Hero Image

Secure erasing

Shredding sensitive files

Keep in mind that with current era harddisks, the data might be copied on write to some other place, so simply shredding data is not enough. But it can at least be made more difficult:

shred -v -z -u -f -n 20 file1 file2 file3...

Overwriting harddisks and/or partitions.

Obviously, iterating /dev/random over your block device a few times would be the safest way. But, this is not going to yield you much true randomness to quickly wipe a disk securely. You can resort to using /dev/urandom, and/or just use /dev/zero, but there's some alternatives.

Secure (enhanced) erase feature of harddisks

Most SSDs and some newer harddisks implement encryption already. They randomly initialize themselves with a new private key every time you "secure erase" them. This is much, much faster, because if you use this feature, it just regenerates a new private key and the old key is lost. Making all existing data pretty much unrecoverable.


You can use the shred command for it as well:

shred -v /dev/sdX

dm-crypt / cryptsetup ("LUKS", but not really)

You can just use cryptsetup to create an encrypted container on the disk or partition:

cryptsetup open --type plain -d /dev/urandom /dev/sdX1 wipe_me

Zero the opened container:

dd if=/dev/zero of=/dev/mapper/wipe_me status=progress

Close it:

cryptsetup close wipe_me

If you also want to hide that you used this method for it, overwrite the LUKS-header:

dd if=/dev/urandom of=/dev/sdX1 bs=512 count=20480

Make sure you aim it at the correct partition and not the drive itself.