How do I permanently erase hard disk?

last updated in Categories , , , , , , , , , , ,

I am going to sell my laptop soon. Before discarding my system, I want to make sure that no one should be able to use my personal data using any method (format do not work). Is there any open source software out there that can help me permanently erase my hard disk?

The secure removal of data is not as easy as you may think. When you delete a file using the default commands of the operating system (for example “rm” in Linux/BSD/MacOS/UNIX or “del” in DOS or emptying the recycle bin in WINDOWS) the operating system does NOT delete the file, the contents of the file remains on your hard disk. The only way to make recovering of your sensitive data nearly impossible is to overwrite (“wipe” or “shred”) the data with several defined patterns. For erasing hard disk permanently, you can use the standard dd command. However, I recommend using shred command or wipe command or scrub command.


Warning: Check that the correct drive or partition has been targeted. Wrong drive or partition target going to result into data loss . Under no circumstances we can be help responsible for total or partial data loss, so please be careful with disk names. YOU HAVE BEEN WARNED!

Erase disk permanently using a live Linux cd

First, download a knoppix Live Linux CD or SystemRescueCd live CD.

Next, burn a live cd and boot your laptop or desktop from live CD. You can now wipe any disk including Windows, Linux, Mac OS X or Unix-like system.

How do I use the shred command?

Shred originally designed to delete file securely. It deletes a file securely, first overwriting it to hide its contents. However, the same command can be used to erase hard disk. For example, if your hard drive named as /dev/sda, then type the following command:
# shred -n 5 -vz /dev/sda
Sample outputs:

Fig.01: Use shred to securely delete simple files including hard disks
Fig.01: Use shred to securely delete simple files including hard disks


  • -n 5: Overwrite 5 times instead of the default (25 times).
  • -v : Show progress.
  • -z : Add a final overwrite with zeros to hide shredding.

The command is same for IDE hard disk hda (PC/Windows first hard disk connected to IDE) :
# shred -n 5 -vz /dev/hda
In this example use shred and /dev/urandom as the source of random data:
# shred -v --random-source=/dev/urandom -n1 /dev/DISK/TO/DELETE
# shred -v --random-source=/dev/urandom -n1 /dev/sda

How to use the wipe command

You can use wipe command to delete any file including disks:
# wipe -D /path/to/file.doc

How to use the scrub command

You can use disk scrubbing program such as scrub. It overwrites hard disks, files, and other devices with repeating patterns intended to make recovering data from these devices more difficult. Although physical destruction is unarguably the most reliable method of destroying sensitive data, it is inconvenient and costly. For certain classes of data, organizations may be willing to do the next best thing which is scribble on all the bytes until retrieval would require heroic efforts in a lab. The scrub implements several different algorithms. The syntax is:
# scrub -p nnsa|dod|bsi|old|fastold|gutmann|random|random2 fileNameHere
To erase /dev/sda, enter:
# scrub -p dod /dev/sda
Sample outputs:

Gif.03: Use dod alogos of scub to wipe disk securely on Linux / Unix
Gif.03: Use dod alogos of scub to wipe disk securely on Linux / Unix

Use dd command to securely wipe disk

You can wipe a disk is done by writing new data over every single bit. The dd command can be used as follows:
# dd if=/dev/urandom of=/dev/DISK/TO/WIPE bs=4096
Wipe a /dev/sda disk, enter:
# dd if=/dev/urandom of=/dev/sda bs=4096
Sample outputs:

Gif 01: Wipe a disk using gnu/dd command
Gif 01: Wipe a disk using gnu/dd command

How do I securely wipe drive/partition using a randomly-seeded AES cipher from OpenSSL?

You can use openssl and pv command to securely erase the disk too. First, get the total /dev/sda disk size in bytes:
# blockdev --getsize64 /dev/sda

Next, type the following command to wipe a /dev/sda disk:
# openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt </dev/zero | pv -bartpes 399717171200 | dd bs=64K of=/dev/sda
Sample outputs:

Fig.02: Use dd command with  randomized the drive/partition using a randomly-seeded OpenSSL AES cipher and pv command
Fig.02: Use dd command with randomized the drive/partition using a randomly-seeded OpenSSL AES cipher and pv command

How to use badblocks command to securely wipe disk

The syntax is:
# badblocks -c BLOCK_SIZE_HERE -wsvf /dev/DISK/TO/WIPE
# badblocks -wsvf /dev/DISK/TO/WIPE
# badblocks -wsvf /dev/sda

Sample outputs:

Gif 02: Wipe a disk using badblocks
Gif 02: Wipe a disk using badblocks

Other options

Darik’s Boot and Nuke (“DBAN”) is a self-contained boot floppy (CD ISO also available) that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction. Download dban. Also don’t forget to read dban frequently asked questions. Please note that DBAN works well with MAC, PC (windows os) and Linux/BSD based system. Once you used the shred command or DBAN live cd on your disk, you can sell your laptop.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.


11 comment

  1. Thanks for sharing this article! It gives me an idea on how to delete my personal data and information. Noted this one!

  2. Using full disk encryption like AES-256 (or stronger encryption) when writing your data to a storage pool, then deleting your key is a sure fire way to ‘erase’ a drive. If that isn’t an option, and you are interested in securely erasing an SSD, you will have to force the drive to overwrite all over provisioned pages, and with some drives implementing dedup, pattern elimination and other data services, writing non random data to your drive may not actually write it out to your media. As said above, garbage collection, wear leveling, scrubbing, and journaling makes it very difficult to truly ‘erase’ your data, you will need to write over every page (the entire lba range) at least 3 times with random data before you can be sure that your data is gone.

  3. Let the drive’s firmware do it for you:

    hdparm --security-set-pass NULL /dev/sdX
    hdparm --security-erase NULL /dev/sdX

  4. The shred command has some weaknesses explained in its man page having to do with certain journalled file systems not committing the actual changes to disk either immediately or ever. Use one of the other options for permanently erasing a disk, with dd being the one you’ll find on any Linux/Unix’s standard install.

  5. The idea of needing multiple passes to erase hard disk data is a myth, based on a single highly hypothetical thought-experiment, and kept alive by companies selling expensive “secure erase” hardware and software to paranoid organisations. A single overwrite of zero (dd if=/dev/zero of=/dev/sdX bs=1M) will render the hard disk totally unrecoverable.

    Secure erase ATA commands will also do this perfectly well.

    For flash disks, the process is a bit more complicated. Secure erase is probably the best solution. Overwriting with zeros may leave the original data in some of the flash sectors, especially if the drive has transparent compression. But even if the data is in the flash chips, it takes very specialised hardware and software to read it out, and a great deal of time and effort. And all the physical to logical mapping data will be lost, leaving the would-be data thief with an enormous jigsaw puzzle with most of the bits missing.

    So if you suspect that the NSA are after you, destroy the disk physically. If not, a secure erase ATA command or a single dd of zeros is all you need.

  6. I agree with Mark Lord and David. ATA Secure erase is the best way to erase a disk. It can be a pain occasionally (setting and un-setting the password – must unset the password at the end!!) but you are sure that the disk is erased. SSD’s are also apparently set to ‘as new’ performance as all the sectors are zeroed, I have read.

    ATA secure erase can only be done on direct attached drives (IDE and SATA). No USB/Firewire/other connectors.

    See this article:

Leave a Comment