Relatively secure USB key erasing
I need to erase some old USB keys. My files are not state-sensitive but I would like to do the erasing process in a relatively secure way though just to set my mind at rest.
What would you suggest please?
NB: I can have access to Linux (Slackware or any LiveDVD) or Mac tools (macOS 10.14 Mojave) |
What are you going to do with the keys after wiping them, dispose of them or give them away, reuse them? If you are going to dispose of them, just smash them with a hammer - they won't be reusable at that point. As for wiping them, I think with flash media, you aren't supposed to run wipe programs on them because they have a finite number of writes (?) and this can shorten their life. Of course that also depends on what you plan to do with the drives.
As for wiping, we always used to use this for normal hard drives and I believe it also would work for thumb drives: https://dban.org/ |
When it comes to traditional HDDs, if you want a secure-wipe, most wipe apps would make several passes, many default to 10 passes and the user could specify the number of passes, and some will default to sector size for a secure wipe. Because HDDs use magnetic flux, this is kind of necessary. Each little magnetic bit has a north and south pole, if you bring two magnets together and they push themselves apart, you just need to flip one of them end for end and they will draw themselves together.
Keeping this in mind, there are 8 bits per byte, this equates to 4096 "writable" bits per 512 byte sector, each little magnet can represent a 1 or a 0 depending on it's orientation. If the binary code written to a sector is: 1000110001, most of the writable magnetic bits will require non-writable bits in between to counter the "push/pull" effects. The number of non-writable bits is not defined as there also needs to be non-writable bits to counter this same effect in the neighboring tracks or cylinders, so for every writable bit, there could be any greater number of non-writable bits. If you were to do a single pass non-secure wipe of an HDD, the data that was zero filled can actually be reconstructed based on the orientation of the more numerous non-writable bits, which is why many passes are preferred on an HDD to disorient as many non-writable bits as possible. When it comes to NAND flash memory in USB keys, there is no magnetic flux, they have cells. A single pass is sufficient be random write or zero fill. Because when writing to a block in NAND memory, the block must first be erased and all cells are set to 1. Below is a quote from Wikipedia: Quote:
|
Personally, I would just give it a new MBR, partition it, & put a new file system on it, (but then, I don't ever have any sensitive data on mine).
|
Yes, probably better to destroy them. Long time ago there was a low level format utility, unfortunately only for windows. If you are interested, here are some links:
http://hddguru.com/software/HDD-LLF-...l-Format-Tool/ https://unix.stackexchange.com/quest...emory-in-linux (last post) |
Quote:
So in substance, if I'm gonna hammer them, there is no point to apply/bother with any other security measure? Quote:
I mean it wouldn't harm more than writing each key 1 or 10 times, right? I'm no expert but I would expect that modern keys can handle that... @Brains: thank you for all your explanation but you lost me when you talked about non-writable bits ;) Nobody told me about encryption. What do you think about it? I've just realized that I can do it via Veracrypt ("format and encrypt an entire USB stick") if need be... |
Quote:
USB keys use NAND flash, which are cells, there is no need for extra cells to counter any effects. When they are all set to "1", they can't tell the story of the data previously written, thus one pass of writing useless data to every block is all it takes with NAND flash technology. |
Quote:
Would that be similar for SSDs? |
Quote:
|
Quote:
Code:
dd if=/dev/zero of=/dev/sdX bs=4096 If you want to make it double as safe, then write random data to it after: Code:
dd if=/dev/urandom of=/dev/sdX bs=4096 Generally doing zeroes should be safe, but if the data is perhaps something you would definetely not want to fall in the wrong hands, then also do urandom. If the data is critical and people are spying on you and shit like that, you need other methods. These, plus then writing enourmous amounts of encrypted garble data on top many times. But for "normal" situations, zeroes is enough, for "sensitive" situations add random data. |
I don't think it's been mentioned, but there is a utility called shred, with a man page. It was aimed at platter disks, not nand. One or two passes should do it. No need for 25.
|
The problem is (probably) if a sector marked as bad it can't be overwritten any more. But probably it cannot be read too.
|
Just to tell you that I've eventually written /dev/zero then /dev/urandom onto my USB drives via dd (bs=1M).
It should be secure enough that way. Thank you all for your help :) |
Quote:
An HDD overwritten with zeros is blank to all know techniques, as far as I can gather. I am lead to believe that the storage chip on flash drives doesn't actuallu erase anything, much like the delete function and simpy marks sectors empty without doing anything to them -- meaning plugging the into another board may work. Any thought4? |
Quote:
If true, I didn't read that paper very seriously but it seems that this research was biased (see *Epilogue parts) and only pure theory for obsolete technologies... |
All times are GMT -5. The time now is 09:09 AM. |