Wipe free space [Solved]

[Kermit the Frog]

Got that running now. Thank you!

You're welcome :)

Nobody is going to ...

But the question is not "would you / would they ..."

[Kermit the Frog]

... cd I used to use for secure wipes...

In fact (as you might already know) even no need to any software. With "any" Linux:

Code: Select all

sudo dd if=/dev/zero of=anyname.txt

Since there's no limit, it goes on infinitely ... Then stops with a message saying "No Space Left on Disk" (or so) ... ( You've just written zeros to all free space ) ... then just delete the anyname.txt either "Shift+Delete" in file manager or sudo rm anyname.txt in terminal.

(Of course one may use random or urandom (preferred over random: "unlimited" /non-blocking random source) instead of zero if they like, that may take a bit longer time.)

@Jeffrey

[DukeComposed]

But the question is not "would you / would they ..."

The question is not "would they" but "could they".

This has been a recurring question for several decades. A web search for "DOD 5220.22-M" returns a number of dry U. S. Department of Defense links to documents, and then several proprietary software sales pages promoting how well their software can securely delete traces of old data off of old hard disks.

Way back when all reusable storage was spinning platters, someone declared the magic number was 35 and the ritual was to overwrite all content on the disk with some combination of ones, zeroes, a pseudorandom mix of ones and zeroes, and then finally another pass of zeroes.

This devolved into people arguing over how to generate the best pseudorandom numbers to use.

Eventually this got simplified to 7 passes, then 3. Nowadays, mercifully, the National Security Agency unambiguously says: "Physical destruction is the only secure way to ensure your data is gone."

This will devolve into people arguing over what is the best kind of hammer to use.

I happen to still like Darik's Boot and Nuke and avoid the proprietary tools that swear they're more better-er. Somewhere around here I still have an old dban-2.0-something CD-R I burned many years ago, and I accidentally scrounged up no fewer than two old floppy diskettes still labeled "dban-1.0.7".

So your best bets to wipe a disk are:

• safest: wipe drive with Darik's Boot and Nuke, then install MX
• least amount of erasing: install MX on a tiny partition, create new partition containing all remaining free space, dd if=/dev/zero over that new partition, delete the new partition, expand the MX partition to fill the entire disk
• lazy: install MX, use BleachBit to wipe free space
• lazier: dd if=/dev/zero over the entire drive once, then install MX
• laziest: do nothing because few if any people will take interest in reading latent bytes from a refurbished machine running an ext4 partition

All of these options have a pro and a con to them, so it's up to you to decide what kind of security margin you're willing to accept and how much effort you want to put into it. We can safely say that if an interested nation state can obtain any of these drives, they will be able to extract latent data from it no matter what you do[0]. By repurposing the drives, there is some amount of risk in someone snooping around and looking into what used to be on them, no matter how minor. Hopefully you're not reusing drives from people who have nuclear secrets or military contingency plans for if Switzerland invades Uruguay. For sanitizing people's old tax documents and bikini photos though, dd, BleachBit, and DBAN are all adequate countermeasures.

[0] Shy of demolishing the hardware and/or incinerating the drives. NSA recommends a temperature no less than 670°F or 355°C.

[LU344928]

Last time I looked DBAN's freeware version only wipes HDs. If you want to use it for SSDs you need to pay a fee.

I would probably use a file encryption utility such as Veracrypt to format the drive/partition, which would result in random data being written from start to finish.

[Stevo]

Not ootb but can be installed either with cli or MXPI.

However the one in the repo may be a bit older. You can (as I always do with new releases) right-click on the downloaded deb file: "Install Deb Files".:

https://www.bleachbit.org/download/file ... bian12.deb


( Assuming it's Bookworm. Otherwise for older Debians: https://www.bleachbit.org/download/linux )

By the way, the version of Bleachbit in the MX 21 and 23 test repos is the current 4.6.2.