Deleting a file on a storage disk does not wipe or overwrite the data. Instead, it marks the location as available for the system to use when writing other files. This approach isn’t typically a problem on a daily basis, but it becomes an issue when disposing of disks or repurposing storage media.
Whether donating systems to charity, selling a used computer, or throwing out an old, outdated hard disk drive, it is essential to carefully wipe the data on it. This is also true if repurposing an old desktop from the sales department to the kiosk in the front lobby, for example.
Linux relies on two primary tools to overwrite data securely: shred and dd. They offer similar functionality but have a few different configuration options. Let’s examine how to use shred and dd commands, and discuss how to use them to manage old storage devices that might contain information you want covered up.
The Linux shred command obfuscates data by overwriting it with random information or zeros. All you have to do is target a file or storage area and define any additional features. Shred takes care of the rest.
It is important to note that shred can take a long time to run on today’s massive storage devices. Before using shred, it is necessary to ensure that the command is installed on the distribution. If shred is not installed, it can be added using the DNF package manager on Red Hat-derived distributions or the apt package manager on Debian-derived distributions. Shred is also included in the GNU Coreutils package, which most distributions have.
Shred comes with common options like defining the number of passes (overwrites), displaying progress information, forcing overwrite of read-only files, adding a final overwrite job consisting of zeros, and overwriting the data and then deleting the file for an extra layer of security. Combining these options can enhance the functionality of shred.
The Linux dd command is quite versatile, offering capabilities to securely overwrite data on a storage disk, as well as copying and converting file system trees. However, caution must be exercised when using dd on production systems, as it overwrites existing data, making it difficult to recover from any mistakes.
The syntax for dd is different from most Linux commands, requiring specifications for the input and output files, with options to define the block size. Like shred, dd is part of the GNU Coreutils package, so it is likely already available on the system. Using dd to sanitize a disk involves overwriting existing data with random content sourced from the /dev/random special device.
Both shred and dd are essential tools for securely managing data on storage devices, with each tool having its own use cases and attributes. Shred is typically better for individual files and provides multiple passes for greater effectiveness, while dd is often faster for partitions and disks and can use larger block sizes for efficiency. It is advisable to use each tool for specific circumstances rather than as an either-or decision.
When disposing of solid-state drives (SSDs), special care is needed due to the unique way SSDs distribute files across storage space compared to traditional disks. Utilizing shred and dd commands for SSDs may not be as effective, and SSD manufacturers often provide specialized tools for wiping data. Additionally, disk encryption and physical destruction are other methods to prevent data recovery from unwanted storage drives.
In conclusion, ensuring data is securely overwritten before disposing of or repurposing storage devices is crucial to protect sensitive information. Utilizing tools like shred and dd, understanding their differences and applications, and implementing other methods like SSD-specific solutions, disk encryption, and physical destruction can help safeguard data privacy and security.