3 Best Ways to Securely Wipe Disk in Linux

3 Best Ways to Securely Wipe Disk in Linux Using Command Line

This article shows you the three best ways to completely erase data from your disk using the dd, shred and wipe command.

Sometimes we have to erase all the information from our disk in a way that ensures it is impossible to recover. The most typical reason for completely and irreversibly deleting a device is when, for example, it is to be given away or sold.

Many users probably believe that deleting their data using the file manager or the rm command ensures security. The truth, however, is slightly different.

Using the rm command or a file manager to delete files just removes the pointer to the filesystem. So the original data is still available. As a result, with a high probability, a considerable portion of this data can be recovered using specific techniques.

However, wiping the disk with one of the following commands, shred, dd, or wipe, assures that the information you erased is unrecoverable. So, let us show you how to do it.

Erasing Disk Using shred Command

We start with the shred command because it is one of the best ways to protect your private data on a Linux system.

The command helps in overwriting the data several times, such that it can only be recovered with extreme difficulty, if at all, using specialized hardware. That is why it is frequently used to erase data securely.

Because shred is part of the coreutils package in Linux, you most likely have the command available by default on your system. It uses three passes by default, writing pseudo-random data to the device during each run.

For example, if you want to erase a device that is present as /dev/sdb on your Linux system, the command would be as follows:

sudo shred -v /dev/sdb
Erasing disk in Linux using shred command

We’ve included the -v (--verbose) option to see the disk wipe operation in detail.

However, the time required to complete these three subsequent cycles will be lengthy. Fortunately, we can specify shred to perform only one loop using the -n (--iterations=) option.

sudo shred -v -n 1 /dev/sdb
Erasing disk in Linux using shred command

Of course, we can improve the reliability of wiping data from disk by adding a few more options to the shred command.

First, we’ll specify that the disk is overwritten with randomly generated data by using the --random-source=/dev/urandom option. Linux’s special file /dev/urandom provides an interface to the kernel’s random number generator.

Finally, we’ll use the -z (--zero) option to overwrite everything thus far with 0.

sudo shred -v -n 1 --random-source=/dev/urandom -z /dev/sdb
Erasing disk in Linux using shred command

Running this command gives us high confidence that restoring the data previously saved on it is virtually impossible once the disk has been erased in this manner.

Erasing Disk Using wipe Command

You can completely erase data from your disk with the wipe command. As the name suggests, the command is used to wipe data from a disk.

The wipe command rewrites the sector and flushes the cache, making data recovery impossible or extremely difficult.

However, on most Linux systems, the wipe command is not installed by default, so you will need first to install it using your package manager, such as APT, DNF, Pacman, etc. Then, please search for a package named wipe and install it.

After that, using the wipe command is relatively straightforward. Just run it, followed by the path to the disk.

sudo wipe /dev/sdb

Erasing Disk Using dd Command

The dd command is another frequently used method for erasing a disk in Linux. Although the command is not explicitly meant to erase data from disk, like shred and wipe are, it is a widely used approach among Linux users.

For example, run the following command to securely and reliably erase all available information from a disk presented as a /dev/sdb device on your Linux system:

sudo dd if=/dev/urandom of=/dev/sdb bs=512 status=progress

The wiping process is successfully finished when dd reports “No space left on device” and returns control.

Wiping disk in Linux using dd command

Let’s break down the syntax:

  • if – The input file, we’ve used /dev/urandom to produce random data.
  • of – The output file, in that case – our disk.
  • bs – This is the block size (in bytes).

It should be noted that the size of the given block size significantly impacts the speed with which the operation will be completed. For example, the process may take days to complete if you choose the default block size value of 512 bytes and erase a multi-terabyte disk.

Therefore, we recommend using a bigger number for the block size when erasing the disk with the dd command, such as bs=4096 (4 KiB). As a result, this will significantly accelerate the process.

sudo dd if=/dev/urandom of=/dev/sdb bs=4096 status=progress
Erasing disk in Linux using dd command

As can be seen, the operation here takes only 29 seconds, which is seven times faster than the 210 seconds required for an equivalent execution with a block size of 512.

In addition, similar to the above approach, the command below will overwrite the entire disk with strings of zeros rather than producing random data.

sudo dd if=/dev/zero of=/dev/sdb bs=4096 status=progress

However, if security is your top priority, using /dev/urandom as more reliable is the way to go.

Conclusion

This guide shows you how to securely and reliably delete data from your hard disk using three basic Linux tools: shred, wipe, and dd. Whichever method you choose, you can be sure that the information you remove will be nearly impossible to recover.

However, we recommend using the shred command as your first choice for safe disk wiping under Linux.

We hope you found this guide helpful. We’d appreciate it if you could share your preferred approach to disk wiping in Linux in the comments below.

2 Comments

  1. The DBAN live ISO has all what’s needed to erase disk or files too.
    Interesting project but infortunatly has forked as blanco (non-free) wich is the same but with more functionalities.

    • Amen, I have seen to many people wipe the wrong disk with the command line, and then go to a forum for help. Even with DBAN, check, then check again, then check again, and then be sure before you hit wipe.

Leave a Reply

Your email address will not be published.