It's been quite a while since I did an install from scratch and either the prior overwrite option is new since, or I forgot it; the random pattern overwrite choice would be better. The US DoD requires (or did some time ago) multiple overwrites with specified patterns, beginning and ending in zeroes, that resulted in changing each bit three or more times. That requirement was for devices with no classified or personally identity information; those had to be degaussed and shredded physically.
The BIOS would not boot a completely overwritten disk, but the fdisk or cfdisk program, possibly available on a live CD, or maybe whatever disk format program the Debian installer uses would install the necessary boot block. Unless there is a reason for extreme care, the random byte option in the installer s/b quite adequate. Tom On 05/03/2016 04:12 AM, debian-user-digest-requ...@lists.debian.org wrote: On 05/02/2016 05:38 PM, Ralph Sanchez wrote: > Tom-That's what I thought too, but I thought someone said earlier that > during the install w/ encryption, Debian would also zero the disk, or > maybe I'm mistaken. As far as the process if I did what your > suggesting and I was going to do, would it work like this... > > Boot from USB Live ISO > > Run choice zero/random pattern overwrite program > > Install from USB Live > > lol I know it seems simple and like I should know the answer, but I've > never even fully formatted a HDD myself, never had a reason too > (degaussed one, the only other one I ever used haha had that Compaq > Presario tower for yeaaaars) so I guess I was worried if something > happened to make the system reboot with the HDD completely gone the > BIOS system wouldn't boot from the USB either then. I guess this comes > down to not knowing much about the Bios itself, where it's located and > how it works. It's funny how we pass over the simple things when > learning the bigger things we think are more important haha > > On Mon, May 2, 2016 at 7:03 PM, Tom Dial <tdd...@comcast.net> wrote: >> Although encryption of the disk (as offered during installation) is a >> good idea, it protects against loss of the system or disk while powered >> down. It does not protect against unauthorized access to the running >> system, and if the threat model includes that, zeroing (or better yet, >> multiply overwriting with varying patterns and then zeroing) offers >> protection that disk encryption does not. >> >> Neither action protects against determined state equivalent actors or >> malware implanted in the drive controller. >> >> Tom Dial >> >> On 05/02/2016 11:17 AM, debian-user-digest-requ...@lists.debian.org wrote: >>
