Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Rep:
military grade disk wipe
Anyone know of a good program that will run within my existing linux OS (aka not a boot disk) that will completly low level wipe a given device?
Right now I'm using a program called copywipe in windows but I'd like to do my drive wiping downstairs in the server room (too hot in my room to have such operation going on) and hook it up to the Linux server instead. I just use a USB connection with an enclosure then point a fan to the drive (gets VERY hot otherwise). The key is I need the wipe to be extremely good so that even if the FBI or other such snoopy organizations got ahold of it, they would not be able to retrieve anything even by removing the platters and analysing the magnetics etc...
This process can take a week per drive, I'm fine with that. I just want to basically fire it up and forget about it then come back and check it later.
Before you say "just physically destroy the drive" these are practically brand new and I rather recycle then throw out.
Just so you know, if your drive was made around 2001 or so and later, it's not vulnerable to laboratory microscope attacks. The technology has changed, and you only need to overwrite data once now. The reason why the government still requires many overwrites is in case someone comes out with a similar attack in the future. At least that's what they said in the SANS GCFA training.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
Quote:
Originally Posted by OlRoy
Just so you know, if your drive was made around 2001 or so and later, it's not vulnerable to laboratory microscope attacks. The technology has changed, and you only need to overwrite data once now. The reason why the government still requires many overwrites is in case someone comes out with a similar attack in the future. At least that's what they said in the SANS GCFA training.
Good to know. I'd still like to know of such software though so I can still do a decent wipe, but keeping that in mind I'll only do it like 5 times.
http://dban.sourceforge.net is a bootable CD which gives you many options for wiping hard drives. One of which, from memory, gives you 7 wipes and rewrites and is, apparently, recommended by the NSA.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
That looks good but I'm hoping for something that I can install/run rather the boot off of. I'll be attaching the disks to be wiped via usb external enclosure and plugging them into my live server, don't want to have to boot out of it for that long and my vmware idea did not work. I tried booting off it using my backup server which I can afford to have down for a few days, but it would not recognize usb, guessing it runs at a rather low level dos'ish type format, and not full blown linux with all drivers etc.
Well, there are a lot of tools that could help you.
For example, I always shred my data instead of rm-ing it. The shred utility is available on most *NIX-es nowadays. But if you want to do a full disk wipe, you can use the wipe utility Debian provides or just dd-ing it or shred-ing from a LiveCD with some Linux distribution on it.
Couldn't you do something like dd if=/dev/random of=/dev/usbdevice?
I think that's all those shredding/wiping programs do. They just organize how many cycles are done, and what is in each cycle. You could do 8 full wipes to a disk with some being all 0s, some being all 1s, some being random, and some being specific patterns.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
Quote:
Originally Posted by Meson
I think that's all those shredding/wiping programs do. They just organize how many cycles are done, and what is in each cycle. You could do 8 full wipes to a disk with some being all 0s, some being all 1s, some being random, and some being specific patterns.
Can someone explain that command in details? I have an idea of what its doing but the --help file gives me absolutely no info that helps me understand it. I could just write a bash script and have some paterns setup in advanced. Or would copying /dev/urandom a couple times be very efficient?
Right now I found a program called wipe so I did "wipe /dev/sdc" and its at 2% since like, this morning lol.
I figure the odds of goverment agencies getting ahold of the drive (or people with same ability as them) is VERY slim, but rather not take chances. And I rather stay green and have someone else put the drive to good use, then to just smash it. Though smashing it and doing other physical destruction *IS* much more fun. But I'd feel bad doing it to 3 rather new 500GB drives. :P
'dd' would be the simplest and most effective. Software like 'wipe' makes too many assumptions and doesn't necessarily work, nor would it affect any blocks which it believes is unused.
So:
dd if=/dev/random of=/dev/your_device_to_be_wiped
You can use 'urandom' instead of 'random' if it is faster.
Just run that dd line a few times and everything's gone; better if you can script it because it can take a few hours per pass. Some 'random' devices are pretty slow, so you'd better check on the progress of the 'dd' - otherwise it can take you months to do a single pass. You can check on dd's progress via:
I agree about dd. It is the easiest and best way. Just set up a bash script to run it as many times as you think necessary. If you really want to, you could set up pattern files and write those to the drive, but I would just use /dev/urandom a few times.
The NSA specification was something like 8 passes. Two or three should be good though.
If you're worried about time definitely use urandom because if you walk away from your computer overnight there might not be that much activity on /dev/random. To counteract this, you could try shuffling a playlist of all your music - then /dev/random will most likely not be your weakest link.
Why not just copy a partition or 2 or 3 & maybe a bunch of jpgs or mp3s from a system you don't care about. Maybe install Vista. It will look like the disk is just a backup or was removed from a working system. An empty, wiped disk would raise some suspicions all by itself that a disk with innocuous data would not.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.