1

I have an old computer running Lubuntu, and I want to give it away. Before that, I want to make sure none of my data can be recovered from the hard drive.

I tried doing this using shred and dd from a Lubuntu live USB, but keep getting the message:

failed to open for writing: Permission denied

The drive is encrypted. Could that be the problem?

If so, how can I securely erase it? I've heard that without the password it's unreadable anyway, but it seems that someone could use a brute force approach to decrypt it, so that doesn't seem very secure.

Kinami
  • 13
  • If the data are encrypted with a good passphrase, they cannot be read, so they need not be erased. You can simply install Lubuntu and let the installer use the whole drive. If you want to erase everything anyway, you can use DBAN to wipe the hard disk drive. See this link How can I permanently erase data on INTERNAL HDD? – sudodus Jun 11 '18 at 06:21
  • Thank you! I didn't know if people still used DBAN since many of the posts recommending it are years old, and the software doesn't seem to be recently updated. – Kinami Jun 14 '18 at 08:05

3 Answers3

1

No, drive encryption is not the problem. Violations of the rules are the problem.

First, ensure that none of the partitions on the disk is mounted, with

mount | grep -E "/dev"

sudo umount every one of the disk's partitions.

Then, since you're trying to gain direct access to the disk structure, run your command as root:

sudo dd ......

or

sudo shred ......
waltinator
  • 36,399
0

Usually, without the password you cannot or barely recover the data. That doesn't mean, you can't overwrite the data. I'd use dd too. But the question is: did you try it as user or as root? I guess you had the permission denied, because you tried it as user? Try again as root ;)

Neobie
  • 151
0

First of all, +1 to waltinator's answer. If you find yourself at this question and want to run dd, check your permissions.

Second, as is noted in comments, DBAN would certainly suffice and is probably a better option than dd!

Third, as hinted at in comments, if your system is encrypted, wiping it may not be necessary, BUT if you're not going to wipe it, you should, at the very least, destroy the LUKS headers and any backups of the headers you may have made! Once the LUKS headers are destroyed, your decryption passwords (secure or not) will be useless for decrypting data unless a backup of these headers exists and can be restored. The reason for this is that the actual decryption key (the master key) resides only in the LUKS headers in an encrypted form. Your decryption passphrase isn't actually directly used for device decryption. It only serves to decrypt this master key.

b_laoshi
  • 4,660
  • 4
  • 25
  • 46