1

I am currently using sfill to wipe free space in my root partition ( /dev/sdaX). Its default setting is a 38 pass sudo sfill -v directory/mountpoint but its taking hours to complete this step. I then tried to use less secure three pass method sudo sfill -lv directory/mountpoint the problem is its taking fairly the same amount of time to wipe free space as the default. It is due to dev/urandom which peaks at 13MB/s. While searching for an alterntive method to speed up free space wiping step, I reached this link which uses openssl to randomize the wipe.

 openssl rand $(</proc/partitions awk '$4=="sda" {print $3*1024}') >/dev/sda

Is this a good way to wipe free space in root drive or other safer method exists? In the above command sda is our root partion sdaX, right?

Pablo Bianchi
  • 15,657
Eka
  • 2,967
  • 12
  • 38
  • 60
  • 1
    On my machine dd if=/dev/urandom bs=1M count=1000 | pv >/dev/null shows that /dev/urandom runs at least at 170MB/s (about 5 seconds/GB). dd if=/dev/urandom bs=1M of=/somebigfile is about as fast as you can get. – xenoid Apr 14 '18 at 07:01

1 Answers1

1

First and foremost, wiping your drive 35+ times is completely unnecessary. The Guttmann Method (35 wipes) is something designed to wipe any drive, from brand-new modern spinning drives to massive ancient 5MB behemoths that are more likely to store resident data. With that said, wiping your drive once or twice is pretty much the best you can do. You have a modern magnetic drive.

The sfill command is... silly. See the manpage for what I mean. If you only need to wipe the drive out with zeros, you can just use the (far simpler) sfill -llz /path/to/your/mountpoint to wipe out all free space with zeros, once. This (according to Guttmann himself, see above link as well as right here) is more than good enough for the vast majority of systems. As you're writing zeros instead of random data, your only speed limit will be your drive's speed.

If you need plausible deniability ("No, officer, I didn't wipe this hard drive"), you can use the sister command sfill -ll /path/to/your/mountpoint to wipe your drive in a single pass with random data. This will be slower, but just as secure for your system as any other wiping method with the addition of possible plausible deniability.

However, if you really need to ensure that no data is absolutely recoverable from this drive (in theory or otherwise), use a drill.

Kaz Wolfe
  • 34,122
  • 21
  • 114
  • 172
  • For true data disposal, I advise dropping the drive in molten metal ala Terminator style so the physical disk itself cannot be read. If data is truly sensitive, I would not take the easy route in absence of known data recovery methods. See: https://hsmr.cc/palinopsia/ ; as for actual discussion, is DBAN no longer the preferred method for drive wiping? – avisitoritseems Mar 17 '19 at 04:43
  • 1
    @avisitoritseems DBAN is still a great tool for this sort of thing, as long as you don't mind the reboot. Feel free to use it - it's secure, fast, and extremely reliable. – Kaz Wolfe Mar 18 '19 at 15:09