New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Don't tell me you still receiving mails from your old plesk server that you let it expire last time ?
You can blkdiscard the nvme and ssd and that’ll zero the whole drive within a few seconds.
Francisco
Really? Is that command enough to prevent recovery if it only takes a few seconds?
You can try it and then read off the data and it’ll all be wiped.
hexdump will show all zeros.
Francisco
No, I have always secure-erased all the servers before getting rid of them, always. And have never used plesk btw
Is it possible to recover data in any way or with any tool if I use that command?
I mean, if hexdump is returning zeros then the data is as good as gone.
Maybe someone smarter than me can confirm otherwise but I use it any time I need to quickly reprovision drives.
Francisco
Blkdiscard sends trim command to SSD. Theres no way to recover data by software then, because controller treats whole disk like zeroes and will ouput just zeroes. Thats why @Francisco sees only zeroes.
Depending on controller and hardware it may be possible to dump data from flash chip iself, althrough nobody will do it unless youre top10 most wanted by feds
If you use blkdiscard you can still recover GPT table/header, because you are not deleting these areas (and there is no reason to do so). If you want to wipe these areas use wipefs.
blkdiscard the root device, not the partition, and it should wack the partition table too
Francisco
Are you sure about that?
"If your disk was partitioned with GPT you also need to zero the end of the disk. There is a backup copy of GPT header here."
https://utcc.utoronto.ca/~cks/space/blog/linux/ErasingSSDsWithBlkdiscard?showcomments
My understanding is that it marks blocks for deletion in the controller, right? If that's the case, doesn't it mean that the blocks may not be deleted right away but it may take a while, and we don't have a means to see/get a confirmation when it's finished, I guess? Also does this even work in a virtual machine where the controller/interface is virtualized?
dd if=/dev/urandom of=/dev/vda status=progressI really would've thought it would've grabbed it all, but hey, i'll try it next time I blow out a drive. I'll do a
wipefs -aafterwards and see if it spots something.Francisco
I have used this method as well sometimes, it's also quite slow
Cryptoshredding.
Start with full disk encryption. When you want to return/cancel the server, encrypt your original set of keys with another set of keys, and then lose the new keys. Lose all keys.
Always use FDE on all cloud drives.
dd is very slow on it. I use the ATA secure erase enhanced through hdparm when I don't need to do any last minute checks on the health of the drive. If that is the case, I'll use badblocks. There has been some drives (SSD) in the past that wouldn't take a secure-erase even if they where not frozen in those cases, I'll also use badblocks. However it is horrendously slow.
I try not to get comfortable using dd,blkdiscard,wipefs encase i have a stroke and do it on a live system.
Is dBAN still a thing that people use? A lot of places I used to work for in the far past, dban was the go-to for decommissioning old servers out and if there was a problem you'd be drilling the platters.
It's slow because
dd's block size has been unchanged for decades and defaults to 512 bytes. For modern systems you need 1000 times that. Setbs=512Kand the performance suddenly becomes decent. You can also just usecatinstead ofdd- internally it has reasonable block size for modern systems.Yes. Always wipe with random data, not zeroes.
Though as stoned says, it is far better to use FDE and just destroy all copies of the keys.
Not matter what you do, afterwards reformat the drive with a common filesystem and fill it with presents for anyone who does try to read your old data: shock images (goatse, lemonparty, bluewaffle, …), rick-rolls, ete. Use innocuous filenames to not give the game away. Then very lightly delete that, maybe just zero out the partition table, so anyone looking will find your gift without much trouble.
I tell people where my present is:
This is from Webhosting24 Munich 1GB service transfer.
@brueggus bought this one.
20230114132858.mov a.k.a. onesunnytwocups.mov
It's 11 push-ups on the roof of 40 E West St, Baltimore, MD 21230.
Original file is here:
https://s.yoursunny.dev/f/5418a7b8f5c74f6ba673/
(link valid for one day)
I generally don’t have important data, delete it directly
When I have some personal/critical data, I always run dd command to wipe the server disk with /dev/urandom twice, before abandoning it.
Another reason to visit Baltimore one day.
I will not delete, the manufacturer should reset the vps
dd or simply filling zeroes doesn't really delete data to the point of not being recoverable. There are more complex methods that are more effective like using darik's boot and nuke (dban) and select the appropriate method for your case.
My recommendation is to always LUKS Encrypt your linux servers. By following this best practice there will be less worry. For example dd in this case would be fine since the partition was encrypted. If anybody recovers anything it will be garbage.
Not professional advice.
Never rely on the actions of others to keep your data, and the data of your friends/family/customers/other safe. If you care at all, take precautions yourself.
I once had an extra drive added to a cheap server, and it came with the full filesystems of the previous user still present. I didn't look into it in any detail, but it looked like the drive came out of a machine used as a shared mysql server, so there could have been all sorts of stuff in those data files.
This discussion has been about dedicated servers. On a VPS encryption at rest rather than relying on deleting after is more important: your virtual storage could move around, with or without you knowing, as the provider reshapes its storage architecture to changing needs. So you can wipe where it currently lives, but it might still expect where it was previously copied from.
Of course if you don't care about the data getting out because it is just yours, and you know it contains nothing remotely sensitive, then go ahead and keep not bothering to care.
The short answer is yes, I ensure that data cannot be recovered before disposing of the device or drive. In general, I am not concerned about a well-funded adversary like a government. My threat model is students, security researchers, random people who may pick up an accidentally dropped flash drive, etc.
Here is the long detailed answer:
If the drive or system is new, then I encrypt it immediately before putting it to use with any real data. That includes using temporary passwords for new accounts if I must startup the system, like a Mac. No "real" data goes on the drive until the encryption is complete. My assumption is that all of my data written to that drive is encrypted and cannot be recovered without the keys. The encryption covers any of my data that may not be reachable later, e.g. bad blocks that are replaced, etc. Make sure you know how to destroy the keys to make the data unrecoverable. Of course there is no harm if you want "extra assurance" by wiping the drive with random data, assuming you have the time and interest.
Knowing and understanding how drives work at a low level is helpful. I feel comfortable using dd and /dev/urandom to overwrite the drive if the drive can be reused by someone else. Keep in mind that drives may have sensitive data in reserved spaces that are inaccessible to dd, such as blocks that were moved to bad block tables, etc. That includes solid-state drives. That data can be recovered using special techniques, but is not generally a concern based on how I use drives today and the data that may be on them.
Some drives may require physical destruction. The drive may be functionally inoperable and cannot be wiped, for example. If your drive is worthy of attention from a well-funded adversary (like a government), then physical destruction is appropriate. Imagine a drive with the travel itinerary for a terrorist leader, something like that. There has been research over the years on how to recover data from "wiped" drives. It is not in my threat model, but may be a concern for others.
If a drive must be physically destroyed and it is a spinning disk, I usually disassemble the drive and recover the neodymium magnets inside. Bend the ends of the "frames" to release the u-shaped magnets. Prying them with a screwdriver will break the brittle magnets. Those magnets have many uses in a workshop and elsewhere. CAUTION: Those magnets are powerful enough to injure you by pinching off skin. Keep them away from children!
As you disassemble a spinning disk drive, you must remove the platters and separate them from one another. Aligning separated platters is nearly impossible, and the data is effectively unrecoverable at that point. Nonetheless, I bend and scratch the platters with pliers to ensure that data recovery goes beyond challenging. CAUTION: Smaller drives have platters made of glass that will shatter into tiny, dangerous, razor-sharp shards that explode and spread everywhere in a room. Put the glass platter inside a thick plastic bag and bend it with tools (not hands) until the platter shatters. Wear eye protection, just in case. The bag contains the mess. Separated platters that have been bent or shattered can normally be disposed in an ordinary trash can or rubbish bin without concern.
Once I had to deal with a room full of drives for destruction. In that case, I brought in a benchtop drill press and used a large "throwaway" drill bit to punch a few holes through the platter section of each drive. (Remember to contain those broken glass pieces!) It was quick and easy. (I have friends who own guns and have used old drives as practice targets. I have not tried it myself, but would advise others to count drives and evaluate the destructive effectiveness when finished. I will not opine on how effective it is.)
I have worked in facilities with very sensitive data and very strong safeguards to match. In those cases, we used a drive shredder that grinds drives into small metal filings. You open a mailbox hatch, drop the drive in, and a large grinder takes over and shreds the drive. The outer case had plastic windows so people could witness the destruction. I doubt that any of those drive shredders are in use by ordinary consumers. I bet that a few people have built home-brew versions just for the fun and bragging rights at hacker gatherings.
These days, much of our data is stored on solid state devices, like flash memory in various forms - thumb drives, SSDs, etc. If I can't wipe the drive for reuse, then I will take pliers and physically destroy the chips. After that, I take it to our county's hazardous waste disposal along with the household batteries, etc.