Comments

Brian January 3, 2025 12:08 PM

ShredOS is by far the easiest way to get nwipe up and running. If you are still using dban get ready for a huge leap forward. They added support for PDF reports that get autogenerated that could be useful if you need a paper trail. ShredOS has a simple config file so you could even turn it into a auto nuke boot disk or change other defaults.

Clive Robinson January 3, 2025 4:05 PM

@ ALL,

A couple of points to consider,

1, Is possession circumstantial evidence.
2, How far down the stack does the erase process happen.

Prosecutors use anything and everything they can to try to get a conviction of some form (it’s why they tack those conspiracy charges on just about everything).

They will use the fact you have this OS/Program as evidence against you if you have it in your possession or even looked it up on the Internet, irrespective of if you have ever used it.

The way around this is by a “policy” in a binder for the reuse and disposal of drives with the stated aim of protecting against financial and other crimes such as Identity Theft and protection of IP etc.

There are all to many examples of Hard Drives turning up with confidential information on them at the equivalent of “car boot sales” etc. This happens all to often where people or businesses have “upgraded” computers. And other have purchased the PCs, “dumpster dive” them or receive them for charity. With the acquired PCs being “re-conditioned” or “stripped for parts” before “selling on” or “donating through charity” etc (I help a Charity from time to time and what I see on PCs quite often would shock you and I don’t just mean NSFW files).

Thus it is “Good PC Hygiene” to plan in advance, and make a folder up detailing the Who, Why, Where, and How of the “cleaning” and “restoration” process where you re-install the OS, Drivers, Apps, and Data.

Thus possession of such a tool can be shown to be a “prudent behaviour” and part of a well instituted business or personal “Protection against crime” process. Just like putting bolts and locks on doors and windows, and most certainly not an indicator of “criminal intent” etc a prosecutor might try to leverage.

So my other concern is just how far down the storage stack this software goes. The documentation does not say, however the use of Linux suggests not as far down as might be needed.

The thing is semi-mutable memory like magnetic media and Flash memory used in modern consumer and commercial storage devices is not “top notch” in fact a lot of it could be viewed as “scrapings from under the barrel” and it’s reliability not what you might hope (there’s also environmental factors where the very high density very small device sizes can get zapped by particles from radioisotope decay).

The storage device manufacturers thus add extra storage that can be swapped in as a replacement when errors are detected from a storage block. This swap is done automatically by a microcontroller on the storage device it’s self, often in a very proprietary way. That is well behind and below where the storage device appears in the stack to the PC interface the PC Thus is effectively invisible to the PC it’s device drivers and OS, but not to a forensic investigator with the right tool set.

So data that does not get wiped by this tool may remain on the storage device.

Is there a way around this problem?

Well sort of…

If you encrypt your hard drives from first use, then any apps or data “You Add” will be encrypted.

Does this keep it secure?

Yes and No it depends on where the encryption keys are and if you can access them or not.

For a computer to boot from an encrypted drive it obviously needs the “Key Material”(KeyMat) which means one of three things,

1, The KeyMat on the drive.
2, The user has to type it in in some way.
3, The KeyMat is in a “Hardware Security Module”(HSM) or similar on the PC or Network.

The first suffers from the issue, it might end up in one of those “bad sectors/clusters” that have been swapped thus much or all of it might turn up in forensic examination. A way to reduce this is a form of key splitting where you break the key down into N parts, distributed around the drive where M of them are required to build the key. Oddly if done right this improves not just your security, but reliability as well.

The second suffers from “Human Issues” and even long pass phrases rarely provide sufficient entropy. And the ability of “jo(e) Average” to be able to remember more than 16bits of entropy being quite questionable as so many Password Cracking competitions have shown.

The third has the advantage that an HSM can be put on a Smart Card or similar that plugs into the PC this can usually store multiple keys with full entropy with relative ease. However remember you are just “shifting the problem” when it comes to Law Enforcement Organisations, they can compel in various ways to have you access any HSM, and mostly the legislation is written so the “burden of proof” is on you to show beyond all doubt that you can not provide the encryption key or access to it.

Whilst there are ways this can be done, and I’ve mentioned them in the past few will be able to do such things in practice both mentally and materially.

There are times when a very old 8088/6 PC with a floppy disk drive and a Centronics interface dot matrix printer can be your friend. That is the floppies are fairly easy to erase permanently across the entire surface and neither the PC or Printer has storage that survives beyond a few moments of power off. You can build similar with equipment that is pre 1995 but the following decade saw changes and no PC after 2005 can be considered as being able to be made secure by the average person or even Techie.

Worse the likes of Microsoft and Apple are going down two paths,

1, Client side scanning.
2, Pulling all user data into the cloud.

This leaves few options for those that actually want some modicum of privacy against attackers out for any kind of gain they can make.

Remember even “End to End Encryption”(E2EE) on communications is fairly useless protection with what Apple and Microsoft are in effect forcing on users.

Royce Williams January 3, 2025 4:39 PM

A solid effort, with a couple of important usage notes:

  1. nwipe (that this project is a wrapper for) does not yet directly support the best method for sanitizing flash (the ATA Secure Erase command, wwhich uses an encrypt-then-discard-keys approach). Overwriting is not effective for sanitizing flash. In the short term, this you will need to manually execute some hdparm commands to invoke ATA Secure Erase for flash. (The nwipe project is actively working on directly integrating these commands, but the work is not yet complete.)
  2. Seven passes of writes has been overkill since hard drives got bigger than about 20MB. This was the threshold at which there wasn’t enough fallow magnetic material between tracks to be able to reconstruct the values that used to be on the tracks. Modern spinning drives have far too little “wasted” material between data tracks to be used for this purpose. Quoting Gutmann’s own paper (“Secure Deletion of Data from Magnetic and Solid-State Memory”, 1996:

“In particular the drives in use at the time that this paper was originally written are long since extinct, so the methods that applied specifically to the older, lower-density technology don’t apply any more. Conversely, with modern high-density drives, even if you’ve got 10KB of sensitive data on a drive and can’t erase it with 100% certainty, the chances of an adversary being able to find the erased traces of that 10KB in 200GB of other erased traces are close to zero.”

Dinah January 3, 2025 9:44 PM

If this is against the spirit of your new moderation policies, by all means delete it.

The 90s neo-noir/cyberpunk film “Strange Days” revolves around a technology called SQUID. It’s a great movie in its own right but after nearly 20 years of seeing your squid posts, I can’t believe it never occurred to me to bring this up until now.

Thank you for your writings. They’ve been invaluable to me both technologically and regarding security in a broader sense. I’m in my mid 40s now and have been reading your blog pretty regularly since my 20s. It’s not overstating it to say you’ve helped form my core of how I think about privacy and security.

Geoffrey Nicoletti January 4, 2025 1:49 AM

ShredOs makes me think that there always was a movement of “adding hardware” as hardware shrunk till you get a computer on a chip and cache distance shrinks. So what? Well, programming (software) can do the same thing. Separate steps of a new install of an OS can add preliminary steps to it such as a thorough wipe.

ravn January 5, 2025 10:53 PM

@Royce Williams

thank you for the info!

About this …

the chances of an adversary being able to find the erased traces of that 10KB in 200GB of other erased traces are close to zero.

Might that be any different in our current era of Artificial Intelligence?

Who? January 8, 2025 11:22 AM

This one is the operating system data brokers like Alphabet or Meta should be running on its storage devices, at least weekly.

ShredOS, and DBAN before it, are great ways to test HDD reliability too (a full DoD 5220.22-M wiping may last up to two days for a large HDD drive). It would be great nwipe being able to sanitise SSDs too: it can’t, but at least its developer points to some documentation about how using hdparm, sg-utils and nvme-cli to do a secure erase on these drives, the right way to sanitise solid storage devices.

I use it to clean my drives when assigning machines to new projects.

Clive Robinson February 4, 2025 8:44 PM

@ Rontea, ALL,

With regards,

“If my possessions are digital, does that make them lighter?”

It “depends on your bits” but if your bits are the same as most, it does mean they can be copied at the speed of light.

But,

“Is copying stealing?”

Well that is a question that is getting a rework thanks to LLM AI and no doubt certain types are rubbing their hands in anticipation of the riches to come…

Back in times long past property was considered to be something that was physical and unique. Cattle might look alike from even a short distance, but they did have small differences that made then unique and owners used to mark them clearly by branding and the like. Theft of unique objects could be recompensed by them being returned to the original owner, or a monetary equivalent paid (and the thief punished for the crime in some manner upto and including forfeiture of life in some quite entertaining ways).

At a later point in time it was realised that ideas had significant monetary value even though they had no physical substance. That is if you came up with say a much less expensive way to make a blue or purple cloth die rather than picking and pressing flowers or grinding down stones to finer than fine dust, then you had “an idea of some significant value” that you could protect with secrecy but not much else (see history of phoenician and later venetian glass and certain types of pottery such as porcelain and how those who knew the secret were “constrained”… Even the glaze on Delft Bricks had significant “trade value” thus was kept secret for a time).

But “Secrecy always fails” a lesson those who believe in NOBUS backdoors have yet to give up their cognitive bias on. And in some cases the existence of something like porcelain drives others to try experiments to “find the secret” and all to often come up with a better product, a less expensive way to make it, or both.

Put simply “ideas come of age” and “what can be done by one man can be done by another” almost contemporaneously. Claims of being first can be inordinately vexatious, at the best of times and hold great reward for being judged first.

Thus the notion of “priority” to the “initial discoverer”, such that they get sole benefit for a period of time so that they may make a return.

Hence the extension of Royal Warrants known as “Letters of Patent” back in Shakespeare’s time by Queen Elizabeth of England (but not Scotland which has it’s own story about secrecy and cryptography and killing your relatives for power and other jolly stuff not).

The problem as was found later is who gets priority if they are in different parts of the world, or somebody steals your idea?

Well that’s why we have “Intellectual Property”(IP) and judges and lawyers who specialise in “robbing Peter to pay Paul” over it, and thereby getting a big chunk of that “compensation” for themselves…

(As my father who was a well qualified accountant on the legal side –and trained subsequent generations– oft pointed out “Where there is such dispute, you will find a déclassé market, populated with the legal brethren, arguing like fishwives, for gross benefit”… Cynical but unfortunately true).

I do not know who came up with the first version of,

“You only own what you can keep from others”

But I suspect Shakespeare knew it well when writing,

“A horse, A horse, My Kingdom for a horse!”

(Having Richard III “Doing a Bosworth” of a valiant fail… Richard was also the last English Monarch to die in battle –so far–, and uniquely turn up buried under a Leicester Council car park… Though “Ricardian” types would argue he was doing,

“Sterling work for half a millennium acting as ‘A foundation for civil society'”

Or some such ;-).

Rontea February 13, 2025 3:45 PM

@Clive
“You only own what you can keep from others”

I think that is pretty much how we define property.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.