I bought some used hard drives, from a vendor that was new to me. I was careful with burn-in and testing, as they were being shipped and deployed remotely. I checked for defects and verified capacity. Testing quickly was important, so I could return something that wasn’t working, and get a replacement.<\/p>\n\n\n\n\n\n\n\n
Most drives have SMART diagnostics<\/a> built-in. It’s a good first pass, requiring little CPU or I\/O from the system.<\/p>\n\n\n\n Using an external USB enclosure, and a Linux system, I ran I can’t find my references for parsing the results; perhaps refer to the Wikipedia page<\/a>.<\/p>\n\n\n\n Of the three drives, one wasn’t recognized. I plugged it in internally; it was recognized, though it yielded errors in the system logs, and Or, Checking for counterfeits, bootlegs, and fakes<\/p>\n\n\n\n An issue mostly seen with flash drives: scammy, dodgy firmware lets it claim<\/em> to have a multiple of its real capacity. If you try writing beyond its real capacity, it could:<\/p>\n\n\n\n badblocks is a classic tool for testing drives – however, it was first built for floppy disks. For the nondestructive mode, it would notice the first one (discarding data) but not the second (wrap around to earlier data). The Arch Linux wiki page for badblocks<\/a> has a suggestion about using a crypto layer above the device.<\/p>\n\n\n\n I’m largely working from a Synology NAS. It lacks Using an encryption key, we’ll fill the drive with encrypted zeroes. This would be ordering-sensitive – one can’t start decrypting from the middle. Then we’ll decrypt, starting from the beginning, and count how many zeroes we get back from the drive.<\/p>\n\n\n\n (Avoiding ECB mode<\/a>.)<\/p>\n\n\n\n CBC mode<\/a><\/p>\n\n\n\n “In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point.”<\/p>\n<\/blockquote>\n\n\n\n Note: this can destroy any data on a drive, so check and double-check the device, This quick-and-dirty attempt worked quickly enough on my Synology NAS:<\/p>\n\n\n\n That writes 800 x 10GiB chunks, for a total of 8TiB. It prints “.” every chunk, about one a minute.<\/p>\n\n\n\n This doesn’t print progress information:<\/p>\n\n\n\n For my 8TB drive, the output:<\/p>\n\n\n\n There’s some difference between that and 8TB, due to base-10 terabytes vs base-2 tebibytes, but this ruled out that it was really a 1TB drive, handling my concern.<\/p>\n\n\n\n My first attempt at reading zeroes involved Hardware acceleration for aes 256 is common, along with Linux kernel support; I don’t think this method takes advantage. Adding I would have loved<\/em> to use pv – pipe viewer<\/a> – for a handy progress meter and estimate for how long it would take, but it wasn’t readily available for my NAS.<\/p>\n\n\n\n Side note: I tried this on my Raspberry Pi 4. I was able to use I didn’t use these, but they’re likely better-put-together and more usable than my quick draft above. \ud83d\ude42<\/p>\n\n\n\n about I bought some used hard drives, from a vendor that was new to me. I was careful with burn-in and testing, as they were being shipped and deployed remotely. I checked for defects and verified capacity. Testing quickly was important, so I could return something that wasn’t working, and get a replacement.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-236","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/pronoiac.org\/misc\/wp-json\/wp\/v2\/posts\/236"}],"collection":[{"href":"https:\/\/pronoiac.org\/misc\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pronoiac.org\/misc\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pronoiac.org\/misc\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pronoiac.org\/misc\/wp-json\/wp\/v2\/comments?post=236"}],"version-history":[{"count":7,"href":"https:\/\/pronoiac.org\/misc\/wp-json\/wp\/v2\/posts\/236\/revisions"}],"predecessor-version":[{"id":243,"href":"https:\/\/pronoiac.org\/misc\/wp-json\/wp\/v2\/posts\/236\/revisions\/243"}],"wp:attachment":[{"href":"https:\/\/pronoiac.org\/misc\/wp-json\/wp\/v2\/media?parent=236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pronoiac.org\/misc\/wp-json\/wp\/v2\/categories?post=236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pronoiac.org\/misc\/wp-json\/wp\/v2\/tags?post=236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}smartctl<\/code> to test them. I ran smartctl --scan-open<\/code> to detect the device and type. Of the SMART tests:<\/p>\n\n\n\n\n
conveyance<\/code> wasn’t available.<\/li>\n\n\n\nshort<\/code> was quick, a few minutes.<\/li>\n\n\n\nlong<\/code> took around 10 hours.<\/li>\n<\/ul>\n\n\n\nsmartctl<\/code> was unable to start any tests. I returned this one drive for replacement, without issue.<\/p>\n\n\n\nverifying capacity<\/h2>\n\n\n\n
\n
cryptsetup<\/code>, and I’m not going to investigate how to install it, but the idea is sound:<\/p>\n\n\n\nAbout encryption mode<\/h3>\n\n\n\n
\n
Writing encrypted zeroes<\/h3>\n\n\n\n
\n
sdq<\/code> on mine. If it breaks, you keep both pieces.<\/p>\n<\/blockquote>\n\n\n\ndate\n(for i in $(seq 800); do \n cat \/dev\/zero | head -c 10000000000\n >&2 printf \".\"\n done) | \\\n openssl aes256 -pass \"pass:testing\" > \\\n \/dev\/sdq\ndate<\/code><\/pre>\n\n\n\nVerifying encrypted zeroes<\/h3>\n\n\n\n
# cat \/dev\/sdq | \\\n openssl aes256 -d -pass \"pass:testing\" | \\\n cmp - \/dev\/zero<\/code><\/pre>\n\n\n\n- \/dev\/zero differ: char 8000000000001, line 1<\/code><\/pre>\n\n\n\nSide notes<\/h3>\n\n\n\n
Performance<\/h4>\n\n\n\n
xxd -a<\/code>, which would essentially hexdump one line of zeroes, and skip other all-zero rows. I estimated the rate as under 1\/10th the writing speed.<\/p>\n\n\n\n-evp<\/code> might do the trick though.<\/p>\n\n\n\nwhy not use
pv<\/code> on the Synology?<\/h4>\n\n\n\nRaspberry Pi notes<\/h4>\n\n\n\n
pv<\/code> here for a nifty progress meter, get an ETA, etc. However, it ran at something like 1\/4 the speed – unoptimized openssl? – so, non-starter. openssl<\/code> required -md -md5<\/code> to accept the password; that’s deprecated. For what I’m doing, I didn’t have to worry about zeroes falling into the wrong hands.<\/p>\n\n\n\nOther software for this<\/h2>\n\n\n\n
\n