techskies11
Posts: 73
Joined: Sat Apr 02, 2016 8:45 am

Secure delete/erase SD using encryption

Sat Nov 18, 2017 4:40 am

Is there a raspberry pi script that can automate secure erasing a SD card by encrypting it with a strong random password then re formatting it, and have the ability to choose how many times we want to process it just like how erasing a drive has 3 pass or 7 pass,
Just wanted something automatic and also it’s good if people want to protect their work or code or projects etc. Or if they sell their SD cards etc

User avatar
rpdom
Posts: 14483
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Secure delete/erase SD using encryption

Sat Nov 18, 2017 5:45 am

Using multiple erase passes on an SD card is pointless and can help wear out the card. A single pass is all that is required.

The theory with hard disks is that some residual magnetism could be left on the disk after zeroing a block and with the right equipment it is sometimes possible to recover some of that information. That is not possible with an SD card.
techskies11 wrote:
Sat Nov 18, 2017 4:40 am
encrypting it with a strong random password
I'm not even sure what you are talking about here. Encrypt what? The data that you're about to wipe?

n67
Posts: 939
Joined: Mon Oct 30, 2017 4:55 pm

Re: Secure delete/erase SD using encryption

Sat Nov 18, 2017 6:37 am

It's not "pointless" if either your boss or government regulations say that you have to do "X and so so". When that happens, you need to comply (even if, as is usually the case, it might be unnecessary from a technical point of view).

This is usually the driving force behind this sort of need/request.
"L'enfer, c'est les autres"

G fytc hsqr rum umpbq rm qyw rm rfc kmbq md rfgq dmpsk:

Epmu Sn!

J lnacjrw njbruh-carppnanm vxm rb mnuncrwp vh yxbcb!

techskies11
Posts: 73
Joined: Sat Apr 02, 2016 8:45 am

Re: Secure delete/erase SD using encryption

Sat Nov 18, 2017 7:22 am

I think I’m misunderstood, I read a post that for modern drives, a easy way to protect your personal data is by encrypting the drive then re formatting it after to safely protect files on it.
Am I allowed to post links on here?

ghans
Posts: 7863
Joined: Mon Dec 12, 2011 8:30 pm
Location: Germany

Re: Secure delete/erase SD using encryption

Sat Nov 18, 2017 8:22 am

1) Any rotating harddrive of the last century only needs to be overwritten once to destroy
all data on it irrecoverably thanks to the ever-increasing storage densities. 35 or 7 pass solutions herald from the age of 5 " floppies and 2 MB harddisks.

2) Non-deniable deletion of data on SSDs and SD cards is quite hard , since
both of them employ top-secret Flash Translation Layers with wear leveling and overprovisioning. You might not be actually overwriting anything while writing to the ever same LBA.

3) As a workaround , SSDs could employ encryption internally and transparently , even if it is not manually enabled. If a "SATA Secure Erase" command were to be recieved , the drive could forget the key - all data would be lost. I can not find proof that this is how real SSDs (regardless of the ability of some models for very strong password-based encryption) operate though.

4) If your rotating or solid-state storage does not feature encryption in and of itself (like consumer SD cards) you can always use tried and tested solutions like Truecrypt or LUKS
(available with Raspbian for RPis and with Debian for regular PCs , too).

5) For a strong argument in terms of irrecoverable deletion of data , i suggest that you always encrypt the whole system including swap. This has to happen the second after buying the media , preferably while OS installation and not afterwards.

ghans
• Don't like the board ? Missing features ? Change to the prosilver theme ! You can find it in your settings.
• Don't like to search the forum BEFORE posting 'cos it's useless ? Try googling : yoursearchtermshere site:raspberrypi.org

Heater
Posts: 12751
Joined: Tue Jul 17, 2012 3:02 pm

Re: Secure delete/erase SD using encryption

Sat Nov 18, 2017 9:31 am

techskies11,
Is there a raspberry pi script that can automate secure erasing a SD card by encrypting it with a strong random password then re formatting it,
You don't need any strong encryption. Just write random data to the entire SD card. "dd" is a good command to do that and /dev/urandom is a good source of random bits.

Code: Select all

$ sudo dd if=/dev/urandom of=/dev/sdxyz bs=1M
or eben just the normal "cp":

Code: Select all

$ sudo cp /dev/randpm /dev/sdxyz
You will need to put the SD into a USB attached card reader to do this.
..then re formatting it,
There is no need to format if you just want to use the SD again for a Raspi. Just install a raspi image on it as usual.

If you want to reuse the card in a camera, phone etc just reformat on that device.

If you want to give the card to someone else it might be polite to format it for them. Use the parted and fdisk commands for that.
..and have the ability to choose how many times we want to process it just like how erasing a drive has 3 pass or 7 pass,...
I see no reason why you would want to do that.

You can always put these commands into a shell script. You will find lot's of articles and tutorials about writing BASH scripts around the net.

hippy
Posts: 5387
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: Secure delete/erase SD using encryption

Sat Nov 18, 2017 1:03 pm

As ghans says; it is not possible to guarantee complete destruction of all data which has been written to an SD Card. The only way to guarantee that is to physically destroy the silicon in the card.

It is not the data one can easily see which is the problem but that which one can't; those blocks which may have had data written to them but cannot be overwritten because they aren't made available because of wear-levelling or having been marked as part of bad blocks etc.

Most people don't require complete destruction, but sometimes that is mandated. In those cases there are probably rules in place about using and disposing of cards with people tasked to ensure that happens in an appropriate way..

For the OP I would guess just destroying the card, wiping it or a reformat would be good enough at end of use, encryption good enough while being used.

FM81
Posts: 518
Joined: Wed Apr 17, 2013 4:33 pm

Re: Secure delete/erase SD using encryption

Sat Nov 18, 2017 1:37 pm

All the things said before are correct; I didn't understand the question at all:
One, who has such important data on his SD-cards, should also have enough money, to destroy them physically to make sure nothing will get in wrong hands! So there is no need, to make a "headstand" for erasing safe or what ever ... And for all the others this question doesn't exist, because they have no such data?
Or I'm understanding something wrong?

Best Regards, FM_81
A: What does the command 'cat /dev/urandom', can you tell me please?
B: Yeah, that's very simple: It feeds your cat with radioactive material!

Heater
Posts: 12751
Joined: Tue Jul 17, 2012 3:02 pm

Re: Secure delete/erase SD using encryption

Sat Nov 18, 2017 1:42 pm

On reflection I think you are right hippy.

If its a life and death matter that all data on an SD card be destroyed then simply writing over it, with my random number scheme or encryption is not enough.

SD cards have spare blocks that they juggle behind the scenes in the course of their error correction and wear leveling activities. Our operating systems cannot normally see those hidden, spare, blocks. So it's possible that some blocks are left on there, after any overwrite operation, containing our secret data.

It has been suggested to overwrite many times. This may or may not eventually hit all those hidden blocks. But we have no way to know. Not reliable.

Bottom line is that if the data on there is important enough the only way to be sure it's gone is to physically destroy the card. Grind it to powder!

On the other hand, a 32GB SD card is expensive enough that I'd rather not do that. Whilst I may want to remove "sensitive" data from it before passing it on to someone else I have nothing on them that is so sensitive as to warrant total destruction.

As in all security issues one has to balance risk, cost and convenience.

Here is an interesting article about what goes on in SD cards, and how to hack some of them for your own devious purposes :) Seems they are not very secure against having their firmware modified:
https://www.bunniestudios.com/blog/?p=3554

Of course if SDs are as insecure and subject to man in the middle attack as that article suggests one should never be using them for sensitive data in the first place.

User avatar
rpdom
Posts: 14483
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Secure delete/erase SD using encryption

Sat Nov 18, 2017 6:17 pm

Heater wrote:
Sat Nov 18, 2017 1:42 pm
It has been suggested to overwrite many times. This may or may not eventually hit all those hidden blocks.
It won't. Some blocks will have been marked as end of life and will never be used again. It is possible that they still contain the original data.
Bottom line is that if the data on there is important enough the only way to be sure it's gone is to physically destroy the card. Grind it to powder!
Yes, this. Or remove the plastic and melt the silicon with a blow torch.

techskies11
Posts: 73
Joined: Sat Apr 02, 2016 8:45 am

Re: Secure delete/erase SD using encryption

Sat Nov 18, 2017 10:09 pm

Interesting stuff. I guess they should be destroyed or use full disk encryption right from purchase. I guess there’s no way to protect personal stuff on flash cards

broe23
Posts: 903
Joined: Thu Jan 28, 2016 9:35 pm
Location: Central IL
Contact: Website

Re: Secure delete/erase SD using encryption

Sun Nov 19, 2017 3:17 am

Best way to keep info private, is to encrypt on a SSD and take the SD card that may contain the data and then make sure it is backed up and toss it in a fire.
Ren: Now listen, Cadet. I've got a job for you. See this button? Ren: Don't touch it! It's the History Eraser button, you fool! Stimpy: So what'll happen? Ren: That's just it. We don't know. Maybe something bad, maybe something good.

Return to “General discussion”