wipe SDA using DD command

Question

I have a question about secure delete. SDAx is ext4 and SDA5 is the root.

Can I run dd if=/dev/urandom of=/dev/sda bs=4096 while I'm connected to the server through ssh or from console? Or do I need have a live boot cd in order to do that? Or maybe I can destroy only /dev/sda5 ?

And what's the difference between these 3 commands - which one I should use to destroy the data safely so its unrecoverable.

dd if=/dev/urandom of=/dev/sda bs=4096

dd if=/dev/random of=/dev/sda

dd if=/dev/zero of=/dev/sda

Dont use `dd`. Overwriting sda destroys all partitions on the hard disk. Use `shred` instead telling which partitions needs to be erased (`/dev/sda5` in your case). — Lasse Michael Mølgaard, Oct 29 '19 at 09:46
I read that shred doesn't work as expected on ext4 jounrnal file system. Is that the case? — user630702, Oct 29 '19 at 10:03

score 0 · Accepted Answer · answered Oct 29 '19 at 09:57

0

hred -n1 /dev/sda" is faster and more reliable then the the above methods.

Using /dev/random will likely not complete in a reasonable time because there is not enough entropy. Using /dev/urandom will fix that by creating more randomish stuff based in the real randomness it can get.

Using bs=4096 sets a chunk size. To a point larger chunk sizes are better.

Wiping with /dev/zero is probably adequate, but there may be some theoretical attacks (amplify the trace signal) that might theoretically yield some data.

Using a boot disk is the most reliable way to go, dd'ing a live partition is not a great idea as it could cause a freeze before system is finished.

A fair partial solution to remotely erade data might be to remove all user info, then dd if°/dev/urandom of=large.file; RM large.file and then use shred /dev/SDA - this will give greater certainty user data is deleted.

Note that there may Stoll be residual data on the drive (like around sectors marked bad) and even more so with SSD's due to over provisioning.

answered Oct 29 '19 at 09:57

davidgo

5,964
2
21
38

I read that shred doesn't work as expected on ext4 jounrnal file system. Is that the case? – user630702 Oct 29 '19 at 10:03
I'm thinking of running `dd if=/dev/urandom of=/dev/sda bs=1024 count=1 ` while I'm on centos resuce mode using ISO. Any objections or suggetsions. It doesn't matter if it takes some time but just need to ensure that the data is unrecoverable. – user630702 Oct 29 '19 at 10:04
I meant `dd if=/dev/urandom of=/dev/sda bs=1M` – user630702 Oct 29 '19 at 10:17
Does it make a difference if I delete the files and then run `dd` command or without deleting the files and then run `dd` command? like for example they can see the file names if someone tries to recover since I did not delete the files before running dd command. – user630702 Oct 29 '19 at 14:14
If you are running from a live system, running dd on the partition will cause instability and probably a crash. This could happen before dd is finished, leaving data undeleted. (By deleting the files then creating a new file as per my solution you are overwriting that space) – davidgo Oct 29 '19 at 17:12
Using dd if=/dev/urandom of=/dev/sda bs=1M will work fine (but DONT use count=1 as this will only overwrite the first Meg of data and someone using pjotorec can easily recover some data). Using shred -n1 on a partition (ie /dev/sda) is A LOT faster though. I'm unaware if shred not working on ext4, but it foes not matter because you are running it on the disk, not a file, so its bypassing ext4 - ie its agnostic of filesystem as it works at a lower level. – davidgo Oct 29 '19 at 17:17

wipe SDA using DD command

1 Answers1