So I've spent the last 2 weeks installing, testing, flushing and reinstalling an OS on my -soon to be- new primary laptop. Waiting on a couple of hardware upgrades so I have the extra time to try and fail and try again. Am currently setting up an encrypted LVM on my partitions. The test HDD I'm running all these tests on is a small 120GB drive that is leftover from an older system and it's taken the better part of 4 hours to write random data to prior to installing the encrypted system. (14 GB to go) Why write urandom data prior to installing a fully encrypted system that will only write encrypted (on the fly) data to the drive? I wondered the same thing but after researching - realized its the best way to go, even if it means that it might take 3 days on my new (large capacity drives) to complete the pre-process. Let's say (for example) that the encrypted LVM writes 'melbo' as h*7wl+we-eQs$Wl-9?.soe7!; [/B] Let's try to find melbo on a freshly formatted drive with lots of empty space on it, then on a zero'd out (OSX) drive and then on a drive that's been written with urandom: Code: -------------h*7wl+we-eQs$Wl-9?.soe7!;--------------- Code: 000000000000h*7wl+we-eQs$Wl-9?.soe7!;000000000000000 Code: gn0/&95s"@/edh*7wl+we-eQs$Wl-9?.soe7!;l+#.kSh8e(2sE=9 When your entire drive is filled with random garbage and then you write random garbage on top of it, it's tough to tell where your stuff starts and where it ends. Much tougher for any forensic recovery attempts. Link for my reference: </eqs$wl-9?.soe7!; Linux Mint Forums • View topic - Howto install LMDE with LVM (with or without encryption)
I use DBAN prior to either physically destroying HDDs or giving them away. I think that Code: dd if=/dev/urandom of=/dev/sda2 bs=1M & sleep 5; while kill -USR1 ${!}; do sleep 60; done is a little stronger for this purpose given that we want urandom w/ salt.
Been monitoring this thread and doing some other reading on the subject. Very interesting stuff to say the least.
