Before encrypting an HDD, what should I use to wipe the disk? I heard it must be random data, so secure erase is not a good idea I asume. What's left?
Before encrypting an HDD, what should I use to wipe the disk? I heard it must be random data...
Zachary Rodriguez
Other urls found in this thread:
wiki.archlinux.org
youtube.com
youtube.com
twitter.com
Nathan Gomez
shred -vn 3 /dev/sda
dm-crypt has some methos and full-disk encryption usually describe some
dban livecd
Tyler Taylor
Charles Garcia
so what's the best from these 3?
Also I still don't know how the fuck luks works.
youtube.com
this is severly autistic
chances are anyone that isn't an aspie will fuck it up during the process. Can you explain why bother with this? With Veracrypt there's no chance for error, and you can use AES+Whirpool+Serpent combo with SHA-512, how does it get any stronger?
Im a windowsfag. Wouldn't I better with the DBAN live CD and Veracrypt? I don't see myself being able to do it any othe way, but someone told me here "vera is dogshit" so now im paranoid.
Once I encrypt the drive im not going to go to the internet, it will be used as a container, so I dont really care if im using windows 7 there desu, who cares if its never online. I just want to be sure the encryption is strong.
Mason Myers
>When preparing a drive for full-disk encryption, sourcing high quality entropy is usually not necessary. The alternative is to use an encrypted datastream. For example, if you will use AES for your encrypted partition, you would wipe it with an equivalent encryption cipher prior to creating the filesystem to make the empty space not distinguishable from the used space.
Interesting. So how do we go about this?
If I want to use AES, how do I "would wipe it with an equivalent encryption cipher"?
What if I use the AES+Whirpool+Serpent combo from Vera?
Liam Turner
First of all. Don't encrypt your whole drive if you don't have any sensitive data on it. It protects your system only from external access. Not when your files are stolen while you're logged in. Furthermore it will slow your pc down and wastes computation power for decrypting any shit. Consider making a encrypted container.
I used truecrypt in the past. I think veracrypt should be similar. Just encrypt the drive with aes. Don't use any combinations. Aes is state of the art and won't be cracked that fast. Also cascaded encryption is much slower. Truecrypt gave me the option to override my drive prior to encrypting. If you want to be safe use the max amount. But it will take ages to do so.
Kevin Richardson
You could wipe it by creating an encrypted partition that covers the span of the disk and then writing zero's on the encrypted space. If you use AES for the encryption then it will appear to be just random data.
If you are using Window's only I'm not sure how you go about doing this.
Hudson Wright
Full format for win7 and beyond will write 0s to the entire disk.
Asher Brown
You guys including OP are absolutely positively fucking weapon-grade retarded.
Why the FUCK would you spend a day wiping when all the nigga bites are gonna be encrypted?
William Reyes
Anything but full disk encryption is useless. Data is recoverable when opened on an unencrypted OS, there's always traces.
Buy an HDD only to store sensitive files so you don't need to worry about performance.
1) Use hdparm with secure erase
2) Use dban with a 3 pass DoD
3) Veracrypt will give it an additional 3 pass and encrypt everything
That's all. No one can access or recover data. Foresincs is a science, not a magic wand.
Don't use luks, it's for autistic fucks.
I don't see why this is important. They know there's a password there.
Josiah Long
>Furthermore it will slow your pc down and wastes computation power for decrypting any shit. Consider making a encrypted container.
WHOA. So I done fucked up? I hardly shut down my PC, but the slowdown, what does that mean?
Jaxson Bennett
use shred
wiping SSD's back to naught generally improves the performance of old SSDs
t. had some old windows rotted 128gb that went from unusable to brand new...
Kevin Perry
i was wondering the same. maybe they want to completely wipe it first, then encrypt it, and then put the files in there once the OS is encrypted? or is this pointless?
also
youtube.com
what does veracrypt do here with "wipe"? (4:43)
if it doesn't delete data then it wipes what?
Kevin Sullivan
Im going to use Veracrypt too.
How much time can I expect to wait with the "3 pass" thing on a 250 GB drive?
Brody Jenkins
>i was wondering the same. maybe they want to completely wipe it first, then encrypt it, and then put the files in there once the OS is encrypted? or is this pointless?
I would like to know this to. Would save a lot of time if I can safely encrypt my existing OS with everything on it.
But what does the wipe thing mean in here?
youtube.com
Im scared that it will delete my data. What the fuck does wipe mean in this context if it does not delete existing data? I dont get it.
Ryder Wright
take a really big movie that you've got, like a high quality 1080p blu-ray rip, or heck even a collection of them.
Copy it or the whole folder of them multiple times until the hard drive is filled up.
Run a defrag program that allows you to move files to the end of the drive... use it to move the movie to the end of the drive to cover up whatever last bit was still there.
The only thing you have to worry about now is what records might've been kept of filenames in the MBR and other non-drive space memory sections. But there are programs to deal with that too.
Thus you'd have like a 2 TB drive full of some 50gb blu ray master collection of harry potter or some shit, which is then also encrypted.
Jace Green
sudo dd if=/dev/zero of=/dev/sdX status=progress && sync
Isaac Garcia
Your files will be fine. What it means is that the unencrypted data will be wiped and the encrypted data in memory will be written to the drive.
Bentley Wood
dd if=/dev/urandom of=/dev/sdx
Jason Wood
LUKS makes a 2M volume at the beginning of the disk that your password actually unlocks.
Inside this one are the keys to the rest of your 4TB disk.
2M is large enough to fit eight different password possibilities.
It also allows you to change your encryption password as 2M is much easier to rewrite than a whole 4TB disk.
PLEASE DO
Use an advanced filesystem to mitigate data loss in the event that a disk may fail.
One bad sector cascades and kills the entire encryption block size.
1 4KB of corruption turns into hundreds of kilos to megabytes of file damage.
Backup your LUKS headers.
Without your 2MB headers, the disk is permanently destroyed.
Wiping the first two meg is permanent destruction of disk contents.
That includes disk failure.
Backup your headers.
They're encrypted already so it doesn't really matter where you put them so long as you have a backup.
Ryder Allen
>/dev/urandom
>SUFFICIENT ENTROPY
KEK
Justin Clark
>locking /dev/random for hours
>to write random data to wipe a disk
Alexander Robinson
You can use gnome-disks as an easy mode LUKS maker.
I use it to save time.
Just
$ apt install gnome-disk-utility
$ gnome-disks
$ Create partition
$ LUKS + EXT4
You can reformat the EXT4 to your desired filesystem.
My personal pick is XFS or BTRFS.
Benjamin Torres
It is, nigga.
Go use pozzed RdRand if you feel it.
Jordan Moore
You don't have to wipe it before encryping it.
Bitlocker works fine but veracrypt is better.
Never talk to police, no matter how many "deals" they throw at you
Joseph Lopez
Bitlocker is not fine.
You have no reason to suspect encryption will protect anything on a windows machine.
It's a fasttrack toward corruption as well.
It concats a ton of shit and file based metadata from a filesystem to mount a filesystem.
Your performance will be awful and it will have a high risk of fucking up the image if even one sector goes weak or dies.
If you gotta, use Vera.
But for fucks sake, keep it off windows to begin with.
Justin Roberts
>Anything but full disk encryption is useless. Data is recoverable when opened on an unencrypted OS, there's always traces.
Could you elaborate on this?
If I have a pdf file encrypted in AES on a partition and I open it on my unencrypted pdf reader it will be possible for someone to recover its content?
Lucas Foster
Absolutely it can, it gets cached instantly.
Adrian Diaz
2018 still using HDD, why?
Connor Hernandez
Even if you have an encrypted OS the files will always be decrypted in RAM. So there will be always traces. Even if you waste 24 hours encrypting your whole system
Ryan Brooks
>What does wipe mean?
First of all: Just because you drag a file into the trash can and empty it it really doesn't mean it's being deleted. The allocated space is just being marked as free again. That means as long as you don't wipe this space the file remains perfectly on your drive.
>Why is one wipe iteration not enough to make sure the file is deleted?
Because HDDs physical properties prevent this. Even if you override that space, there will remain traces because of magnetism. You can imagine it like if you write text over a text with a pen. If you wipe your drive in like 3 iterations or something this prevents that old data is being read from your HDD.
If you give a fuck about security don't use bitlocker. It's almost 100% certain that there are some backdoors for NSA and shit.