Feeds

back to article New Tosh drive can wipe out 4TB 'near instantaneously'

Toshiba has whipped out its own enterprise-class 4TB hard drive just days after Western Digital revealed a 4TB disk. Toshiba 4TB MG Series Toshiba's 4TB MG series Tosh will build the rival drive at the 3.5-inch disk factory it bought from WD. Western Digital had to sell the plant in order to placate China's MOFCOM regulator …

COMMENTS

This topic is closed for new posts.

Page:

Boffin

So how does near-instantaneous drive erasure work?

Is the whole drive encrypted with a key stored in the disk controller, with a one-way key deletion routine engaged when the Sanitize option is engaged? Is there some variation on this on a per-platter basis? Or is it something else?

I can see the potential usefulness for such a function, I'm just intrigued as to how it would work to be sufficiently fast and reliable.

5
0
Anonymous Coward

Yes - I believe that is how it works (or did on the smaller drives for laptops). Basically you can remove the key and the contents are as good as erased.

Assuming, of course, no hidden way to recover older keys... <dons tin foil hat>

9
0
Silver badge
Devil

Picture some gal (mysteriously wearing bondage accessories) from "CSI Army/Navy/Whatever" wheeling in the Atomic Force Microscope while the Guys In Blue keep you in check with hotloaded MP5s...

3
1
Bronze badge
Boffin

Yep, that's exactly right. Apple uses the same trick for the instant remote wipe option on iphones - the whole drive is encrypted using a key that's stored in a secure store (similar to what used the be called "Palladium"), and when a wipe is requested, the key itself is deleted and written over. Shazam, you instantly have a drive image filled with random noise.

3
0
Silver badge

Or that the encryption is just "RANDOM_STRING" XORed with the start of each block.

2
0

The truth is that comparitively few people know what the sanitize/secure erase commands really do. The ATA spec only defines the commands, implementation is left to manufacturers.

The key overwrite idea is simple, logical and probably correct, but only Toshiba knows for sure.

2
0

I don't believe it

The algorithm will be known to the spooks. So find the key from perhaps 1TB of cybertext, there are plenty of supercomputers around the world dedicated to that purpose.

0
0
Silver badge
Meh

And after the Plod / Border Agency type have retreated ...

can the data be recovered?

And if sold in the US will there be a back door marked NSA?

5
0
Bronze badge
Black Helicopters

Re: And after the Plod / Border Agency type have retreated ...

The only way it would be recoverable is if the key is hidden away someplace before the wipe. While this is certainly possible, it's pretty unlikely - if word ever got out that the wipe was reversible, the company would be sued into the stone age.

On the other hand, the warranty might give you a clue. If they don't guarantee in the warranty that a wiped drive is unrecoverable, then you can bet there IS a hidden keystore.

3
0
Flame

"WD's three-platter 4TB SATA product now faces competition from Toshiba's [...] five 800GB platters"

Err... unless WD's drives have a large failure/corruption rate, I don't personally see that as much of a competition.

Even if Tosh's prices are significantly lower, the power and heat reduction are normally enough to convince those with the PO-power.

2
0

5 better then 3 ?

it's been ages since I've done benchmarks on this, but arent more platter supposed to give better read performance ?

And better write performance as well, because if done properly, the r/w can be done by 5 heads at a time in stead of 3 ?

Or is there something Im not seeing ?

1
0
Boffin

Re: 5 better then 3 ?

Probably true. I'm possibly a little short-sighted in that the environments I've worked have either weighed on the stable-cheap-large side (where my gut says three platters would be best) or the get-it-fast side (where we've had the budget to build large SSD arrays).

I've not personally bench-marked on the performance difference in the number of platters, but you've piqued my interested to have a look around.

0
0
Facepalm

Re: 5 better then 3 ?

No, each platter density increase, increases the density of the data on the platter... i.e. denser platters being spun at the same speed as less dense platters equal more data being written/read from the denser platters compared the the less dense platters. i.e. fewer but denser platters are faster and more less dense platters. Check the disk data sheets out for confirmation.

0
0
Silver badge
Boffin

Re: 5 better then 3 ?

Here's how the platters/density debate stacks up, from first principles:

Picture a drive with one platter and two cylinders. With heads on each side, this gives you the potential to read/write two tracks at once out of the four total.

Now quadruple your data by adding three more platters and you can read eight tracks at once out of the sixteen total. Consequently, your sequential read speed quadruples.

However, it take the same amount of time to seek between the two cylinders as it did before, so random performance doesn't increase much.

If instead you quadrupled the density of the drive, you'd now have one platter with four cylinders each with twice as much data per track.

So your sequential read speed doubles, but your seek time also decreases (because the cylinders are closer together, reducing head travel time), improving random performance.

In short, if you want raw sequential performance, increase the number of platters. If you want random performance, increase density. If you want to store gobs of data, increase both.

3
0

Re: 5 better then 3 ?

In the 1990s drive vendors switched from a dedicated servo surface to servo information embedded between the data sectors on each surface. As a result the drive adjusts to put the active head in the middle of each track based on the servo positioning data embedded in the data surface for that head.

This allowed tighter track spacing but eliminated the ability to use heads in parallel. When the drive switches heads it has to reposition to align with that head's data. On many drives moving track to track is actually faster than head to head.

0
0
Silver badge

Not as much fun as having your NAS mounted in a large, pre-strung catapult.

13
0
Bronze badge

RE: Not as much fun as having your NAS mounted in a large, pre-strung catapult.

Not me, I would rather have a certain mangler(1) mounted in a large, pre-strung catapult, with a remotely controlled release mechanism.

(1) Read that as a former boss.

0
0
Anonymous Coward

I don't trust these not to have back doors.

The only way to be sure your data is erased is to fling a block of ice at the site it with a railgun.

2
0
Bronze badge
Big Brother

Re: I don't trust these not to have back doors.

I think it's a step in the right direction. There's never anything bad about making strong encryption more common - it makes for easier plausible deniability when you really ARE encrypting something important.

However, this will not change my bulk erase process either. I don't use a railgun, but when I want to "erase" a hard drive, I take it down to the shop and punch multiple holes all the way through the case with a drill press. Try to recover THAT.

0
0
Silver badge

Re: I don't trust these not to have back doors.

Not convinced even that's enough - when I were a lad floppy disks had holes in them to indicate sector start!

You'd be surprised how much information can be retrieved from a section of broken platter - the densities on today's means you can get a whole library onto a nail head.

If you can use a weapons grade eraser on a drive then considerable heat is the only way - if a health hazard and probably illegal.

0
0
Silver badge
Thumb Down

Re: I don't trust these not to have back doors.

I remember seeing a demonstration 20 years ago from a data recovery firm who punched a pencil through a floppy and then recovered all the data apart from the bit that was in the hole. An HDD with drill holes should be just as recoverable (although quite expensive).

0
0
Silver badge

Re: I don't trust these not to have back doors.

giant degausser

0
0
Bronze badge
Boffin

Not the same thing

Fun topic! The areal density of floppies was so low that you could practically read them with magnetic ink (does that still exist? I vaguely remember seeing it used to diagnose a problem with a mainframe tape, decades ago) and a magnifying glass. Modern hard drives? Not so much.

I mean, if the world depended on it, maybe you could make some kind of crazy device that could get at the tiny domains on a modern hard drive platte without being able to spin it, but wow, that would be difficult.

Besides that, the magnetic substrate on the drive is REALLY thin - driving a drill through the platter is going to delaminate the hell out of it, and now your data is dust in the air. And then you have laptop drives, where the platter seems to be made of some kind of glass and shatters into a billion pieces when the drill bit hits it.

FYI - it is next to impossible to use a degausser on a modern hard disk and actually erase everything. If you took the platters out and ran them directly over the magnet, MAYBE you'll erase some of it with each pass. But if you've done that, you may as well use a sanding wheel on the platter, since the drive is never going to work again anyway.

0
0
Boffin

Re: Giant degausser

Modern drive heads don't actually read absolute magnetization. Instead, they read relative magnetization from one sector to the next. Those sectors are very, very close together so any macroscopic magnet is going to hit all of the neighboring sectors almost as hard as the target sector, meaning no change in relative magnetization. Once you hit saturation, you can start breaking data, but experiment shows that the fields needed to get to that point are sufficient to physically rip the platter apart. Your best bet by far is the sector-local fields you can generate with the write head of an operating drive, even compared to physical destruction.

This is not to say that magnets are harmless to hard drives - they can cause head crashes in a running drive. But if you're worried about NSA-level data recovery efforts, a giant degausser will do nearly nothing to corrupt the data.

1
0
Bronze badge

Re: I don't trust these not to have back doors...Try to recover THAT.

My preferred method of data security:

http://www.youtube.com/watch?v=yd_O7-rqcHc

Although I am not specifically endorsing this company, just the method.

Also, at about 2:55 into this one, is another method:

http://www.youtube.com/watch?v=oNcaIQMjbM8

quite effective.

0
0
Silver badge
FAIL

Oh Dear. Another target for the Virus writers to go after

They must be rubbing their hands with glee at the thought of writting some malware that goes around doing this 'just for Kicks'. This is just a far too tempting target to not go after.

The more enterprising of them might even look at turning other types/makes of drives into doorstops.

What are the people at Toshiba thinking of?

3
0
Silver badge

Re: Oh Dear. Another target for the Virus writers to go after

"What are the people at Toshiba thinking of?"

Sales.

If a haXX0r can issue ATA commands directly to the drive, then you're fucked one way or another. And from that point, a full restore is the only way to trust the data.

5
0
Devil

Re: Oh Dear. Another target for the Virus writers to go after

When was the last time you actually saw a destructive virus?

The virus writers are just rubbing their hands in glee at the mess which is windows 8, causing everyone to stay on 7/XP

1
0
Black Helicopters

Re: Oh Dear. Another target for the Virus writers to go after

Not a lot of point in hackers going after this; viruses these days are almost all designed to generate money for the writer one way or another, and destroying the data won't net them a penny.

Of course if they could somehow copy the key before invoking the scramble command, then it might be a useful blackmail tactic...

0
0
Happy

Re: Oh Dear. Another target for the Virus writers to go after

I'm sure there are plenty of politicians and CEOs who would find an "instant scramble" feature *very* appealing...

0
0
Devil

Re: Oh Dear. Another target for the Virus writers to go after

When I were a lad, viruses actually did something.

1
0
h3
Bronze badge

Dunno about this.

Enterprise grade drive that you cannot boot from properly (At least with RHEL6 last time I checked).

I thought Enterprise grade drives were 2.5" 15krpm SAS (512k sectors).

OS support other than Windows 2012 is not good for 4k sectors. Raid card support for it is another issue.

I also thought enterprise disk systems needed lots of spindles. (Hence the 2.5"). Otherwise you might as well just use 2 enterprise grade SSD's in Raid1 and some type of SAN.

Dealing with alignment is a pita. (I don't think it is worth it in a commercial setting).

0
0

Re: Dunno about this.

Why can't you boot from it properly? That said, I always create a smaller /boot GPT partition so if I have to boot off a tools cd it doesn't freak out.

Do enterprises just spend a lot of money on stuff like small 15k drives and raid cards and drive bays if they're making bulk disk storage that's not accessed often? Or do you just commonly fill up the $250k san with long term files? Have you priced 1TB of RAID1 enterprise SSD storage?

Raid cards with support exist, don't piecemeal crap together. A set of 4TB disk can saturate older sata standards on streaming reads, so it's likely that most people will be putting disks this large in new systems.

Data alignment is an issue with 512b sectors, not just 4k sectors, get used to it when dealing with raids.

http://www.mysqlperformanceblog.com/2011/06/09/aligning-io-on-a-hard-disk-raid-the-theory/

0
0

Re: Dunno about this.

You seem to be forgetting that there are some other enterprise operating systems (besides Windows 2012) that have supported 4k sectors (and automagical alignment, the sysadmin doesn't even have to know what 'alignment' means) for years.

And while some enterprise workloads make the price bump for a 15k 2.5" drive worthwhile, there are other workloads that don't demand the performance, and thus work fine with cheaper, higher capacity disks. Just like how plenty of enterprise workloads work well on 'consumer' SSDs, for a large cost savings.

1
0
Coat

Toshiba have always had this capability

It's just that it now happens at the click of a button rather that when you're least expecting it.

12
0
Holmes

Toshiba's self erasing 4TB spinner

Soon to be on the shopping list of every paedophile, wannabe terrorist, conspiracy theorist and the extremely paranoid...

Who knows, perhaps Whitehall and The White House may invest in some...

0
2

Re: Toshiba's self erasing 4TB spinner

Absolutely agree - but I also wonder what'll happen if the Polis confiscate one of these, manage to scramble it with a butterfingers forensic IT analysis, and then tell the hapless owner he'll be prosecuted unless he can produce the decryption key.

Secure crypto systems such as this are probably necessary in the enterprise, but for individuals I see more risk than benefit.

3
0
FAIL

Re: Toshiba's self erasing 4TB spinner

I'm sure Mitt Romney would have wanted something like this when he left the MA governor's office... would have save a lot of time in erasing the records of his office and staff.

Fail because Romney failed at reality.

0
0

This post has been deleted by its author

Silver badge

Re: I imagine...

We've got a good few years before legislation catches up with the technology.

1
0
Anonymous Coward

Re: I imagine...

The decryption keys are no use if the data necessary to use them has been destroyed, and the court will have a whale of a time proving you tried to destroy evidence with all of the evidence actually being destroyed.

0
0

Re: I imagine...

as i recall previous discussions, you only need to hand it over if you possess it. which you wouldnt. if they tried to prosecute on that basis, it would be fairly easy to say 'i'd love to, but sadly as you can see in the manual, its a one-way encryption'. even if you triggered it as they stormed the stairs, you could probably say 'i didnt know it was police coming up the stairs, i thought it was some business competitors so i erased it. the same data is on these drives if you'd like to take a look?' and they'd be hard pressed to prove you wrong.

in terms of disposal of old drives though - it saves money on shotgun cartridges, i suppose.

1
0
Bronze badge
Coat

Re: I imagine...

Sorry, your honor, but I don't HAVE the encryption keys, nobody does. Oh, and the drive has holes drilled in it.

0
0
Black Helicopters

Re: I imagine...

... but you cannot be *made* to hand over something that you don't have :-)

I suspect that the crypto key will be something like hmac_sha256(<drive serial number>, "TOSHIBA") and therefore easily regenerated when needed (the strong "TOSHIBA" might actually be a secret that is "lawfully available" to government types ... buit there again it might turn up in the drive controller firmware... thinks DeCSS ;-)

G

0
1
Anonymous Coward

Re: I imagine...

... but you cannot be *made* to hand over something that you don't have :-)

It depends on the competence of the judge to see if you get away with "I nuked it *before* you slapped a RIPA warrant on me". Personally, I wouldn't bet on it.

0
0
Anonymous Coward

Re: I imagine...

<i> > It depends on the competence of the judge to see if you get away with "I nuked it *before* you slapped a RIPA warrant on me". Personally, I wouldn't bet on it.</i>

I suspect that even if you got away with that they would just do you for obstruction of justice.

0
0
Silver badge

Re: I imagine...

I already handed over the decryption key, it was on the disk, and I don't have any other copies.

1
0
Unhappy

Re: I imagine...

How about some "evidence destroying" charge?

0
0
Silver badge

Re: I imagine...

> I suspect that even if you got away with that they would just do you for obstruction of justice.

I would imagine that they would have to have some evidence other than the content of the hard drive, to suggest that you were up to no good otherwise how can they construct a case against you without the disk image?

If the seizure was a fishing expedition, then they couldn't really get away with charging you for the destruction of your own property, which is not illegal. It only becomes evidence once they seize it.

0
0
Happy

Blank drives = suspicion

Nothing arouses suspicion more than a blank hard drive in a PC. What the utility needs to do is overwrite the drive with a two year old copy of XP, full of useless documents, holiday pics and other rubbish accumulated over time.

4
0

Page:

This topic is closed for new posts.