LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware
User Name
Password
Linux - Hardware This forum is for Hardware issues.
Having trouble installing a piece of hardware? Want to know if that peripheral is compatible with Linux?

Notices


Reply
  Search this Thread
Old 02-09-2019, 02:27 PM   #1
l0f4r0
Member
 
Registered: Jul 2018
Location: Paris
Distribution: macOS, Slackware
Posts: 803

Rep: Reputation: 281Reputation: 281Reputation: 281
Relatively secure USB key erasing


I need to erase some old USB keys. My files are not state-sensitive but I would like to do the erasing process in a relatively secure way though just to set my mind at rest.

What would you suggest please?
  • Some passes with 0/random bits?
  • Some encryption maybe? I've been told this practice could be very efficient, I just need to use an appropriate algorithm (any advice?) and forget the secret key...
  • Other solution like hammer?

NB: I can have access to Linux (Slackware or any LiveDVD) or Mac tools (macOS 10.14 Mojave)

Last edited by l0f4r0; 02-09-2019 at 02:29 PM.
 
Old 02-09-2019, 03:20 PM   #2
sevendogsbsd
Member
 
Registered: Sep 2017
Distribution: None, just FreeBSD
Posts: 735

Rep: Reputation: Disabled
What are you going to do with the keys after wiping them, dispose of them or give them away, reuse them? If you are going to dispose of them, just smash them with a hammer - they won't be reusable at that point. As for wiping them, I think with flash media, you aren't supposed to run wipe programs on them because they have a finite number of writes (?) and this can shorten their life. Of course that also depends on what you plan to do with the drives.

As for wiping, we always used to use this for normal hard drives and I believe it also would work for thumb drives: https://dban.org/
 
1 members found this post helpful.
Old 02-09-2019, 03:59 PM   #3
Brains
Member
 
Registered: Apr 2009
Distribution: Debian testing
Posts: 956

Rep: Reputation: 240Reputation: 240Reputation: 240
When it comes to traditional HDDs, if you want a secure-wipe, most wipe apps would make several passes, many default to 10 passes and the user could specify the number of passes, and some will default to sector size for a secure wipe. Because HDDs use magnetic flux, this is kind of necessary. Each little magnetic bit has a north and south pole, if you bring two magnets together and they push themselves apart, you just need to flip one of them end for end and they will draw themselves together.

Keeping this in mind, there are 8 bits per byte, this equates to 4096 "writable" bits per 512 byte sector, each little magnet can represent a 1 or a 0 depending on it's orientation. If the binary code written to a sector is: 1000110001, most of the writable magnetic bits will require non-writable bits in between to counter the "push/pull" effects. The number of non-writable bits is not defined as there also needs to be non-writable bits to counter this same effect in the neighboring tracks or cylinders, so for every writable bit, there could be any greater number of non-writable bits.

If you were to do a single pass non-secure wipe of an HDD, the data that was zero filled can actually be reconstructed based on the orientation of the more numerous non-writable bits, which is why many passes are preferred on an HDD to disorient as many non-writable bits as possible.

When it comes to NAND flash memory in USB keys, there is no magnetic flux, they have cells. A single pass is sufficient be random write or zero fill. Because when writing to a block in NAND memory, the block must first be erased and all cells are set to 1. Below is a quote from Wikipedia:
Quote:
The architecture of NAND Flash means that data can be read and programmed in pages, typically between 4 KB and 16 KB in size, but can only be erased at the level of entire blocks consisting of multiple pages and MB in size. When a block is erased all the cells are logically set to 1
 
2 members found this post helpful.
Old 02-10-2019, 06:58 AM   #4
fatmac
Senior Member
 
Registered: Sep 2011
Location: Upper Hale, Surrey/Hants Border, UK
Posts: 2,826

Rep: Reputation: Disabled
Personally, I would just give it a new MBR, partition it, & put a new file system on it, (but then, I don't ever have any sensitive data on mine).
 
1 members found this post helpful.
Old 02-10-2019, 11:33 AM   #5
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 12,264

Rep: Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792
Yes, probably better to destroy them. Long time ago there was a low level format utility, unfortunately only for windows. If you are interested, here are some links:
http://hddguru.com/software/HDD-LLF-...l-Format-Tool/
https://unix.stackexchange.com/quest...emory-in-linux (last post)
 
1 members found this post helpful.
Old 02-10-2019, 04:16 PM   #6
l0f4r0
Member
 
Registered: Jul 2018
Location: Paris
Distribution: macOS, Slackware
Posts: 803

Original Poster
Rep: Reputation: 281Reputation: 281Reputation: 281
Quote:
Originally Posted by sevendogsbsd View Post
What are you going to do with the keys after wiping them, dispose of them or give them away, reuse them? If you are going to dispose of them, just smash them with a hammer - they won't be reusable at that point.
I plan to throw the keys.
So in substance, if I'm gonna hammer them, there is no point to apply/bother with any other security measure?

Quote:
Originally Posted by sevendogsbsd View Post
As for wiping them, I think with flash media, you aren't supposed to run wipe programs on them because they have a finite number of writes (?) and this can shorten their life.
1 or 10 passes is no big deal, is it?
I mean it wouldn't harm more than writing each key 1 or 10 times, right? I'm no expert but I would expect that modern keys can handle that...

@Brains: thank you for all your explanation but you lost me when you talked about non-writable bits

Nobody told me about encryption. What do you think about it?
I've just realized that I can do it via Veracrypt ("format and encrypt an entire USB stick") if need be...
 
Old 02-10-2019, 05:10 PM   #7
Brains
Member
 
Registered: Apr 2009
Distribution: Debian testing
Posts: 956

Rep: Reputation: 240Reputation: 240Reputation: 240
Quote:
Originally Posted by l0f4r0 View Post
@Brains: thank you for all your explanation but you lost me when you talked about non-writable bits
In an HDD, with magnetic flux technology, there will be 4096 writable bits per sector, the actual amount of bits per sector can easily be 40000 bits, because many are required to counter the effects magnets have against each other, the majority of which will not be altered in a simple one pass wipe, they will tell the story of the data that was zeroed.

USB keys use NAND flash, which are cells, there is no need for extra cells to counter any effects. When they are all set to "1", they can't tell the story of the data previously written, thus one pass of writing useless data to every block is all it takes with NAND flash technology.
 
2 members found this post helpful.
Old 02-12-2019, 05:04 AM   #8
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 9,918

Rep: Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077
Quote:
Originally Posted by Brains View Post
USB keys use NAND flash, which are cells, there is no need for extra cells to counter any effects. When they are all set to "1", they can't tell the story of the data previously written, thus one pass of writing useless data to every block is all it takes with NAND flash technology.

Would that be similar for SSDs?
 
Old 02-12-2019, 11:21 PM   #9
Brains
Member
 
Registered: Apr 2009
Distribution: Debian testing
Posts: 956

Rep: Reputation: 240Reputation: 240Reputation: 240
Quote:
As of 2017, most SSDs use 3D TLC NAND-based flash memory (often simply called NAND). NAND is non-volatile memory, which retains data even when power is removed. Since 2018, some SSDs have 3D QLC (4 bits per cell) NAND, which increases capacity and lowers costs, but at the expense of a lower endurance rating. High-performance SSDs may use SLC (1-bit) or MLC (2-bit) NAND
The quote above is from wikipedia.
 
Old 02-14-2019, 04:16 PM   #10
zeebra
Member
 
Registered: Dec 2011
Distribution: Mageia, Slackware, Maemo
Posts: 524
Blog Entries: 2

Rep: Reputation: 108Reputation: 108
Quote:
Originally Posted by l0f4r0 View Post
I need to erase some old USB keys. My files are not state-sensitive but I would like to do the erasing process in a relatively secure way though just to set my mind at rest.

What would you suggest please?
  • Some passes with 0/random bits?
  • Some encryption maybe? I've been told this practice could be very efficient, I just need to use an appropriate algorithm (any advice?) and forget the secret key...
  • Other solution like hammer?

NB: I can have access to Linux (Slackware or any LiveDVD) or Mac tools (macOS 10.14 Mojave)
Write zeroes to the disk:

Code:
dd if=/dev/zero of=/dev/sdX bs=4096
or bs=1M

If you want to make it double as safe, then write random data to it after:

Code:
dd if=/dev/urandom of=/dev/sdX bs=4096
or bs=1M

Generally doing zeroes should be safe, but if the data is perhaps something you would definetely not want to fall in the wrong hands, then also do urandom. If the data is critical and people are spying on you and shit like that, you need other methods. These, plus then writing enourmous amounts of encrypted garble data on top many times.

But for "normal" situations, zeroes is enough, for "sensitive" situations add random data.
 
1 members found this post helpful.
Old 02-15-2019, 05:55 AM   #11
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 9,918

Rep: Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077
I don't think it's been mentioned, but there is a utility called shred, with a man page. It was aimed at platter disks, not nand. One or two passes should do it. No need for 25.
 
Old 02-15-2019, 08:30 AM   #12
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 12,264

Rep: Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792Reputation: 3792
The problem is (probably) if a sector marked as bad it can't be overwritten any more. But probably it cannot be read too.
 
  


Reply

Tags
erasing data, usb key


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH skips public key authentication for a key, but works with another key simopal6 Linux - General 1 07-06-2011 08:33 AM
Advice about setting up a relatively secure network gateway j.smith1981 Linux - Networking 11 12-28-2010 10:36 AM
"Enter Key" not working, how to map "Enter Key" functionality to "F9" Key srinihi Linux - Newbie 1 04-03-2009 02:46 PM
Secure erasing files from hard drive zio2003 Linux - Newbie 4 01-31-2006 10:26 PM
relatively usefull link.... Negative Kreep Linux - General 2 12-28-2001 04:22 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware

All times are GMT -5. The time now is 02:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration