When decommissioning old PCs, you should take care about the data that is stored on the harddrive. Plain formatting or deleting the files will only take away the directory-structure. The data is still there on the drive.
stw@vivid:~> echo >Secrets.txt "Very secret secrets..." stw@vivid:~> cat Secrets.txt Very secret secrets... stw@vivid:~> su Password: vivid:/home/stw # strings /dev/hdb1 | grep "secrets\.\.\." Very secret secrets... vivid:/home/stw # rm Secrets.txt vivid:/home/stw # ls Secrets.txt /bin/ls: Secrets.txt: No such file or directory vivid:/home/stw # strings /dev/hdb1 | grep "secrets\.\.\." Very secret secrets...
While the file cannot be accessed using shell-command, the data can be extracted by accessing the partition (in this case: /dev/hdb1) or even the whole drive (/dev/hdb). The string command extracts any plaintext found on the drive, and grep limits the output to interesting strings of text.
Due to the techniques used to write data to magnetic disks, overwriting disks with zeros and ones is not as efficient as overwriting with random data. (Peter Gutmann published an excellent paper on Secure Deletion of Data from Magnetic and Solid-State Memory. Be sure to read the epilogue.). So why not use use Linux to do it for free?
There are special devices that can be used to generate data which is usefull for this task: /dev/zero and /dev/urandom.
While /dev/zero gives you as many zeros as you want, /dev/urandom gives as many random values as you ask it for. Using the dd-command, we can wipe out any data found on the drive.
stw@vivid:~> dd if=/dev/urandom of=devicefile 25119+0 records in 25119+0 records out 12860928 bytes (13 MB) copied, 4.52215 seconds, 2.8 MB/s
You will need to replace the regular file named “devicefile” with the real disk you wand to erase (e.g. /dev/hda). You will also need to do this as root. You will also need to be aware of the fact that you can cause a lot of damage to data on the disks inside the PC you are doing this on. But then again: That’s the purpose of this exercise, right?
First, I compared the throughput when writing to the special device /dev/null, aka “The Bitbucket”. Data written to /dev/null is simply discarded. That’s it. No disk. No storage. SHould be the fastest write in town :)
stw@vivid:~> dd count=200000 if=/dev/urandom of=/dev/null 200000+0 records in 200000+0 records out 102400000 bytes (102 MB) copied, 34.5185 seconds, 3.0 MB/s stw@vivid:~> dd count=200000 if=/dev/zero of=/dev/null 200000+0 records in 200000+0 records out 102400000 bytes (102 MB) copied, 0.219248 seconds, 467 MB/s stw@vivid:~>
These tests shows that generating random numbers is much slower than generating zeros. This is no surprise.
The next series of test writes the data to a file. This will show how much of the speed actually can be used:
stw@vivid:~> rm devicefile stw@vivid:~> LANG=C dd count=200000 if=/dev/urandom of=devicefile 200000+0 records in 200000+0 records out 102400000 bytes (102 MB) copied, 36.4169 seconds, 2.8 MB/s stw@vivid:~> rm devicefile stw@vivid:~> LANG=C dd count=200000 if=/dev/zero of=devicefile 200000+0 records in 200000+0 records out 102400000 bytes (102 MB) copied, 1.29428 seconds, 79.1 MB/s stw@vivid:~>
This is also the expected result: While /dev/zero can max out the harddrive, the scrubbing with random data is still limited by the speed of /dev/urandom.
You might have noticed that there is another special device: /dev/random
This one is not well suited for the deletion of gigabytes of data. It is much slower than /dev/urandom and can even slow down to a complete stop.
/dev/random is built to generate very good random numbers, using a so-called entropy-pool to ensure randomness. Amoung other inputs, mouse-movement and keyboard activity fill up that entropy-pool. If the pool is empty, /dev/random will wait until it is filled again, ensuring random-data that is suitable for cryptography.
/dev/urandom will continue to deliver random data, even if the entropy-pool is drained. In this case, the quality of the randomness decreases and cannot satisfy cryptographic standards anymore. If that is a problem for you when scrubbing a harddrive, then you should probably open the drive after scrubbing, scrub it with a panwasher, cut it into pieces, burn it, melt it, put the remainders into a block of cement and use that to build your new house… For the paranoid, security is impossible.
The rest of us should be ok with /dev/urandom
Copyright (c) by the authors.
Prior to editing, authors agreed to license their contributions by the terms of the GPL.
See our licensing page for details.
Linux® is a registered trademark of Linus Torvalds.