1

I happen to know that formatting a disk even 10 times does not destroy everything. Is there a good shredding utility I can use on Linux ?

Joseph Quinsey
  • 587
  • 1
  • 9
  • 26
statquant
  • 245
  • 1
  • 2
  • 9
  • 2
    Zero-filling does. `dd` is enough for that. – Dennis Jan 26 '13 at 00:16
  • Need to do it more than once. And even so data can be recovered. Use `shred(1)` on the disk. It also works on files, but _not_ on COW-based filesystems like btrfs. – vonbrand Jan 26 '13 at 07:56
  • 1
    I always scratch my head over posts like these. Not to many people have the equipment to read data that has been overwritten even once. And those that do are likely to get your data before you can erase it... – Keltari Jan 26 '13 at 09:27
  • @Keltari: I hear you, but still it is good to know – statquant Jan 26 '13 at 12:44

3 Answers3

3

With conventional hard drives, a single wipe with zeros may be enough

The 'multiple wipes' method assumes that you're using older drives (with larger magnetic domains). The 'definitive' paper on data destruction by Guttmann suggests 35 different patterns - which are effective on different types of drives.

Guttmann suggests filling the drive with random data these days and a single wipe would do according to most. The shred command works for that.

The situation with SSDs is more muddied. Bell and Boddington at Murdoch University claim that the garbage collection on SSDs tends to overwrite deleted data in their paper. A team at the University of California claims the exact opposite, that nothing short of physical destruction works and that both ATA secure delete and shredding methods fail in most cases. Taking all this into account toolwise, you should consider shred (which does a high level secure wipe), and running a SATA secure wipe from HDparm if you can which is at lower level. That should handle most situations I believe. You should also consider encrypting any data worth deleting from the get go.

Journeyman Geek
  • 127,463
  • 52
  • 260
  • 430
  • Hi, thanks, I had a presentation from our departement of defense on computer security, I was amazed by the lack of security and how easy it was to hack un protected systems. – statquant Jan 26 '13 at 09:08
  • This answers cites the Usenix paper on the faultiness of Secure Erase implementations and then goes on to recommend using Secure Erase. Further, `shred` does nothing that `dd` can't do, and neither are effective for wiping flash drives. – Hashim Aziz Dec 24 '18 at 18:58
  • Gutman's paper has been widely misinterpreted. Gutman never actually said that those 35 patterns were necessary, only that he thought they were likely sufficient, given his speculations about how data retrieval _might_ be possible - but he never cited any examples of it ever having been done. And there are sound reasons for believing that a single overwrite with random data is sufficient to wipe _any_ hard drive of any technology. – Jamie Hanrahan Jan 05 '19 at 06:32
2

For entire disks, there's the shred command, which by default only overwrites three times but with the -n <number> option can do as many passes as desired. It doesn't work so well on individual files in journaled filesystems, though. With the -z option, shred will do an extra pass with 0s afterward, so the shredding isn't immediately obvious.

Darael
  • 512
  • 2
  • 10
0

You can copy rubbish multiple times.

for i in `seq 1 35`; do
  dd if=/dev/urandom of=/dev/sdX
done
ssice
  • 874
  • 7
  • 17
  • That unnecessarily slow. See [my answer to zero fill vs random fill](http://superuser.com/a/522765). – Dennis Jan 26 '13 at 01:12
  • @Dennis it's not *that* slower than zeroing the disk, and it provides a higher security level. If you are zeroing a disk, maybe 1 minute more or less won't really matter. – ssice Jan 26 '13 at 02:44
  • It is much, much slower. On my machine, `/dev/urandom` takes 52 seconds to produce 1 GB of output. That's more than 14 hours for 1 TB, and 21 **days** for overwriting the disk 35 times. In comparison, zeroing a 1 TB hard drive once should take less than 3 hours (assuming 100 MB/s avg. write speed). – Dennis Jan 26 '13 at 03:03
  • It's got no advantage over `shred`, though (both will deplete the entropy pool to some extent, this being the downside of random writes), and it's rather a lot more to type. – Darael Jan 26 '13 at 18:10
  • @Darael Sure. Your answer and mine were more or less simultaneous, I didn't see yours. However, I don't think there's a need to downvote. – ssice Jan 26 '13 at 18:13
  • @ssice Which is, in fact, why I didn't. – Darael Jan 26 '13 at 18:14
  • @Darael I didn't want to imply that. Only the first two sentences should apply as an answer. Sorry if it seemed to mean that. – ssice Jan 26 '13 at 18:16
  • @ssice Nono, not at all. I thought there had *been* a downvote, and it looked like I had done it, and I wanted to clarify that I didn't. If an apology is needed, it should be from me. – Darael Jan 26 '13 at 18:19