On Sunday 12 Jul 2015 13:35:25 Marc Joliet wrote: > Hi, > > I have to failed drives that I want to give away for recycling purposes, > but want to be sure to properly clear them first. They used be part of a > btrfs RAID10 array, but needed to be replaced (with "btrfs replace"). (In > the meantime I converted the array to RAID1 with only two drives.) > > My question is how precisely the disks should be cleared. From various > sources I know that overwriting them with random data a few times is > enough to render old versions of data unreadable. I'm guessing 3 times > ought to be enough, but maybe even that small amount is overly paranoid > these days? > > As to the actual command, I would suspect something like "dd > if=/dev/urandom of=/dev/sdx bs=4096" should suffice, and according to > https://wiki.archlinux.org/index.php/Random_number_generation#.2Fdev.2Furan > dom, /dev/urandom ought to be random enough for this task. Or are cat/cp > that much faster? > > Any thoughts? > > Greetings
I use urandom a couple of times (3 to 5), because random takes too long and I don't store state secrets on my disks. Then I dd onto it a final round of /dev/zero. Finally, run hdparm to securely erase it for good measure.[1] All of this could be an overkill, but do it out of habit these days. It is worth saying that I use haveged to increase entropy: [I] sys-apps/haveged Available versions: 1.5 ~ 1.7a 1.7a-r1 ~ 1.9.1 Installed versions: 1.7a-r1(12:46:23 04/21/14) Homepage: http://www.issihosts.com/haveged/ Description: A simple entropy daemon using the HAVEGE algorithm I should clarify that disks which contained financial data are dealth with a high speed angle grinder, after I remove the outer casing of the drive and don a pair of goggles.[2] *Only then* do I recycle the bits left. ;-) [1] https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase [2] You can also use a hammer, a drill, or any similar implement which will completely break the physical disk platters to bits. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.