[ale] destroy old drives

Bryan L. Gay ale at bryangay.com
Tue Apr 23 23:06:12 EDT 2019 

I love LUKS. All my drives are LUKS encrypted. I enter my passphrase at
boot, the first drive is decrypted, and it unlocks the keys for the rest of
the drives that are then automagically decrypted and mounted.
Downside is that I can't remotely reboot my server, not that I'd want to.

On Thu, Apr 11, 2019 at 5:30 PM DJ-Pfulio via Ale <ale at ale.org> wrote:

> Yet more reasons to use encrypted storage.
>
> Isn't there an enterprise solution for this using key servers to unlock the
> partitions at boot?  Take the server/disks off the LAN and there aren't
> any key
> servers available.
>
>
>
> On 4/11/19 4:31 PM, Alex Carver via Ale wrote:
> > If someone really wants your data, holes don't matter.  The rest of the
> > platter is still intact in that case and can have the data extracted.
> >
> > There's also no guarantee that Dban can write enough to be sure that the
> > magnetic domains are fully randomized deep in the platter.  The longer
> > data sits statically on the disk  the more opportunity for the surface
> > domain to imprint on deeper domains (this is actually a problem with
> > magnetic tape, magnetic data can print through from one layer of tape to
> > the next layer when it's wound on the spindle).
> >
> > A serious entity can perform a deep level scan of the platter and
> > retrieve the low level signal under the surface domains and see previous
> > data.  The drive head typically isn't powerful enough to write that
> > deeply because it has to keep the tracks narrow.
> >
> > On 2019-04-11 12:13, Steve Litt via Ale wrote:
> >> On Wed, 10 Apr 2019 22:11:42 -0400
> >> Jim Kinney <jim.kinney at gmail.com> wrote:
> >>
> >>> Dban advantage: it can be done across hundreds or thousands of drives
> >>> before larcenous third party "shredders" physically touch the drives.
> >>
> >> That's a good point.
> >>
> >> Doesn't dban take an hour or more? How many drives can I do with one
> >> computer? How long would it take to test whether each is really blank?
> >>
> >> What might be nice with 1000 drives to do is dban followed by drilling
> >> 3 holes in each drive. I'd say each drive would take 1 minute for 3
> >> holes, so it's about 2 days for one employee to drill the holes. Or,
> >> perhaps, one employee could both dban and drill the holes, drilling the
> >> holes while the next batch is dbanning.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20190423/a90960db/attachment.html>

More information about the Ale mailing list