this post was submitted on 16 Dec 2023
56 points (95.2% liked)

Selfhosted

40152 readers
455 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
56
Proper HDD clear process? (poptalk.scrubbles.tech)
submitted 11 months ago* (last edited 11 months ago) by [email protected] to c/[email protected]
 

Usually my process is very... hammer and drill related - but I have a family member who is interested in taking my latest batch of hard drives after I upgraded.

What are the best (linux) tools for the process? I'd like to run some tests to make sure they're good first and also do a full zero out of any data. (Used to be a raid if that matters)

Edit: Thanks all, process is officially started, will probably run for quite a while. Appreciate the advice!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 41 points 11 months ago (4 children)

Dd. It writes on disk at a block level and doesn't care if there's any kind of filesystem or raid configuration in place, it just writes zeroes (or whatever you ask it to write) to drive and that's it. Depending on how tight your tin foil hat is, you might want to write couple of runs from /dev/zero and from /dev/urandom to the disk before handing them over, but in general a single full run from /dev/zero to the device makes it pretty much impossible for any Joe Average to get anything out of it.

And if you're concerned that some three-letter agency is interested of your data you can use DBAN which does pretty much the same than dd, but automates the process and (afaik) does some extra magic to completely erase all the data, but in general if you're worried enough about that scenario then I'd suggest using an arc furnace and literally melting the drives into a exciting new alloy.

[–] [email protected] 12 points 11 months ago (1 children)

The one thing DD won't overwrite is bad sectors. If the disk has any reallocated sectors, the data in the original sectors may still be there.
If there are reallocated sectors, then the disk is reaching the end of it's life and is not worth reusing anyways.

[–] [email protected] 13 points 11 months ago (1 children)

And if you're concenred on data written on sectors since reallocated you should physically destroy the whole drive anyways. With SSDs this is even more complicated, but I like to keep it pretty simple. If the data which has been stored on the drive at any point of it's life is under any kind of NDA or other higly valuable contract it's getting physically destroyed. If the drive spent it's life storing my family photos a single run of zeroes with dd is enough.

At the end the question is that if at any point the drive held bits of anything even remotely near a cost of a new drive. If it did it's hammer time, if it didn't, most likely just wiping the partition table is enough. I've given away old drives with just 'dd if=/dev/zero of=/dev/sdx bs=100M count=1'. On any system that appears as a blank drive and while it's possible to recover the files from the drive it's good enough for the donated drives. Everything else is either drilled trough multiple times or otherwise physically destroyed.

[–] [email protected] 3 points 11 months ago

Some SSD drives can do a secure erase via block encryption where the key is stored on the drive itself. There is a command that simply generates a new key - Voilà your drive now contains random bits. I don't know if newer spinning rust drives have this feature too.

[–] [email protected] 8 points 11 months ago

Yeah, either DD or the dm-crypt trick for filling the drive with crypto-grade randomness https://wiki.archlinux.org/title/Dm-crypt/Drive_preparation

[–] [email protected] 3 points 11 months ago* (last edited 11 months ago) (1 children)

I claim my new rock band name "exciting new alloy"

[–] [email protected] 1 points 11 months ago (1 children)

hi, is the image AI generated?

[–] [email protected] 2 points 11 months ago

Indeed - Meet Exciting New Alloy, playing on tour near you soon!

[–] [email protected] 0 points 11 months ago* (last edited 11 months ago)

Just overwrite with /dev/zero and be done.What dd always has to be abused is incredible.