Wiping a disk securely

Sometimes in the course of work, it’s necessary to securely wipe a disk. A drive containing confidential information may require replacement. Assuming you caught the problem before the drive died for good, you can wipe it before sending it back to the manufacturer.
Programs to securely wipe a drive cost money. Sometimes big money. Fortunately, it’s easy to do it with Linux.

But you don’t have a Linux box and the big boss won’t let you have one, you say? You don’t need one. All it takes is a single-floppy distribution.

I use the asmutils demo disk, for two reasons. One, it’s small, so it downloads really fast. Two, it boots up really fast. Three, the utilities are dumb and minimalist, so they don’t get bogged down in the details, which is important when you’re dealing with failing hardware. Four, many single-floppy distros don’t provide everything you need, and the asmutils demo provides most of what you need and the means to make what it doesn’t provide.

OK, that was four reasons. I’m sure you’re terribly upset.

(Side note: The asmutils demo disk is 619K in size. Most of that is the Linux kernel. The rest of it is 114 standard Unix utilities, written in 32-bit x86 assembly language. A great many of them are under 1K in size. The shell is a mere 4.5K and it’s surprisingly usable, with history and command completion.)

Making the asmutils disk can be a challenge. Fortunately there’s a Windows disk utility that’ll directly read and write those raw images.

OK, so you’ve got your 619K Linux distro, and you’ve got it written to disk. Boot a system with the to-be-wiped drive in it, then type the following commands:

mknod /dev/zero c 1 5
mknod /dev/random c 1 8
mknod /dev/urandom c 1 9

Now you can overwrite the drive.

dd if=/dev/random of=/dev/hda

This command will overwrite the primary master hard drive with garbage data.

dd if=/dev/urandom of=/dev/hda

This command will overwrite the primary master hard drive with slightly less random garbage data. It’ll also be faster. It’s more than sufficient for our purposes–close approximations of true randomness are needed for encryption, but they’re not necessary for data destruction.

dd if=/dev/zero of=/dev/hda

This command will overwrite the primary master hard drive with zeros. Primary slave is /dev/hdb, secondary master and slave are /dev/hdc and /dev/hdd, respectively.

For a secure wipe, overwrite the drive seven times. This command line will do the trick.

dd if=/dev/urandom of=/dev/hda ; dd if=/dev/zero of=/dev/hda ; dd if=/dev/urandom of=/dev/hda ; dd if=/dev/zero of=/dev/hda ; dd if=/dev/urandom of=/dev/hda ; dd if=/dev/zero of=/dev/hda ; dd if=/dev/urandom of=/dev/hda

Yeah, it’s obnoxious to type, but then you can leave it and if it takes all weekend to overwrite seven times it doesn’t matter.

3 thoughts on “Wiping a disk securely

Comments are closed.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux