Usually my process is very… hammer and drill related - but I have a family member who is interested in taking my latest batch of hard drives after I upgraded.

What are the best (linux) tools for the process? I’d like to run some tests to make sure they’re good first and also do a full zero out of any data. (Used to be a raid if that matters)

Edit: Thanks all, process is officially started, will probably run for quite a while. Appreciate the advice!

  • rentar42@kbin.social
    link
    fedilink
    arrow-up
    11
    ·
    11 months ago

    it’s not much use now, but to basically avoid the entire issue just use whole disk encryption the next time. Then it’s basically pre-wiped as soon as you “lose” the encryption key. Then simply deleting the partition table will present the disk as empty and there’s no chance of recovering any prior content.

    • WasPentalive
      link
      fedilink
      English
      arrow-up
      5
      ·
      11 months ago

      Does one have to supply the password at each boot with what you are describing - this sounds like the password is somewhere in the partition table. If so what do I google to learn more?

      • Illiterate Domine@infosec.pub
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        11 months ago

        There are many ways to setups full disk encryption on Linux, but the most common all involve LUKS. Providing a password at mount (during boot, for a root partition or perhaps later for a “data” volume) is a but more secure and more frequently done, but you can also use things like smart cards (like a Yubikey) or a keyfile (basically a file as the password rather than typed in) to decrypt.

        So, to actually answer your question, if you dont want to type passwords and are okay with the security implementations of storing the key with/near the system, putting a keyfile on removable storage that normally stays plugged in but can be removed to secure your disks is a common compromise. Here’s an approachable article about it.

        Search terms: “luks”, " keyfile", “evil maid”

      • rentar42@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        There’s many different ways with different performance tradeoffs. for example for my Homeland server I’ve set it up that I have to enter it every boot, which isn’t often. But I’ve also set it up to run a ssh server so I can enter it remotely.

        On my work laptop I simply have to enter it on each boot, but it mostly just goes into suspend.

        One could also have the key on a usb stick (or better use a yubikey) and unplug that whenever is reasonable.