2 comments on “How to work with secret data?

  1. Good advice, just one minor suggestion – when scrubbing a new disk, rather than writing to a file on the file system just write random data to the raw disk device e.g.
    dd if=/dev/urandom of=/dev/sda
    (replace /dev/sda with the disk device)
    then run cryptsetup to set up encryption, then format the plaintext device in /dev/mapper with your chosen filesystem

    Obviously you can’t do this to a disk that is in use unless you back up to another disk first and restore afterwards.

Please let me know what you think in the comments ...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s