Re: Question on shredding a terebyte drive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02Sep2009 22:17, Marko Vojinovic <vvmarko@xxxxxxxxx> wrote:
| On Wednesday 02 September 2009 21:32:32 Dean S. Messing wrote:
| > I have a terebyte sata drive that I need to securely wipe clean.  It
| > originally had 2 partitions.  I deleted them using `fdisk', rebooted,
| > and then as root ran
| >
| >     shred -vz /dev/sdd
| >
| > The drive is capable of about 60MB/sec, but shred is only "shredding"
| > about 25MB every 5 seconds according to its output.  Since the default
| > number of passes is 25, this works out to about 5 days.
| 
| I have always wondered about this, why not just do a rm -rf *  on the drive, 
| then put one big file on it (some divx movie or such), and copy it over and 
| over under different names until the drive space gets exhausted completely? 
| This can easily be scripted, and I believe it would work as fast as possible 
| for a drive of given capacity.

Copying /dev/zero is a fast way to get an arbitrary amount of data (my
standard anecdote involves emptying it, which I did once on an ancient
system). It will be faster than copying a real file since the "read"
part is free. So you do the rm, then:

  cat /dev/zero >/mnt/the-drive/ZEROES

On a conventionaly filesystem that will do what you outline.

Of course, since the OP is wiping the drive completely it will be even
faster to do this:

  umount /mnt/the-drive
  cat /dev/zero >/dev/sdd

HOWEVER:

The purpose of shred is to rewrite the data many times with random data,
since it is technically possibly to read "old" patterns from the drive
with the right (expensive and special) hardware.

If shred is compute bound (he say it is) he may be better off running:

  cat /dev/urandom >/dev/sdd

25 times instead. It should be faster, possibly a lot faster, and be
just as good for security purposes. (I would think; if the purpose is
solely to erase the drive beyond recovery.) It may deplete your machines
random bit pool, so don't generate an new ssh or GPG or SSL private keys
during or soon after this process.

Cheers,
-- 
Cameron Simpson <cs@xxxxxxxxxx> DoD#743
http://www.cskk.ezoshosting.com/cs/

If it's matrix-based, you're going to get some serration.
- overhead by WIRED at the Intelligent Printing conference Oct2006

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux