Securely wiping data with minimal tools
2016-11-21 23:27 by Ian
This was an email I wrote to some coworkers explaining how I securely wipe data. I am reproducing it here.
NOTE: It is not strictly true that urandom produces (somehow) worse random numbers. But without digressing into randomly-seeded PRNGs and entropy pooling, this was the best I could do. Badly phrased. Sorry. :-)
2014.10.20
This is the method I use to backup partitions (or full drives). It also covers zero'ing the slack space to get better compression:
http://www.linuxweblog.com/dd-image
To wipe a drive, I use this command (don't run it unless you want to completely wipe the drive!):
dd if=/dev/urandom of=/dev/sdb bs=1024
Outfile is sdb because you cannot run this on a live OS. Wiping a drive that is mounted is a sure way to crash your system.
If you only want to wipe the 2nd partition on /dev/sdb (IE, sdb2), the command becomes...
dd if=/dev/urandom of=/dev/sdb2 bs=1024
Or to wipe only a given file prior to deletion....
dd if=/dev/urandom of=condemned_file.txt
rm condemned_file.txt
/dev/urandom produces lower-quality random numbers than /dev/random, but /dev/random will block when inadequate entropy is available. So it might take weeks to do what urandom does in an hour. urandom will send values from random through a PRNG when random would otherwise block. For the purpose of wiping data, urandom is more than sufficient, especially if you do it many times.
You can also wipe file data after deletion by filling all remaining space on the drive with garbage...
dd if=/dev/urandom of=delete_me.bin bs=1024
rm delete_me.bin
This is not as reliable as wiping prior to deletion, because hard drives typically have a store of unreported sectors that they silently remap over their reported sectors as the drive detects them going bad. If a remap occurs AFTER deletion but BEFORE free-space wipe, the dead sector will still contain file data that will be exempt from the wipe.
Depending on your degree of paranoia, this might be the only acceptable data wipe method: http://eecue.com/c/driveslag
Previous: The state of my exposure to cryptographic libraries
Next: How to write Java code that doesn't suck