When getting rid of a hard drive, I, like everyone else like to be secure about it. After collecting my data I usually like to overwrite the drive with garbage. In the past I used to just use the basic DD approach to zero the drive out.
dd if=/dev/zero of=/dev/sd<DRIVE>
This works fine but I started hearing rumors of being able to recover data from a zeroed out drive. Indeed this is partially true. Zeroing out is probably sufficient in most cases.
Ideally, I would write data out from /dev/random or /dev/urandom (whatever your system has) but the amount of entropy that is harnessed here is not enough to saturate the write speed of the drive meaning that it will take
forever a very long time. Never the less I was curious to find out about another option to wipe a drive.
This approach uses OpenSSL with seed data from /dev/urandom. Supposedly it is possible to generate about 1.5gbps of garbage data with this technique… I’ll never know though because the write speed of my drive is nowhere near that.
Use the following command to randomize the drive/partition using a randomly-seeded AES cipher from OpenSSL (displaying the optional progress meter with ):
# openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt </dev/zero \ | pv -bartpes <DISK_SIZE> | dd bs=64K of=/dev/sd"X"
where the (optional) total disk size in bytes (
DISK_SIZE) may be obtained via:
# blockdev --getsize64 /dev/sd"X"
Sidenote: I love the use of PV here, this is an underloved utility that is truly awesome; I’ve only ever used it in one other place. TARing a remote file over SSH for delivery on my local machine (shown below).
ssh –c blowfish user@host "tar cjpf - /home/user/file" | pv | cat > ./file.tar.bz2