From debbugs-submit-bounces@debbugs.gnu.org Sun Jun 18 12:39:17 2017 Received: (at submit) by debbugs.gnu.org; 18 Jun 2017 16:39:17 +0000 Received: from localhost ([127.0.0.1]:55273 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dMdEL-0000Tq-BD for submit@debbugs.gnu.org; Sun, 18 Jun 2017 12:39:17 -0400 Received: from eggs.gnu.org ([208.118.235.92]:51119) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dMUXm-00068H-QB for submit@debbugs.gnu.org; Sun, 18 Jun 2017 03:22:47 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dMUXg-000507-HN for submit@debbugs.gnu.org; Sun, 18 Jun 2017 03:22:41 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, HTML_MESSAGE,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:49115) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dMUXg-0004zn-Do for submit@debbugs.gnu.org; Sun, 18 Jun 2017 03:22:40 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42080) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dMUXf-0005eD-7x for bug-coreutils@gnu.org; Sun, 18 Jun 2017 03:22:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dMUXe-0004ye-7E for bug-coreutils@gnu.org; Sun, 18 Jun 2017 03:22:39 -0400 Received: from mail-wr0-x231.google.com ([2a00:1450:400c:c0c::231]:33200) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dMUXd-0004yI-Uu for bug-coreutils@gnu.org; Sun, 18 Jun 2017 03:22:38 -0400 Received: by mail-wr0-x231.google.com with SMTP id r103so56699319wrb.0 for ; Sun, 18 Jun 2017 00:22:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=mR15qfRQIgEBJqXeO1DKz5rVBYTax5v+BWKoJ6BN0WE=; b=bknFVDaqXNpsy+O3eciVq+v116qTEpWFOW+3Gd//hmpgXm6QvXqpMFBBf7G3qCz69l fl7dRL2hI1tPJIk0C4MIJkUyit8sX0s/jqPmYauH/6KZlNjRFl0L2U/9CTOyoOS0I4ji zfWrxx8z0Str0kVApHxdfbpnUJi1yXr779hrZR4/IJwwFTot855bDeg6bvG/aXl+ZE9K +uF92fJKjHxogVciitAsAit836pbIWkj2d4DSnizCI19V+CHtzmPieGoAv2Wt39BlXAs 5v70fQ3lQCe0oE7lQpYBmUZ8eJInvEZzYBg8eIDlSj5jx9euUALHaolrBiLJNtld7N47 YqvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=mR15qfRQIgEBJqXeO1DKz5rVBYTax5v+BWKoJ6BN0WE=; b=hlinNMQVPwsQ6cCDWw3GT6OqR8DqdBk6B/J2IZVJalKHEnSyNdTnqAV0FCCirTMN+X FwuAoCNlYbQbj3IX3tnLPAQOjv+KZyjLTI+e676idTnkwsWZeUKeVl2la8YffF/gNZiS A2kQhkoBKLjk8A3Pq1T5QSiMyRfcQrairxrCFn7P/fn60loCi26UADQfWuo2/TdQQN5X cpOSgoL/PKmqLAnLeQjpdFMPKtBHyOjQKC9J7hiiNic2ipw/JNZIXOXmsa8cTw9hXVbA +Omt3/gHmtzWrdXfEod8YWke6xeQwPCbmXgoFGGIMO5tS2p57GQfPWfzaUCL7pyfnGs4 Twjg== X-Gm-Message-State: AKS2vOw+vK+JxdSEwKyzXcJRDcM78a5NwcDxBhrYvCrFFsmC+REGLUow D7t0uTPRar3SZRdJGnyfs3deKJqS+8q6 X-Received: by 10.223.177.129 with SMTP id q1mr805947wra.82.1497770556237; Sun, 18 Jun 2017 00:22:36 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.139.142 with HTTP; Sun, 18 Jun 2017 00:22:35 -0700 (PDT) From: John Shearing Date: Sun, 18 Jun 2017 03:22:35 -0400 Message-ID: Subject: Self Destruct - Self Erase of All Data On SD Card Using Shred, To: bug-coreutils@gnu.org Content-Type: multipart/alternative; boundary="f403045e7c7af5aa23055236e100" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -2.4 (--) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Sun, 18 Jun 2017 12:39:16 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --f403045e7c7af5aa23055236e100 Content-Type: text/plain; charset="UTF-8" favorite I will be using a raspberry pi as an air-gapped computer to make secure encrypted transactions on the Ethereum BlockChain. Once in awhile I will want to update the software I am using which will mean taking the SD card out of the pi and inserting it into a laptop computer which is connected to the Internet. I would like to use some program or command line utility on the raspberry pi to securely erase everything on the SD card before removing it as this will eliminate all possibility of sensitive information being read off the SD card by bad actors which may have compromised my laptop. The following command typed in at the pi terminal conveys the idea of what I hope to accomplish: shred --verbose *.* Is this possible using shred? Thanks, John --f403045e7c7af5aa23055236e100 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

I will be using a raspberry pi as an air-gapped= computer to make secure encrypted transactions on the Ethereum BlockChain.= Once in awhile I will want to update the software I am using which will me= an taking the SD card out of the pi and inserting it into a laptop computer= which is connected to the Internet. I would like to use some program or co= mmand line utility on the raspberry pi to securely erase everything on the = SD card before removing it as this will eliminate all possibility of sensit= ive information being read off the SD card by bad actors which may have com= promised my laptop.

The following command typed in at the pi termina= l conveys the idea of what I hope to accomplish:
shred --verbose *.*

Is this possible using shred?=C2=A0

Thanks, John

=
--f403045e7c7af5aa23055236e100-- From debbugs-submit-bounces@debbugs.gnu.org Sun Jun 18 14:43:32 2017 Received: (at 27420) by debbugs.gnu.org; 18 Jun 2017 18:43:32 +0000 Received: from localhost ([127.0.0.1]:55382 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dMfAa-0003lk-Cn for submit@debbugs.gnu.org; Sun, 18 Jun 2017 14:43:32 -0400 Received: from mail.magicbluesmoke.com ([82.195.144.49]:48878) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dMfAY-0003lY-HH; Sun, 18 Jun 2017 14:43:31 -0400 Received: from localhost.localdomain (mobile-166-170-38-143.mycingular.net [166.170.38.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.magicbluesmoke.com (Postfix) with ESMTPSA id C4D5E4ADF; Sun, 18 Jun 2017 19:43:25 +0100 (IST) Subject: Re: bug#27420: Self Destruct - Self Erase of All Data On SD Card Using Shred, To: John Shearing , 27420@debbugs.gnu.org References: From: =?UTF-8?Q?P=c3=a1draig_Brady?= Message-ID: Date: Sun, 18 Jun 2017 11:43:22 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 27420 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) tag 27420 notabug close 27420 stop On 18/06/17 00:22, John Shearing wrote: > favorite > > > I will be using a raspberry pi as an air-gapped computer to make secure > encrypted transactions on the Ethereum BlockChain. Once in awhile I will > want to update the software I am using which will mean taking the SD card > out of the pi and inserting it into a laptop computer which is connected to > the Internet. I would like to use some program or command line utility on > the raspberry pi to securely erase everything on the SD card before > removing it as this will eliminate all possibility of sensitive information > being read off the SD card by bad actors which may have compromised my > laptop. > > The following command typed in at the pi terminal conveys the idea of what > I hope to accomplish: > shred --verbose *.* > > Is this possible using shred? shred already supports passing multiple files, however you would be much safer shredding at the device level, since there is all sort of reallocation etc. happening within filesystems. I.E. something along the lines of: SDCARD=/dev/sdb1 umount $SDCARD shred --verbose $SDCARD mkfs.ext4 $SDCARD Note you can partition the SDCARD if there only a portion that you want to destructively recreate like this. cheers, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 22 04:02:55 2017 Received: (at submit) by debbugs.gnu.org; 22 Jun 2017 08:02:55 +0000 Received: from localhost ([127.0.0.1]:60575 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNx4l-0001hB-SX for submit@debbugs.gnu.org; Thu, 22 Jun 2017 04:02:55 -0400 Received: from eggs.gnu.org ([208.118.235.92]:50051) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNx4k-0001gz-83 for submit@debbugs.gnu.org; Thu, 22 Jun 2017 04:02:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dNx4a-00023A-Mn for submit@debbugs.gnu.org; Thu, 22 Jun 2017 04:02:44 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:51417) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dNx4a-000236-IV for submit@debbugs.gnu.org; Thu, 22 Jun 2017 04:02:40 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41004) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dNx4Y-0003i6-Up for bug-coreutils@gnu.org; Thu, 22 Jun 2017 04:02:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dNx4U-00022J-9Y for bug-coreutils@gnu.org; Thu, 22 Jun 2017 04:02:38 -0400 Received: from mout.gmx.net ([212.227.17.20]:61439) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dNx4T-00021j-R4 for bug-coreutils@gnu.org; Thu, 22 Jun 2017 04:02:34 -0400 Received: from tenfore.site ([92.195.15.151]) by mail.gmx.com (mrgmx101 [212.227.17.168]) with ESMTPSA (Nemesis) id 0M97Nh-1dVKvn1elp-00CQOV; Thu, 22 Jun 2017 10:02:18 +0200 From: Ruediger Meier To: bug-coreutils@gnu.org Subject: Re: bug#27420: Self Destruct - Self Erase of All Data On SD Card Using Shred, Date: Thu, 22 Jun 2017 10:02:16 +0200 User-Agent: KMail/1.9.10 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <201706221002.17350.sweet_f_a@gmx.de> X-Provags-ID: V03:K0:RFhFLo814zwiHGXJpPEsvgQZ/sXe662q6NRzA2kaGuQintOIRRw iDu/EKYirO4IElaZsqLFDgBw+TacyfhNXoY1WT1CvRoJa3ss/3nRewA8mEOtwj9QnQRzfS5 Q5/yIWuzKVuyCOnj6L926O1Tx+miZFcWzFtzeDaIR5Zcup/cp+pGWHJlUzZ5zNWdY5AbGqs EMlLAFTsUKifhmH4U5npg== X-UI-Out-Filterresults: notjunk:1;V01:K0:CS60NlH5FnA=:G6+0nJRfuRhigY/ZRZW4il K3be/xnjWGwNLFlru4X+ojeyk4mhnz0XymrVlC6zJjD6KYF2f6VZ+c/YHVWk+8zEptCZ2h6Lp nBBL8HoobnmCrdK6+ceU/KgE+3mlKxAju1JGnm4gvwndWJ6lmawmD4WlhE7iBOuJzij6FLng7 neLNAWsc/8kGbzMqd2eV/CEvz0pCBuGGR+HZ005ih6T646IwmM7fdeE/BVgFKVj37boLNnirl HwB0ZZxD9YM8A1/1FBJ5VfN35wSXcvGOS3S9k8i0U1eZZAZvAyj06kvAoDHGo+F8bFP6dO/bH C+XBsyX9HvrXItqfB3SJ/Z3GJiYQLLjtO2MxhFcsCM4RUyGgv1krfkjvQLcMAEnzztB8GmFlw Wvb9ZGi8BN4N0NGsOSeLRh81LxUy03rr8Rh1hHIuKmBhWyE9rrScXKEU8NBQENaS1eGB29Qz5 k+hjNsWx399W4xx0dvOD+HAFyvnihOqCjepCkM3UoCy/XXt5ZTZiBSx1ddclCRns/SUFi6Ld6 bvx9gWGb1MtVMTU393SuP/9L8BviDdFMRKc+9F4CPW8GFRvmqpoSrMOv1FOXtMq8xvnbyGipw 4as2pVgV+lTZ2jKgZ9FjIklPQOAdIvVv7xdzA3nzcHAXXtSzr//A/d25E46e3Tu72K4sQGUSn acf4yGFtQAbQiHa6yd3Sb5vPDgPRu+2GTwW2MCD5ZSuiunUslMqc7cjSF4fnUFf/QU7F1eaUc i/XTE1f9RjApvdDGM4hz3GfImGUCwjcUpS83F9M3pwmFd0MAMnUQSDV8ngI= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit Cc: 27420@debbugs.gnu.org, John Shearing , =?utf-8?q?P=C3=A1draig_Brady?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) On Sunday 18 June 2017, P=C3=A1draig Brady wrote: > tag 27420 notabug > close 27420 > stop > > On 18/06/17 00:22, John Shearing wrote: > > favorite > > >t-self-erase-of-all-data-on-sd-card-using-shred-dd-or-some-other#> > > > > I will be using a raspberry pi as an air-gapped computer to make > > secure encrypted transactions on the Ethereum BlockChain. Once in > > awhile I will want to update the software I am using which will > > mean taking the SD card out of the pi and inserting it into a > > laptop computer which is connected to the Internet. I would like to > > use some program or command line utility on the raspberry pi to > > securely erase everything on the SD card before removing it as this > > will eliminate all possibility of sensitive information being read > > off the SD card by bad actors which may have compromised my laptop. > > > > The following command typed in at the pi terminal conveys the idea > > of what I hope to accomplish: > > shred --verbose *.* > > > > Is this possible using shred? > > shred already supports passing multiple files, however > you would be much safer shredding at the device level, > since there is all sort of reallocation etc. happening within > filesystems. I.E. something along the lines of: > > SDCARD=3D/dev/sdb1 > umount $SDCARD > shred --verbose $SDCARD > mkfs.ext4 $SDCARD > > Note you can partition the SDCARD if there only a portion that > you want to destructively recreate like this. Does schred support SSD on the lowlevel? I don't think you can truly=20 wipe na SSD by overwriting it, especially if you would overwrite only a=20 file or partition If the drive supports "ATA Secure Erase commands" you should=20 use "hdparm" like this: https://www.thomas-krenn.com/en/wiki/SSD_Secure_Erase#Step_3:_Secure_Erase Otherwise, and if you are not paranoid, you could also use "blkdiscard"=20 (ATA TRIM). =46YI, here somebody explains the issues with erasing SSDs very well https://superuser.com/a/856491/229214 Regarding shred, maybe it's worth to add something about SSDs in the=20 CAUTION section of the man page. cu, Rudi From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 23 23:09:53 2017 Received: (at 27420) by debbugs.gnu.org; 24 Jun 2017 03:09:53 +0000 Received: from localhost ([127.0.0.1]:35007 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dObSL-0003c3-GO for submit@debbugs.gnu.org; Fri, 23 Jun 2017 23:09:53 -0400 Received: from mail.magicbluesmoke.com ([82.195.144.49]:57342) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dObSK-0003bv-0L for 27420@debbugs.gnu.org; Fri, 23 Jun 2017 23:09:52 -0400 Received: from localhost.localdomain (unknown [73.93.153.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.magicbluesmoke.com (Postfix) with ESMTPSA id 9F996148; Sat, 24 Jun 2017 04:09:45 +0100 (IST) Subject: Re: bug#27420: Self Destruct - Self Erase of All Data On SD Card Using Shred, To: Ruediger Meier References: <201706221002.17350.sweet_f_a@gmx.de> From: =?UTF-8?Q?P=c3=a1draig_Brady?= Message-ID: <4ab207e0-764a-bb3e-fd28-db623c2fd76a@draigBrady.com> Date: Fri, 23 Jun 2017 20:09:31 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <201706221002.17350.sweet_f_a@gmx.de> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 27420 Cc: 27420@debbugs.gnu.org, John Shearing X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 22/06/17 01:02, Ruediger Meier wrote: > On Sunday 18 June 2017, Pádraig Brady wrote: >> tag 27420 notabug >> close 27420 >> stop >> >> On 18/06/17 00:22, John Shearing wrote: >>> favorite >>> >> t-self-erase-of-all-data-on-sd-card-using-shred-dd-or-some-other#> >>> >>> I will be using a raspberry pi as an air-gapped computer to make >>> secure encrypted transactions on the Ethereum BlockChain. Once in >>> awhile I will want to update the software I am using which will >>> mean taking the SD card out of the pi and inserting it into a >>> laptop computer which is connected to the Internet. I would like to >>> use some program or command line utility on the raspberry pi to >>> securely erase everything on the SD card before removing it as this >>> will eliminate all possibility of sensitive information being read >>> off the SD card by bad actors which may have compromised my laptop. >>> >>> The following command typed in at the pi terminal conveys the idea >>> of what I hope to accomplish: >>> shred --verbose *.* >>> >>> Is this possible using shred? >> >> shred already supports passing multiple files, however >> you would be much safer shredding at the device level, >> since there is all sort of reallocation etc. happening within >> filesystems. I.E. something along the lines of: >> >> SDCARD=/dev/sdb1 >> umount $SDCARD >> shred --verbose $SDCARD >> mkfs.ext4 $SDCARD >> >> Note you can partition the SDCARD if there only a portion that >> you want to destructively recreate like this. > > Does schred support SSD on the lowlevel? I don't think you can truly > wipe na SSD by overwriting it, especially if you would overwrite only a > file or partition This is a good point and already mentioned in the shred info docs. That mainly protects against sophisticated access to the device though, whereas the case here is for standard access (through a compromised laptop). cheers, Pádraig From unknown Sun Jun 15 08:57:50 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sat, 22 Jul 2017 11:24:03 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator