-1

I'm going to securely erase the data on a HDD so that I can donate it.

I use shred which is a specialized the tool for this puprose. So I run shred -vfz /dev/sdd1 and it does its job:

shred: /dev/sdd1: pass 1/4 (random)...
shred: /dev/sdd1: pass 1/4 (random)...652MiB/932GiB 0%
shred: /dev/sdd1: pass 1/4 (random)...1,2GiB/932GiB 0%
shred: /dev/sdd1: pass 1/4 (random)...1,8GiB/932GiB 0%
shred: /dev/sdd1: pass 1/4 (random)...2,5GiB/932GiB 0%

However it is painfully slow. After an hour or so, it still could not finish the first pass on a 1TB HDD. So I'm wondering what is the quicker way to do so without compromizing the security of data removal?

P.S. I know that it also can be done using:

dd if=/dev/urandom of=/dev/sdd1 bs=4k

But I'm wondering what will be the differnce in terms of security and speed.

blnks
  • 219
  • 2
    Buy faster hdd or use a big hammer. – Ipor Sircer May 02 '23 at 18:39
  • @ipor Sicer I'm going to donate the disk so neither is an option. – blnks May 02 '23 at 18:45
  • 2
    It's normal. On my 6TB HDD it would take roughly 790 minutes ( smartctl -a, extended self-test recommended polling time ). if not more since its slower writing than reading (SMR). If you need it faster, use it with encryption from day 1 and only overwrite the encryption header. As long as no one has a backup header / knows the master key, the data will be unaccessible then. – frostschutz May 02 '23 at 19:25
  • 1
    Also, a single write pass is enough. If you want to make extra sure, add a read/verification pass. But for that you'd have to use cryptsetup+badblocks instead of shred (or some other source of repeatable random data to allow for verification). And of course, it'll take twice as long since verifying is just as slow as writing... but this time should be worth it if you want to be really super extra sure that all data is gone. – frostschutz May 02 '23 at 19:46
  • 1
    A 1TB disk costs under $30 (US). Is it worth your time to securely erase and donate? Otherwise, just let the shred run overnight. Remove -z since you really do not need to zero out the disk. – doneal24 May 02 '23 at 20:01

1 Answers1

2

Your /dev/sdd1 is only one partition on the disk. You should be considering /dev/sdd as the entire disk.

However, to address your requirement, just write zeros to the disk. Quite sufficient with modern high density recording:

pv /dev/zero >/dev/sdd

Use cat if you don't have pv. (Your dd will be way too inefficient with only a 4KB block size - you should be considering one around 32MB, if not more.)

Chris Davies
  • 116,213
  • 16
  • 160
  • 287
  • Just wondering if writing one set of zeros is secure enough, why shred uses 3 times and writes random bytes? – blnks May 09 '23 at 19:01
  • 1
    Are you looking to protect your data from a State Actor? If so then you might need shred. For the rest of us zeroes are perfectly acceptable – Chris Davies May 09 '23 at 19:31