this as a guide: http://www.youtube.com/watch?v=uqxtWhWTxnc&feature=related
(Because the platter halves can still be read. Difficult yes, but
doable.)
I’d take computer security advice from Which Magazine, the BBC, or any similar source with a grain of salt. A more credible source of information on media destruction is NIST SP800-88.
Note than most EIDE and SATA drives manufactured since 2000 support Secure Erase. Secure Erase Software, instructions, and discussion of different erasure techniques and their effectiveness available here: (http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml).
Another common approach is Darik’s Boot and Nuke aka DBAN. This is probably significantly slower than Secure Erase.
SE or DBAN should be more than effective for most people’s needs. If you have a legitimate worry that the NSA may want to recover data from your old drives, you have bigger problems than anyone here is likely to be able to help you with.
BTW If you use encryption and throw away the key to secure old data, make sure you use a decent full disk encryption package with a key that has lots of entropy. See Appendix A in NIST SP800-63.
A lot of software that encrypts data is garbage (e.g. see With 256-bit encryption, Acrobat 9 passwords still easy to crack). Even if the software uses a strong cipher and a secure hash function, if there are no salting and key strengthening functions then you need to use a much stronger key than most people typically use. You don’t need the NSA’s acres of supercomputers to crack most keys. Given the common use of low-entropy keys, the supercomputer on your desktop has more than enough power. ](http://blogs.zdnet.com/security/?p=2271)
> All my (data sensitive) hard drives are first filled entirely with
> random encrypted “garbage” before use, then setup with a LUKS encrypted
> partition.
Encrypted garbage? Seems a strange notion.
I mean, if you want to fill the drive with garbage, what’s the point of
also encrypting it? (the garbage or the drive, eighter is just silly)
Obviously I don’t encrypt garbage, it was simply a mistake in my writing :sarcastic:.
I use dd to fill the drive with random “garbage” (that means random bytes of between 00h and ffh, not stuff I pulled out of the garbage can outside my house to people who wish to argue pointless semantics!!!).
Oh go on, please tell me that it could actually be “words” and not “bytes”, therefore I am wrong again :.
As far as I’m concerned, a punch in the face is simply a punch in the face, I’m not at all concerned about the angle and velocity, nor the wind speed at the time of punching. Irrelevant details are simply irrelevant in my opinion :P.
Acceptable to whom? NIST’s acceptable media disposal methods are in SP 800-88.
Aside from being NIST-approved, your drive’s Secure Erase command is faster and more effective that DoD 5220 block over-writing software. You can get the software to use the Secure Erase command from UCSD. Note that some BIOS chips block the Secure Erase command for your own protection but you can work around this.
There’s also an enhanced version of SE available on some drives (e.g. Seagate) that is very fast. It changes and then destroys the encryption key to the hardware-based encryption built into these drives. If you have a drive that supports hardware FDE, run enhanced-SE and then regular SE. It wouldn’t add much time over just SE as E-SE takes only seconds. .
