Home » Articles » Secure Data Wiping on GNU/Linux
Click Here To Hide Tor

Secure Data Wiping on GNU/Linux

In this article, I’m going to be outlining how to securely erase data on a device while running a GNU/Linux-based operating system. This process can be used to wipe a device, such as a USB drive, while running your normal GNU/Linux operating system; or it can be used to wipe your hard drive from a GNU/Linux live CD/USB.

There are many reasons you might want to erase data from a device. It’s possible that you are selling an old computer, and need to eliminate private data. It’s possible your identity has been compromised, and you need to eliminate evidence. Whatever the situation is, simple deletion of files will not securely erase data. If you truly need to erase data from a device, you will need to wipe the device. What’s the issue with simply deleting your data? Deletion of a file does not actually remove the data from a disk; it only deletes the entry in the filesystem metadata. This informs the operating system that the space is free and can be written to. The actual raw data is still located on the disk. Even if a disk is reformatted or repartitioned, the raw data may still remain on the disk. With widely-available data recovery software, most of this data can be quickly recovered. The only way to assure that data cannot be recovered is by verifying that all space on a disk, including inodes, are overwritten with new data.

How does data wiping work? The term “wiping” is actually a bit misleading, because wiping is not just the removal of data. Wiping software actually overwrites all sectors of a disk or partition, ensuring that none of the original raw data remains. Software generally overwrites this data with a combination of zeros and random numbers. These random numbers are produced by a random number generator. /dev/random is a random number generator in the Linux kernel. When /dev/random is read, it will return pseudo-random bits generated from sound produced by device drivers. /dev/random and /dev/urandom are both commonly used to produce pseudo-random bits. However, /dev/urandom reuses the bits in the internal pool to more quickly produce more bits. /dev/urandom is generally considered to be less secure than /dev/random; however, it is much faster and less resource-intensive than /dev/random. For something like cryptographic key generation, you would want to use /dev/random. However, for something like data wiping, the use of /dev/urandom is considered secure.

The wiping utility of my choice is sfill, a small command-line utility that is lightweight but very effective. If you are running a Debian-based distribution, the package should be included by default. Otherwise, this tool is included in the ‘secure-delete’ package. If you are wiping the primary hard drive in your computer, you will need to use a bootable Linux Live CD. You also need to locate the partition or disk you want to wipe (ex. /dev/sda2). For this, you can use GParted or any partition editor. At this point, be sure to verify that you have identified the correct disk. Once you locate this, you will need to run sfill from the command line, pointing it to this disk. The default parameters are secure, so you only need to apply additional arguments if you want to use verbose mode or want additional options. The technical process used by the software is outlined in the sfill Manpage. sfill first overwrites data with zeros. This is only one pass. The next 5 passes overwrite the data with random data from /dev/urandom. After this, data is overwritten 27 passes with values defined by Peter Gutmann, the developer of sfill. The next 5 passes again overwrite with data from /dev/urandom. After this process, temporary files are created to fill inode space. Inode stands for “index node”, and these are used to index the files on a partition. After all free space on the partition is filled, the temporary files are removed and the wiping is finished. At this point, the data wiping process is complete. You can now be confident that your data cannot be recovered.

This article will be added to the security tutorials section.

7 comments

  1. Does sfill open and overwrite hidden sectors on hard drives?

  2. Wiping more than ones is actually useless and just a waste of time. Gutman Method is outdated and was only relevant in the decade when it was created.

    Please read

    Overwriting Hard Drive Data: The Great Wiping Controversy

    Craig Wright,
    Dave Kleiman,
    Shyaam Sundhar R.S.

    Published in 2008

    The chance to restore even 1 complete byte of Data (that would be 1 letter!) is a few millions to one, to get even a single 8 letter word (without context) is almost impossible.

    And before you think about it, you should simply always encrypt your whole drive using something like truecrypt (7.1a is still safe to use) or diskcrypt or DriveCrypt Plus Pack or something similar. (Choose to wipe free space when encrypting the first time)
    That way you won’t even have to wipe the whole disk, just wipe the encryption header.

  3. Nice article, personally I use ‘wipe’ to securely erase data. Works nearly the same as sfill, and seems to be more widely available in GNU/Linux repos.

  4. I agree with Andreas. To overwrite you harddisk 33times how you suggested in the article is just a waste of time. It would take days or weeks with bigger hard disks.

    Alternative way:

    1. Boot from Gnu/Linux CD/DVD of your choice.
    2. Write the whole disk of you choice with zeros using the dd command.http://how-to.wikia.com/wiki/How_to_wipe_a_hard_drive_clean_in_Linux
    3. dd unfortunately does not show it’s progress. Therefor combine step 2 with http://linuxcommando.blogspot.de/2008/06/show-progress-during-dd-copy.html.

    (This method of course requires some more reading on how to detect you harddrives id, the parameters of ‘dd’ and so on.)

    dd stands for data definition: https://www.gnu.org/software/coreutils/manual/coreutils.html#dd-invocation

  5. Now do that while the police are coming threw the door!
    Sit beside a fire place, lob the USB in there, it work for me this time of year……..
    Can’t think what else I’d do and not a hope of ‘wiping’ your drive if you are being raided, if you got time you can wipe anything beyond recognition.
    What would you do to destroy a USB if there was a raid?

  6. Rotfl… wiping when there’s a raid. Clearly this is not the scenario that is relevant here. During a raid you can smash an hdd with a hammer and hope that its broken as much as possible. Only prior encryption would save you in such case.

    Wiping is meaningful in case when you’d want to e.g. sell a drive to somebody. It doesn’t take that long (wiping of a 300GB laptop drive took me about 3 hours a few months ago), even compared to zeroing (dd can be quite slow slow too).

    All in all an encrypted filesystem is the better option, however it’s not always possible (e.g. a netbook with a slow intel atom cpu can’t cope with an encrypted hdd; or you can’t have encrypted disks in a NAS). So even today there are viable scenarios when wiping is relevant.

  7. If your adversary can recover anything wiped from a drive after 1 pass then don’t bother with dozens of passes. Physically destroy the drives and that’s it.

    Besides overwrite all you want you aren’t getting to the sectors invisible to your os and used to remap bad sectors.
    Hdds have some and ssds have even more.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *