Tuesday, September 26, 2017

Securely erase hard drive using the Disk Utility


I am planning on selling my laptop. So I formatted my disk using the Disk Utility and chose to overwrite the disk with zeroes.


Two questions:


Is this the same as overwriting the disk using dd?


sudo dd if=/dev/zero of=/dev/sda

And is this method secure enough so that buyers can't easily recover the previous data? Or should I take additional measures (like encrypting the disk, destroying the headers, etc.)?



Yes, the disk utility uses a method similar to the one with dd you describe, or a faster and more secure one more like:


dd if=/dev/urandom of=/dev/sda bs=1M

This introduces a lot more fuzz to the overwriting pattern than zeros only, which should be more difficult to restore but not noticeably slower to perform.


Some people claim, this is not enough and one should overwrite hard disks multiple times and with more elaborate patterns (scrub(1) can do both of that as per the other answer), but most will say once is enough, if an attacker wants to restore more than a few bits with a significant chance.


Edit: Apparently /dev/urandom peaks at ~13 MiB/s on at least two systems including mine. Therefore simonp suggested a different approach using openssl(1):


head -c 32 /dev/urandom | sudo openssl enc -rc4 -nosalt -pass stdin -in /dev/zero -out /dev/sda

No comments:

Post a Comment

11.10 - Can't boot from USB after installing Ubuntu

I bought a Samsung series 5 notebook and a very strange thing happened: I installed Ubuntu 11.10 from a usb pen drive but when I restarted (...