Secure Hard Drive Wipe

I’ve been wip­ing a lot of hard dri­ves recently. I use shred to do the job.

shred -n6 -z -v /dev/sdx

What do you do to your dri­ves before dis­pos­ing of them?


  • dd if=/dev/zero of=/dev/whatever BS=1G

    rel­a­tively quick and nearly guar­an­teed to be secure.

  • Yeah that shred com­mand basi­cally does 6 passes of ran­dom writes to the device then comes back and writes a sin­gle pass of zeros. Maybe I am a bit para­noid. But then again just because you are para­noid doesn’t mean they aren’t out to get you.

  • I’m sure the pro­gram works well, but when­ever I think about pro­grams promis­ing to do impor­tant things with ran­dom num­bers, I think of this–10-25/

  • I use DBAN

    (Great blog, BTW)

  • Thanks Joe, I hope you keep com­ing around!

    mmm won­der if the isp used dban on the wrong drive? :/

    The web host­ing provider that was run­ning acci­den­tally deleted the DBAN web site, so we are restor­ing a backup to a new server right now. Check later today (Wednes­day August 26th 2009) and every­thing should be back online.

    Tech­ni­cal sup­port and account man­age­ment already know about this prob­lem. This out­age only affects non-essential mate­ri­als that were pub­licly posted.

    – Darik

    source: (Aug 26th, 11:05am CST, 2009)

  • My com­pany uses DBAN, and it’s good enough that they use it on old dri­ves from their POS reg­is­ter systems.

  • dd if=/dev/urandom of=/dev/sdX ; dd if=/dev/zero of=/dev/sdX ;

    Even that’s overkill. Either one is more than adequate.

  • Dusty Wilson Ubuntu Unknow wrote:

    I just repar­ti­tion, refor­mat, and reuse. Unless it’s dead, it gets used some­where. If it’s dead, it gets phys­i­cally destroyed.

  • Jinks Linux Unknow wrote:

    Always a nice read in this con­text: (I couldn’t find a bet­ter ver­sion, sorry.)

  • I haven’t seen any­thing that indi­cates that a sin­gle ‘dd’ isn’t ade­quate for any nor­mal dis­posal process, or that nulls are worse than bytes.

    The error that you need to com­pen­sate for isn’t that dd might leave recov­er­able data, it’s that you might for­get to dd a drive.

    So the ideal process would be to have per­son ‘a’ dd each drive, with nulls, and have per­son ‘b’ cat /dev/sdx back to the ter­mi­nal and make sure that no bytes show up. (i.e. per­son ‘b’ needs to check that per­son ‘a’ ran dd.)

    A sim­ple track­ing sys­tem (an ‘x’ mark on the drive) ensures that ‘a’ and ‘b’ both did their jobs.

  • I have never seen any­one recover from writ­ing over a sec­tor either. Unfor­tu­nately I am in no posi­tion to dic­tate cor­po­rate pol­icy so I just look for a tool that makes it as easy as possible.

    Nice link, I had for­got­ten about the challenge.

  • Nick Mac OS X Firefox 3.5.2 wrote:

    Another vote for DBAN.

  • Robert Mac OS X Safari 4.0.3 wrote:

    It is not a mat­ter of read­ing from an over­writ­ten sec­tor. It lit­er­ally takes low level hard­ware meth­ods to retrieve data from “slightly” over­writ­ten hard drive sec­tors. The OS reads the last thing writ­ten.… With that in mind, the “dd” vs. “shred” argu­ment comes down to what you have on the hard drive and whether some­one who could get it actu­ally wants the info.…

Leave a Reply

Your email is never shared.Required fields are marked *

To submit your comment, click the image below where it asks you to...
Clickcha - The One-Click Captcha