1

I'm trying to wipe a 2TB hard drive ready for sale. I was told to zero it out with 7 passes so it would be secure and no-one would be able to retrieve my information. But I'm struggling to find a program that will perform one pass in less than 24 hours let alone 7 passes. I was just wondering out of interest and maybe for some fun, would it be secure to overwrite the data and occupy the empty space with 2000 1GB films?

DonnellyOverflow
  • 1,371
  • 3
  • 10
  • 11
  • differant filesystems have differant ideas of sparseness (files usually have a gap between them, and as the disk fills, the gaps get filled in), so I would say no, that would not be nearly as secure. Additionally it wouldn't take any less time to write the files than it would to zero the drive. One pass is fine. if you disk is external, try putting it in the PC, to get better throughput. finally, your expectation may just be unreasonable. it takes 8-10 hours to format a TB, depending on how its connected, so one pass is probably in the 16-20hr range as it is. – Frank Thomas Sep 04 '14 at 19:29
  • I would ask, what is the difference in time? Applications performing data destruction are limited to disk I/O. Writing different data to the application is not likely to have a different execution time except for possibly writing by different block sizes. – steve Sep 04 '14 at 19:29
  • 1
    Encrypt the drive with say TrueCrypt then delete the partition. File recovery will not be possible. You have to encrypt the free space for this to work by the way – Ramhound Sep 04 '14 at 19:32
  • Steve - it would just be more fun. And slightly easier to track speed too! Ramhound - how would that work exactly? Can anyone confirm? – DonnellyOverflow Sep 04 '14 at 19:34
  • TrueCrypt would randomly encrypt whatever data is in the truecrypt drive. Then deleting it would leave the encrypted data intact. Without the key, how would one get the data? +1 – steve Sep 04 '14 at 19:35
  • 1
    How would what work? Install an OS any OS. Encrypt the entire drive with TrueCrypt. By doing so you have noise on the drive once the Header information is deleted even if anything is recovered all sectors are encrypted and without the key only random noise pick a long (50+) pass phrase – Ramhound Sep 04 '14 at 19:36
  • That's a nice idea. Is that a standard practice? – DonnellyOverflow Sep 04 '14 at 19:40
  • With SSDs more than HDDs dbn is easier for most – Ramhound Sep 04 '14 at 19:41
  • I'll try that then. Seems more secure. – DonnellyOverflow Sep 04 '14 at 19:48
  • @JamesDonnelly, I know you are worried about security, but that really isn't the issue here. wiping the drive vs encrypting it are approximately equal in security, even if you did only a single pass wipe. your file copying approach will not be secure, but the other options are. the question is your time constraints. Its probable that DBAN would perform a single pass wipe in less time than TC could cipher the disk. Numerous studies have shown that data overwritten even once, is sufficiently destroyed unless you have a nation-state as an adversary. – Frank Thomas Sep 04 '14 at 20:34

2 Answers2

2

If you just want to wipe the disk, ensure it's the only disk in the system and then hit it with Darik's Boot and Nuke.

Darth Android
  • 37,872
  • 5
  • 94
  • 112
  • 1
    If you are not a windows user, nothing beats DD! but it still takes time. dd if=/dev/urandom of=/dev/device-to-wipe bs=8M – steve Sep 04 '14 at 19:31
  • What's DD? I'm a mac user (with a windows partition) last time I use DBan I slightly zeroed my boot partition on my laptop and broke it! – DonnellyOverflow Sep 04 '14 at 19:35
  • "man dd" in a terminal. It is a disk tool that "duplicates data." It cares not what a file is (nor does it know what one is) it blindly copies one device to another. We should move this to a chat if you want further information. – steve Sep 04 '14 at 19:46
  • @JamesDonnelly Ah yes, DBan clears all disks in the system. If you can't remove disks you want to keep, might be easier to use `dd`. – Darth Android Sep 04 '14 at 19:57
  • @steve The problem with this is that `/dev/urandom` is very slow, and will slow down the wiping process. – Darth Android Sep 04 '14 at 19:58
  • DBAN is the accepted (and free) tool preferred by most government agencies, law offices, etc. who need to do secure wipes. The level of overwrite can be configured by the user. And yes, writing those 0's in multiple passes will take hours; any faster tool is only wiping out the directory info. – Debra Sep 04 '14 at 22:59
  • @DarthAndroid You may be right. However /dev/urandom speed (or lack of) would be dependent on cpu speed instead of disk I/O. At the very least with MY machines, cpu would not be the bottleneck in that instance unless maybe we were wiping SSDs (maybe) – steve Sep 05 '14 at 17:41
  • @steve On a 3.9GHz Intel Xeon E5-1620v2, `/dev/urandom` operates at 13MB/s - almost 10 times slower than the sequential write speed I find on spinning platter disks (which are often over 100MB/s). Random number generation is *slow*. – Darth Android Sep 05 '14 at 19:05
0

There's no certainty, there's only confidence...

Completely overwriting a drive several times would make it difficult to recover the original data, but not necessarily absolutely impossible - it depends on whether it's a couple of home movies & some bank details, or you had plans to blow up somebody's embassy as to whether the effort required would be worth it.

Re-Writing all the data 7 times will take time - about 7 times more time than filling the drive with irrelevant date once, yet ought to be more 'random' than filling it with files.

If you're really paranoid, the only way to absolutely securely erase a drive is with a large hammer.

Tetsujin
  • 47,296
  • 8
  • 108
  • 135
  • A large hammer is not likely to erase a drive :) – steve Sep 04 '14 at 19:33
  • try it, the smaller the pieces, the less the chance of recovery ;-) – Tetsujin Sep 04 '14 at 19:34
  • Absolutely! IF you can break the platter into pieces with said hammer. Though I understand your meaning. That being said a screwdriver and a welding torch would probably be much more effective. :) – steve Sep 04 '14 at 19:39
  • :-) for sure - my meaning was 'destroyed' = null recovery, 'wiped' = potential... though who knows what the future may bring... – Tetsujin Sep 04 '14 at 19:41
  • An effective way to destroy the drive but not effective if I'm selling it. :') – DonnellyOverflow Sep 04 '14 at 19:42