New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
srm -Drv first with for your home directories, etc and root. After that rebooting to a rescue mode and running dd if=/dev/urandom of=/dev/sda should be good enough.
If you really have sensitive data on your remote system, it should be encrypted in the first place at rest either on filesystem level or file level with gpg using very long and fully random passwords.
On the other hand who you are concerned about, the datacenter folks snooping around or the next user who just happens to be malicious.
I understand using this command to "wipe" an external drive. How would this work in a VPS with one drive? As it writes its randomness, it will be destroying the OS that its running on...
You boot to a rescue mode/live iso to do it.
If you are worried that the next customer who gets assigned to the server can access your data, then blkdiscard is safe. After a blkdiscard, it is not possible to access any data using SATA or NVMe protocols. The drive will return only zeroes.
However, data recovery is still possible, but you need to use raw NAND protocols which requires deassembling the drive and soldering wires directly onto the NAND. Here is an example on data recovery from an SD card that was blkdiscarded accidentally.
But blkdiscard, from what I understood, sends a signal to the controller but doesn't mean that the data deletion happens right away, right?
Correct, the controller will mark the data as deleted. But the data will remain on the NAND memory until it is overwritten by newer data. The controller is 'lazy' in a way that if you do not write new data to the drive, the old data will remain on the NAND forever.
Since the controller is aware the data should be deleted, it won't ever give the data back to you. So to recover the data, you have to somehow "hack" the controller, either by doing soldering on the NAND or maybe finding a bug/backdoor in the controller that allows access to the raw data stored on the NAND.