Securely Erasing a Full Terabyte
December 13, 2012
A word of warning: if you ever have the desire to securely erase a large hard drive, do so before you remove it from the computer; don’t wait until you remove it and try to do this over USB.
Recently, I replaced a 1 TB hard drive in a Linux server on my home
network. I copied the data, swapped out the drive, and hooked it up
using a USB dock so that I could run
wipe on it before drilling a
couple of holes through the platters and disposing of it. This drive
contained sensitive personal and financial information, so, short of
sandblasting the platters, or perhaps shredding or melting it, this
seemed to be a fairly secure way to dispose of it.
wipe command writes over the entire drive many times using
patterns designed to make it unlikely that the data could ever be
recovered, even by someone equipped with a magnetic force microscope.
Here’s an excerpt from the
wiperepeatedly overwrites special patterns to the files to be destroyed, using the fsync() call and/or the O_SYNC bit to force disk access. In normal mode, 34 patterns are used (of which 8 are random). These patterns were recommended in an article from Peter Gutmann entitled “Secure Deletion of Data from Magnetic and Solid-State Memory”.
It turns out that running
wipe on a 1 TB drive connected via USB is
no joke. I started running it two weeks ago and it just finished
the last of the 34 passes.
As a side note, this is probably the first time I’ve proactively
replaced a hard drive, not as an upgrade, but as a preventative
measure. The drive in question was about five years old and seemed to
be nearing failure. This is in contrast to the usual situation, in
which I’m replacing a drive and attempting to recover data after it
fails. In order to stay on top of things, I’m now using
smartmontools to monitor the health of the drives
in this server.