On 01/11/18 09:45, Andreas Thulin wrote: > Hi! > > Again, an ignorant question (as usual): > > How might I do something similar to > > # dd if=/dev/one of=/dev/sd0 bs=1M > > as a complement to the usual and well-described > > # dd if=/dev/zero of=/dev/sd0 bs=1M > > followed by > > # dd if=/dev/urandom of=/dev/sd0 bs=1M > > in order to achieve paranoid disk-wiping?
Another answer to your question might be to change those zeros to ones. One way to do that: # tr "\0" "\377" </dev/zero |dd of=ones.file bs=1k count=1 1+0 records in 1+0 records out 1024 bytes transferred in 0.000 secs (14017796 bytes/sec) # hexdump ones.file < 0000000 ffff ffff ffff ffff ffff ffff ffff ffff * 0000400 Worked! Replace bs=1k with bs=1m, remove count=1 and of=/dev/rsdXc, and your disks will be ... one with everything. Try this and Ingo's process, I'd think mine would be faster, but I'd never bet against Ingo. :) As others have said, one zero pass is sufficient...or at least, will get everything that 500 random passes will get (will miss locked out sectors). But yes, auditors and such...you don't have to agree with them, just do what they say, and if I can take home big drives, I'll happily do ten passes. :D Personally, I do the zero pass LAST. It's much easier to tell if a disk is zeroed than it is to see if it has random data. That way, if I get confused and lose track of what disks I've cleared and which ones I haven't, I can pop one in, take a look with fdisk, and if I see the Signature and all partition types zero, I know I hit this one. Our company policy is three passes, at least one zeros, at least one pass of randoms. When clearing PC stuff, I do two randoms, one zero. When doing AIX, I use the IBM "erase disk" function, which does three "patterns" and then a "random" pass. I have reason to believe the "random" pass is not very random, but I'm sure good enough after the first three. btw: OpenBSD has probably the fastest random number generator around, You don't want to do a dd of /dev/random over a disk bigger than about 20MB (yes, MB) with AIX. OpenBSD will fill your disk with crypto grade random numbers pretty quickly. It's worth putting OpenBSD on a USB drive to clear disks (hint: disable the kernel and library relinks -- it can add a lot of time on a slow flash drive). btw: the "big hammer" isn't so great. While it will render the drive unusable as a drive, it doesn't do much to scramble the data on the platters. Remember, you don't have to reconstruct the entire database, you just have to get some complete records to have PII problems. At least, that's my story, because the hammered drives aren't worth anything to me. :) Nick. Nick.
