Obligatory “asking for a friend”. But no, like, if enemies of your state were possibly going to overrun a data center you rent a spot at but you still have some time, what’s the quickest way to, remotely, absolutely ruin any of the data on the disks? I can remember seeing old IBM "Death"Stars with the magnetic medium stripped clean. Don’t necessarily need that blatant a result, but say you didn’t have enough time to know if a basic dd /dev/{zero,random,urandom} /dev/mraid0
could run long enough to overwrite everything even just once, let alone a few times.
Alternatively, is there a file system which is purpose built for this sort of thing, where you send the array some sort of panic code – and I’m not considering drive encryption with a hardware or software key, whereas even if they were in place they are external to the disks themselves and thus at risk from external factors, rather than there being some command I can send to, well, if not crash the heads, then otherwise completely unravel the data structure in an irretrievable way with just one or two commands?
Hang the drives on electromagnetic mounts that will immediately disengage with a remote command, dropping them into industrial shredders below. The shredded bits then fall into a tray which sits atop a powerful degausser
If your threat model includes state actors, a head crash ain’t gonna cut it. If you want a rabbit hole to go down, check out data recovery videos on YouTube. They’re very insightful.
Best choice would probably be to have every second rack slot be just a big bucket of gunpowder or powdered magnesium that you can set off with a relay
Just as a POC, I set up an old Radio Shack bulk tape eraser next to a drive (don’t worry - it was in SMART pre-fail already) to see what’d happen. Just turning it on for a split second made the drive completely stop being able to access anything.
It took me longer than I care to admit to figure out what being a person of color has to do with it.
A head crash will not destroy data.
It will only damage the heads and damage the platters in a certain point but leave all data totally and easily recoverable.
If you want to wipe a drive quickly get a degausser or a shedder that shreds a drive down to less than 3mm bits.
Say more about why you don’t want to use encryption for this?
This is easily done with encryption:
dd if=/dev/urnadom of=/dev/mraid0 oflag=sync bs=1M count=2
. It’s thebs=1M count=2
that makes it fast – you only need to clobber the first 2 megabytes of the disk, where the encryption keys are kept. (Yes, the keys are 2 entire megabytes! They’re stretched so that if the underlying hardware re-maps a sector to account for a physical media problem, only a small portion of the key is affected, rather than ‘the sector with the whole key’ being re-mapped. (Re-mapping sectors can leave mostly-but-not-entirely-inaccessible copies of old data laying around. We’d rather that happen to small chunks of a key rather than whole keys.))I don’t believe there are valid arguments for failing to trust AES 256 encryption in an open source implementation that has aged well. For your situation use Veracrypt virtual drives. Unmount the drives remotely. Done.
Potentially relevant https://xkcd.com/538/.
In UK, and I expect other parts of the world, it is illegal to refuse to hand over encryption keys when compelled to do so by a court and the result is a jail sentence.
https://wiki.openrightsgroup.org/wiki/Regulation_of_Investigatory_Powers_Act_2000/Part_III#:~:text=Part 3 of the Regulation,up to two years’%20imprisonment.
No password to gain if you stored it on paper. Get creative for your poor man’s switch. If you are already recycling paper without a care for longevity, the acid will quickly plump the indentation from your writing pressure and diplace ink and “graphite.” Great for the enviornment and ridding you of your pharmacy papers. Not so great for your sanity because it becomes a hobby.
So what happens if the suspect just goes “uhm I forgot”. There’s not really a way to prove if he forgot, or is refusing to tell.
A hammer is the best way
Full disk encryption is the only way. Some action that forces the disks to unmount and wipes the keys from RAM. Could be as simple as a forced reboot depending on how you set things up…
Nope
Plenty of people have hair brain ideas but generally speaking if the G-Man is coming after you, you’re fucked. The silk road guy is a good example. They set up a whole operation just to ensure they’d have computer access at the time of arrest.
Newer (think post 2015) nvme drives have secure erase.
The way it works is the drive is encrypted w/ a key transparent to the user. Issuing the secure erase clears the key in the firmware of the drive rendering all data useless. Then it goes into a state to zero the drive which cannot be interrupted (all commands to the drive go unanswered, if the drive has power it will zero until its done)
Hdds? Maybe self encrypted enterprise drives exist but I have personally never used one.
Play them Janet Jackson.
Miss Jackson, if you’re nasty.