Secure erase data on hard drives in FreeBSD

2009-04-11, Lars Sommer,

Secure erase data on hard drives in FreeBSD

2009-04-11, Lars Sommer,

Short summary: Install security/bcwipe, run bcwipe -vdbm /dev/diskdevice

I got six used hard drives through my company, and promised to securely erase data on them, before using them in private systems.

This describes three different tools for securely erasing data on harddisks from within a Unix-like system, e.g. FreeBSD or Linux. As I use FreeBSD, this is the main focus.

Method using dd
The program dd is included in the most distributions, and resides in /bin/dd on FreeBSD. To fill a disk with random data, use this command:
dd if=/dev/urandom of=/dev/da0
If the drive you want to erase is located at /dev/da0
If you, for some reason, want to keep the partition table, you can use:
dd bs=512 skip=1 if=/dev/urandom of=/dev/da0

As this method only write random data to the drive once, it should be run a couple of times.

Method using bcwipe or wipe
The program bcwipe seems to be the most interesting. It is found in FreeBSD ports in security/bcwipe and compiles in a few seconds.
It supports both the applied method from Peter Gutmann ( ) for "Secure Deletion of Data from Magnetic and Solid-State Memory", as well as U.S. DoD(Department of Defence) 5200.28 standard. 
The smaller utility wipe, found in seciruty/wipe on FreeBSD, only supports Peter Gutmanns method.

bcwipe has a nice manual page, but an example of running it is shown here. This is to use the DoD 5200.28 standard on a blockdevice:
bcwipe -vdbm /dev/da0
If your device is named /dev/da0.

Generally I trust both Peter Gutmann, and DoD 5200.28. But I have not looked into the source code of bcwipe yet. So can the implementation of the methods be trusted?
I take that risk, and give each drive one run with the simple dd method explained above, followed by one DoD 5200.28 run with bcwipe afterwards.

If you are in a big company, and you need to either securely erase, or securely trash a lot of good hard drives, you should really consider erasing them. 
It will the cheaper for the company, and it will be much better for the environment.
And with the correct tools, it can be done by anyone in the security department.
If the drive is still modern, and still big enough, it is really cool green IT to reuse it instead of trashing it.

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *