IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [storage]

Details on how data is being kept in memory/on disks, most frequently being applied to databases, media banks and backup-recovery solutions.

239 questions
103
votes
4 answers

Why is writing zeros (or random data) over a hard drive multiple times better than just doing it once?

Lots of different programs, such as Darik's Boot and Nuke, let you write over a hard drive multiple times under the guise of it being more secure than just doing it once. Why?
Tom Marthenal
  • 3,272
  • 4
  • 22
  • 26
102
votes
8 answers

How can I reliably erase all information on a hard drive?

As storage technologies change over time, using different encodings and remappings to deal with sector errors, the best way to permanently erase/wipe/shred data changes also. Methods for flash drives and other solid-state drives are covered nicely…
nealmcb
  • 20,544
  • 6
  • 69
  • 116
90
votes
1 answer

Wiping an SSD with Parted Magic seemed too quick

I'm selling a computer with an SSD (it's a Lenovo ThinkPad Carbon X1). I wiped the drive using Parted Magic. I used the ATA method. I'm not sure what that is but it was the only setting available. It said it would take two minutes but the wipe was…
user1102550
  • 981
  • 1
  • 10
  • 15
66
votes
7 answers

Is it safe/wise to store a salt in the same field as the hashed password?

In using Argon2 for hashing passwords in my application, I've noticed it generates a string like this (e.g. for password "rabbit"): $argon2i$v=19$m=65536,t=3,p=1$YOtX2//7NoD/owm8RZ8llw==$fPn4sPgkFAuBJo3M3UzcGss3dJysxLJdPdvojRF20ZE= My understanding…
PenumbraBrah
  • 771
  • 1
  • 5
  • 6
59
votes
3 answers

When using AES and CBC, is it necessary to keep the IV secret?

If I encrypt some data with a randomly generated Key and Initialization Vector, then store all three pieces of information in the same table row; is it necessary to encrypt the IV as well as the Key? Simplified table structure: Encrypted data Key…
Stu Pegg
  • 693
  • 1
  • 5
  • 6
47
votes
8 answers

What are some considerations before moving personal data to Google Drive?

I am considering uploading some (all) of my digital personal data to Google Drive. I guess this would instantly grant access for NSA to my data. (Is that right?) Who would have access to my data on my gDrive? After deleting some files on the Drive,…
gen
  • 1,660
  • 2
  • 18
  • 18
42
votes
8 answers

Is it okay for API secret to be stored in plain text or decrypt-able?

Aren't API keys considered usernames and API secrets considered passwords? Why is it that API servers like Amazon Web Services allow you to view your API secret in plain text? It makes me think they store it in plain text or at least in a…
IMB
  • 2,888
  • 6
  • 28
  • 42
39
votes
2 answers

How should an application store its credentials

Context When developing desktop applications, you will occasionally have to store credentials somewhere to be able to authenticate your application. An example of this is a Facebook app ID + secret, another one is MySQL credentials. Storing these…
Zar
  • 492
  • 1
  • 4
  • 7
29
votes
5 answers

Does the destruction of sensitive information limit the choice of hard drives to non-flash based devices?

Working with a non-profit organization,it's common to reuse hard drives that have previously stored highly sensitive information such as medical and financial records. This is primarily driven by cost-saving measures to reduce purchasing new hard…
Motivated
  • 1,493
  • 1
  • 14
  • 25
27
votes
3 answers

Is Firefox Password Manager less secure than LastPass?

After installing the LastPass password manager, I am presented with a login dialog including the option to "Disable Insecure Firefox Password Manager". (This option appears as long as the Firefox Password Manager is enabled, whether or not a master…
lofidevops
  • 3,550
  • 6
  • 23
  • 32
25
votes
5 answers

ZX Spectrum tape loader: how was copy prevention implemented?

I am curious how copy prevention was implemented for games or other programs loaded from cassette on the micro computers of the early 1980s, such as the ZX Spectrum 48k. If I recall correctly, some games even managed to defeat direct tape-to-tape…
D.H.
  • 628
  • 7
  • 14
25
votes
4 answers

To what extent does formatting a disk (securely) remove its data?

If the goal is to make data no longer retrievable, how secure is it to format the disk? I assumed formatting the disk overwrites free space (thus making it a safe bet no one's going to be able to retrieve the data) but according to webopedia this is…
Celeritas
  • 10,039
  • 22
  • 77
  • 144
22
votes
5 answers

Considerations for long-term key storage (paper backup, media for vault storage)?

I'm reviewing our company's security procedures regarding cryptographic keys and master passwords, and also my private system at home. The key generation process is pretty much the same as that outlined in Recommended operational security for…
DarthGizka
  • 371
  • 3
  • 9
19
votes
4 answers

Why is writing zeros (or random data) over a hard drive used when writing all ones is more beneficial?

As far as I know, in order to securely delete the hard drive's contents, one should fill it with zeroes or, for added security and harder recoverability, random data first and then all zeroes. In order to get rid of all the data wouldn't be simpler…
Serban Razvan
  • 309
  • 2
  • 5
19
votes
1 answer

Is there a Yubikey equivalent to "stealing the hard drive"?

Maybe I'm essentially asking an electronics / storage question... This question is similar, though I think it was maybe asked more about physical security while the answer was more about malware. This question explains that YK "stores the key on its…
dcc310
  • 301
  • 2
  • 5
1
2 3
15 16