Secure Delete TrueCrypt Hard Drive

Discussion in 'privacy technology' started by DanielDavis, Jul 28, 2013.

Thread Status:
Not open for further replies.
  1. DanielDavis

    DanielDavis Registered Member

    Joined:
    May 1, 2013
    Posts:
    9
    Location:
    USA
    Briefly I do business with China and once had some of my work "borrowed" off an unencrypted hard drive by a competitor. If you aren't paranoid, you will be after you do business in Mainland China.

    If I use TC to encrypt an external hard drive, how long would it take to securely delete a TC encrypted 2 TB USB external hard drive?

    I read this on another forum but don't know if it's true:
    I did contact LSoft http://lsoft.net/ about
    1) http://lsoft.net/killdisk.aspx
    2) http://lsoft.net/zdelete.aspx

    Basically, my question is how can I corrupt, wipe, render unusable a TC encrypted 2-3 TB hdd as quickly as possible.

    Also, is there such a thing as entering a false password to trigger such a deletion program to wipe a TC encrypted hard drive?
     
  2. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    If this is a system/partition level encrypted device and not a container, you would want to write over the truecrypt header. The header, or key data, for a system partition/drive is stored in the last 512 bytes of the first logical drive track. Without the header you basically leave the remaining information in a pseudorandom state. Usually, a track is 63 sectors long and a sector is 512 bytes long. So the header is in sector 62. To perform this you would need a hex editor/bash command.

    That would be the quickest method usually taking less than 3 minutes. Or to be more thorough you can zero out the drive completely and go sector by sector. For a 3 TB drive this may take up to several hours for a one pass wipe.
     
    Last edited: Jul 28, 2013
  3. x942

    x942 Guest

    I use linux and luks. but I am sure you can do similar with a batch file or powershell script:

    NOTE: DO NOT RUN THIS ON YOUR COMPUTER!! IT WILL DAMAGE YOUR DATA.

    Code:
    sleep 10
    sudo dd if=/dev/urandom of=/dev/sda1 bs=512 count=20480
    sudo reboot
    
    You would replace the of=/dev/sda1 with the file instead. I do it this way because I use Full disk encryption. This script has saved me once or twice. It basically wipes out the LUKS header making recover impossible even with the password (unless you are going to brute force the entire 256bit key space. You can easily modify this to work with truecrypt instead of luks.
     
  4. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    That quote you posted from another forum is not entirely correct. It fails to take into account the backup headers that are stored at the opposite end of the volume.

    This is just an external data drive, right? Not an encrypted OS?

    In that case, rather than trying to set up a quickie header wiping procedure I suggest you create a keyfile and then configure your volume such that the keyfile will always be required in order to mount the volume.

    When you reach the point at which you want your volume to become permanently inaccessible, just wipe the keyfile. (Or, if the keyfile is stored on external media, just destroy the media).

    The above assumes that your computer has not been infected with malware that could steal your encryption keys while the volume is mounted.
     
  5. x942

    x942 Guest

    This works the easiest. I love how I came up with a complicated solution instead of looking at the simplest. Thanks for that post :)
     
  6. DanielDavis

    DanielDavis Registered Member

    Joined:
    May 1, 2013
    Posts:
    9
    Location:
    USA
    You fellows really humble me with your knowledge and expertise. What I did feel was that, since it was an encrypted volume and not just raw data, a complete wipe should be unnecessary. You all have confirmed that. Thanks!

    Please allow me to digest what you have suggested before I comment. I have found that an answer tends to generate even more questions, so please forgive.

    Thanks to all. Back at ya in a moment. :)
     
  7. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    For what it's worth, Daniel, I agree completely with dantz. He's knows TC every which way from Sunday - and it's solid advice.
     
  8. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A

    A solution is a solution in my opinion. I've learned especially with technology there are many ways to achieve the same end result. ;) When I was a system admin, I loved writing fancy cron jobs only to have someone walk by and shorten it down to 3 lines of code. :cautious:
     
  9. DanielDavis

    DanielDavis Registered Member

    Joined:
    May 1, 2013
    Posts:
    9
    Location:
    USA
    x942, I like your suggestion. Briefly, although I am now migrating away from Windows (Win 7 being the last version I will ever use of Windows), I still don't understand Linux well at all. Quite frankly, I have been spanking myself every day for not migrating to Linux and Open Source years ago. Let's blame inertia for that.

    Now I must apologize in advance for this additional question. How do you tell "Eraser" or (open to suggestions here) another program exactly which sectors to secure delete the "headers or key data" as per the following?
     
  10. x942

    x942 Guest

    On windows you can use windd, I am sure there are other tools you can use but I don't have experience with them in this regard. Microsofts sdelete may do it as well.
     
  11. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    That quote you posted describes the location of the volume header for a bootable, encrypted OS. That's entirely different than what I was describing, which was a way to permanently disable a non-system "data" volume such as you would have on an external disk.

    So - which type of volume are we talking about here?
     
  12. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Your information on "track is 63 sectors long" may have been true before mid-1990s, but does not take into account Zoned Bit Recording (ZBR) on modern hard drives.

    -- Tom
     
  13. jebediah

    jebediah Registered Member

    Joined:
    Aug 6, 2009
    Posts:
    17
    If it's encrypted, then just reformat the dag bern thang.
     
Loading...
Thread Status:
Not open for further replies.