Image of the glider from the Game of Life by John Conway
Skip to content

Various Ways To Shred A Drive

I've been tasked at work with shredding drives. Not physically, mind you, but digitally. Usually, I grab a copy of the latest version of Knoppix, boot up, pull up a terminal, and grab GNU Shred. Something like:

shred -n 3 -v /dev/sda

It works well enough. However, it doesn't display a real useful progress meter, other than how far it's done in the wipe, thus leaving it up to you to figure out the speed, while filling up your back scroll in the process. There must be a better way.

I used to "leave my mark" (much like a dog marks a fire hydrant), however, this is quite slow. There are other methods, such as using /dev/urandom, but the entropy from urandom relies on SHA1. While fast, it's not the speed demon that is AES or other algorithms. There's /dev/zero, but how do I get random bits from zeros? And more importantly, does it push the drive to it's bandwidth threshold? Of course, I've heard about DBAN, but I've had issues with it booting on certain hardware. Lastly, I would like to have a good progress meter as the data goes down on the drive.

Here's a solution that a friend of mine in an IRC channel suggested:

openssl enc -aes128 -k "foo" < /dev/zero | pv -trb > /dev/sda

The great thing with this command is two fold:

  1. It's fast. It pushes the drive to as fast as it can write data.
  2. It provides a convenient progress meter with "pv"

Again, I'm shredding drives with pseudorandom data. I'm not too concerned about the security of the bits going down on the platter. Per corporate regulation, I need to do 3 passes, and I'm confident that the bits coming out of the pipe from OpenSSL using AES-128 will be sufficient. So, for doing 3 passes, I can script it easily enough:

for I in 1 2 3; do
    openssl enc -aes128 -k "$I" < /dev/zero | pv -trb > /dev/sda

That works. 1 drive down, 24 to go...

If you have various ways you shred your drive, let me know, and I'll post it below.

{ 12 } Comments