If you want to be super paranoid about things, use properly implemented
full disk encryption from the get go. Once you are ready to wipe the
disk, use what is standard for most Government/Business use: overwrite
with random data 7 times. If you want to be super aggressive about
things (yet for some reason refuse to just destroy the disk) you can do
14 runs alternating between random data and zeros.
In my opinion, this is overkill and just silly, if you're really that
concerned about the contents of your drive being discovered, full disk
encryption would make that concern largely irrelevant. After 7 disk
wipes with dd, no ones getting your data back off that drive, not for
all the tea in China.
On 01/12/18 02:27, Etienne wrote:
On 11/01/18 14:45, Andreas Thulin wrote:
in order to achieve paranoid disk-wiping?
I don't have a solution to offer for existing disks, but that made me
just think that it would be probably easy to create two partitions on
a disk, one that will be a keydisk
(https://www.openbsd.org/faq/faq14.html#softraidFDEkeydisk) and one
that would be the real partition holding the data, and the day you
need to wipe the disk, the only thing you need to wipe (a few times if
you're paranoid) is the keydisk partition, and the data will be
unrecoverable.
Does that sound sensible, or am I missing something?
