Secure Delete TrueCrypt Hard Drive

Briefly I do business with China and once had some of my work "borrowed" off an unencrypted hard drive by a competitor. If you aren't paranoid, you will be after you do business in Mainland China.

If I use TC to encrypt an external hard drive, how long would it take to securely delete a TC encrypted 2 TB USB external hard drive?

I read this on another forum but don't know if it's true:

I did contact LSoft http://lsoft.net/ about
1) http://lsoft.net/killdisk.aspx
2) http://lsoft.net/zdelete.aspx

Basically, my question is how can I corrupt, wipe, render unusable a TC encrypted 2-3 TB hdd as quickly as possible.

Also, is there such a thing as entering a false password to trigger such a deletion program to wipe a TC encrypted hard drive?

 

If this is a system/partition level encrypted device and not a container, you would want to write over the truecrypt header. The header, or key data, for a system partition/drive is stored in the last 512 bytes of the first logical drive track. Without the header you basically leave the remaining information in a pseudorandom state. Usually, a track is 63 sectors long and a sector is 512 bytes long. So the header is in sector 62. To perform this you would need a hex editor/bash command.

That would be the quickest method usually taking less than 3 minutes. Or to be more thorough you can zero out the drive completely and go sector by sector. For a 3 TB drive this may take up to several hours for a one pass wipe.

 

I use linux and luks. but I am sure you can do similar with a batch file or powershell script:

NOTE: DO NOT RUN THIS ON YOUR COMPUTER!! IT WILL DAMAGE YOUR DATA.

Code:

sleep 10
sudo dd if=/dev/urandom of=/dev/sda1 bs=512 count=20480
sudo reboot

You would replace the of=/dev/sda1 with the file instead. I do it this way because I use Full disk encryption. This script has saved me once or twice. It basically wipes out the LUKS header making recover impossible even with the password (unless you are going to brute force the entire 256bit key space. You can easily modify this to work with truecrypt instead of luks.

 

That quote you posted from another forum is not entirely correct. It fails to take into account the backup headers that are stored at the opposite end of the volume.

This is just an external data drive, right? Not an encrypted OS?

In that case, rather than trying to set up a quickie header wiping procedure I suggest you create a keyfile and then configure your volume such that the keyfile will always be required in order to mount the volume.

When you reach the point at which you want your volume to become permanently inaccessible, just wipe the keyfile. (Or, if the keyfile is stored on external media, just destroy the media).

The above assumes that your computer has not been infected with malware that could steal your encryption keys while the volume is mounted.

 

This works the easiest. I love how I came up with a complicated solution instead of looking at the simplest. Thanks for that post

 

You fellows really humble me with your knowledge and expertise. What I did feel was that, since it was an encrypted volume and not just raw data, a complete wipe should be unnecessary. You all have confirmed that. Thanks!

Please allow me to digest what you have suggested before I comment. I have found that an answer tends to generate even more questions, so please forgive.

Thanks to all. Back at ya in a moment.

 

For what it's worth, Daniel, I agree completely with dantz. He's knows TC every which way from Sunday - and it's solid advice.

 

A solution is a solution in my opinion. I've learned especially with technology there are many ways to achieve the same end result. When I was a system admin, I loved writing fancy cron jobs only to have someone walk by and shorten it down to 3 lines of code.

 

x942, I like your suggestion. Briefly, although I am now migrating away from Windows (Win 7 being the last version I will ever use of Windows), I still don't understand Linux well at all. Quite frankly, I have been spanking myself every day for not migrating to Linux and Open Source years ago. Let's blame inertia for that.

Now I must apologize in advance for this additional question. How do you tell "Eraser" or (open to suggestions here) another program exactly which sectors to secure delete the "headers or key data" as per the following?

 

On windows you can use windd, I am sure there are other tools you can use but I don't have experience with them in this regard. Microsofts sdelete may do it as well.

 

That quote you posted describes the location of the volume header for a bootable, encrypted OS. That's entirely different than what I was describing, which was a way to permanently disable a non-system "data" volume such as you would have on an external disk.

So - which type of volume are we talking about here?

 

Your information on "track is 63 sectors long" may have been true before mid-1990s, but does not take into account Zoned Bit Recording (ZBR) on modern hard drives.

-- Tom

 

If it's encrypted, then just reformat the dag bern thang.