How would you do that ...

Ingo Klöcker kloecker at kde.org
Tue May 4 19:15:17 CEST 2021


On Dienstag, 4. Mai 2021 18:47:50 CEST Robert J. Hansen via Gnupg-users wrote:
> For modern SSDs I generally recommend a single pass with random data:
> 
> dd if=/dev/urandom of=/dev/foo bs=1M
> 
> (Don't forget the blocksize [bs] parameter; it can improve speed
> significantly.)
> 
> This is enough to foil the vast majority of forensic analysis.  Yes,
> yes, SSDs have remapping capabilities which means certain memory cells
> won't get hit even if you do this, and it's theoretically possible for a
> good forensics nerd to do all kinds of wild magic to pull off data you
> didn't even know was there... but that kind of very high-level forensics
> nerdery costs a lot of money, and few people are worth that kind of
> investment.

I'd always use full disk encryption ideally with the key stored on a USB 
token. Otherwise, with a very good passphrase.

And, after use, wipe the disk and destroy the token.

Modern enterprise-level SSDs also have secure erase, but, of course, you'd 
have to trust the hardware manufacturer to implement it properly without any 
backdoors which you probably don't want to do in the above scenario.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210504/b41ffbff/attachment.sig>


More information about the Gnupg-users mailing list