Securely erasing your data on Linux
Many people choose to encrypt their disk drives because it ensures that their data stays secure and safe from the prying eyes of others. I always shy away from encrypting my disk because I don’t need that security. When one of my computers reaches the end of life, or I decide to sell it, then I take special measures to ensure that all the information is erased. I am also frequently called on to help clients dispose of old computers when they purchase new ones. What do you do when selling a computer or replacing an old spinning rust drive with a newer solid-state drive? That’s when I think of securely erasing them to remove confidential information before repurposing or disposing of them.
Fundamentally, disk erasure on Linux serves as a versatile solution that tackles security, compliance, performance, and sustainability needs, catering to the varied demands of users. For individual usage or organizational requirements, disk erasure is a forward-thinking data management and information security strategy. Here are five commands to erase a disk on Linux:
Here are five command sequences to ensure that data is securely erased from your Linux data drive(s).
dd command:
This command writes zeros to the entire disk, effectively erasing all data.
$ sudo dd if=/dev/zero of=/dev/sdX bs=1M
shred command:
$ sudo shred -v /dev/sdX
The shred command overwrites the disk multiple times, making data recovery very difficult.
wipe Command:
$ sudo wipe -r /dev/sdX
The wipe command is designed to securely erase disks by overwriting them with random data.
blkdiscard Command (for SSDs):
$ sudo blkdiscard /dev/sdX
This command discards all data on the specified SSD, effectively erasing it.
parted and mkfs Commands:
$ sudo parted /dev/sdX mklabel gpt
$ sudo mkfs.ext4 /dev/sdX
Using parted to create a new partition table followed by mkfs to format the disk erases the existing data. Replace /dev/sdX
with your actual disk identifier. Double-check the device identifier before running these commands to avoid accidental data loss.