Secure Erase of Hard Disks

I have a bunch of the small USB bus-powered hard disks that I no longer use (everything converted to SSDs). They are functional and I would like to give them away and figured I needed to do a secure erase before donation. (Nothing super secret, just a privacy issue.). Disk Utility of course has an option to secure erase - the fastest option (two pass) takes a really long time (these are 1 and 2 TB drives). I mean a really long time - so long it is just not practical. Short of destroying the drives are there any options for something faster? There is a charity here in Las Vegas that takes old electronics and they say they erase everything but I don’t know how secure that is (just reformatting isn’t secure). Suggestions?

No long is too long…if it’s just hours get them started and come back tomorrow. Barring that…delete and empty trash then fill the drive with something…a folder full of ,dmg files without serial numbers or screenshots…I just make a folder with a GB or so…then duplicate the folder, select all and duplicate, select all and dupe…until the drive is full, then delete and empty trash. If you’re really paranoid then repeat. Alternatively…encrypt the drive and then delete the encryption key, then reformat, the key deletion scrambles the remaining contents. There is also a terminal command to fill the drive…cat /dev/null or some such but I can never remember that one.

Any of those should suffice for most undelete methods…NSA can still get in…maybe…but you’re probably good enough with this…although IANAL but I was a computer security guy.

3 Likes

I concur with @neil1 . Just use Disk Utility to start a secure erase of the entire device (not just one volume) and let it run overnight.

You are correct that a non-secure erase is insufficient. That just creates a new/empty directory structure on the disk, but all the data blocks remain as they were, so data can be recovered fairly easy using off-the-shelf tools. And I wouldn’t trust anyone else to do the erasure either.

I’m not sure what the latest Disk Utility supports in its GUI interface, but looking at the command-line disktuil, the following options are available:

$ diskutil secureerase
Usage:  diskutil secureErase [freespace] level MountPoint|DiskIdentifier|DeviceNode
Securely erases either a whole disk or a volume's freespace.
Level should be one of the following:
        0 - Single-pass zeros.
        1 - Single-pass random numbers.
        2 - US DoD 7-pass secure erase.
        3 - Gutmann algorithm 35-pass secure erase.
        4 - US DoE 3-pass secure erase.
Ownership of the affected disk is required.
Note: Level 2, 3, or 4 secure erases can take an extremely long time.

Option 0 or 1 (write all-zeros or write random data) should be perfectly secure unless you think some government is going to try to recover your data from residual magnetic images. (If you think that’s a serious concern, then physically destroy the device.) So use one of those two. If the GUI interface on your Mac only offers a two-pass mechanism for its fastest secure-erase, either pick it or use the command-line tool to choose one of the single-pass mechanisms.

I don’t think this will be any faster than a single-pass erase from Disk Utility or a third-party tool (or a simple dd command). Under all cases, you’re going to be writing 2TB of data to the device, followed by reformatting.

Discarding the encryption key from an encrypted volume is fast and easy, but if it wasn’t previously encrypted, then you’re still going to have to write 2TB afterward. I don’t think FileVault encrypts unused space (blocks that don’t belong to any files).

The NSA isn’t going to be able to recover your data if you wrote zeros to every block. The concept of recovering data from magnetic afterimages is nothing but a theory. People have been talking about it for decades, but I haven’t read a single story (not even a rumor) about anybody who has been able to use it to actually recover data from a wiped device.

But if you think your data is so sensitive that you can’t take that chance, then why are you asking? Just destroy the drive altogether.

1 Like

Thanks for the suggestions. I am old enough to remember the Iomega Bernoulli Box removable floppies in the 1980s. We used them at work for a while. The story I heard was that the NSA liked them because they were easy to shred (completely destroy) when necessary,

The Disk Utility minimum secure erase does two passes I think. Running the terminal command seems to support a single pass option (0) which would be faster.

1 Like

Definitely the case. I think the Bernoulli cartridges have a floppy-like medium inside the cartridges. (much like a Zip disk).

Of course, today you could just get (or rent) a hard drive shredder.

1 Like

Here’s another idea.

Encrypt the disk with FileVault.

Fill the disk with zeros. In Terminal:

dd if=/dev/zero of=zerofile bs=64k

when the disk fills up, unmount it, then reformat it.

All the free space should be unintelligible gibberish that can’t be deciphered without the encryption key. Which of course is not available since you reformatted the disk and are not going to provide it to the new owner.

Should be a lot less wear and tear (and faster) than multiple passes…

Beware on APFS this won’t do what you think it does. The copy won’t actually write bits to disk.

1 Like

You could also just run the dd command to fill the disk with zeros and not bother with FileVault. (And I’d recommend a larger block size, like 1MB):

sudo dd if=/dev/zero of=/dev/disk# bs=1M

(Where # is the physical disk number)

There won’t be any data to read unless you believe government agencies can actually extract files from residual magnetic images.

But even if it can be done (which I don’t believe), nobody is going to go through the massive time and expense to try and extract something from a blank drive unless they know in advance that there used to be something valuable enough to make it worth the attempt.

And if you would prefer random gibberish, you can read from /dev/random instead of /dev/zero:

sudo dd if=/dev/random of=/dev/disk# bs=1M

But why bother dealing with cryptic Unix commands when diskutil already has a command to do what you need. All of these will take the exact same amount of time because you’re going to be writing 2TB of data to that 2TB disk.

2 Likes

Agreed. And with a dd command line, you can easily shoot yourself in the foot. Disk Utility is doing the same thing as dd but without the loaded gun. (or, at least, less of a hair trigger)

True…but I was on my iPad and thinking of other than Disk Utility ways…but you’re right the options there or in Terminal are probably better.

And…not a theory…just hard and expensive. It’s amazing what a supercomputer can do if you’re willing to pay enough for it.

Forgot about that…drats. No worries for me though…my old drives get destroyed. Back in the day when I was working for the government we had a couple of classifications that required degassing the drives and then physically destroying them…we took them out to a foundry and melted the platters. I always thought that was overkill…until I learned that it wasn’t.

I don’t suppose it is possible to run two instances of diskutil at the same time… I have two disks erased now and am working on the third. The issue is I have a lot of these old drives. I just moved my wife to a new Mac Mini and I have her old iMac. Maybe I can put that to work too!

Re the Bernoulli box drives - these had a flexible “platter” (like a floppy drive) and were very robust when dropped or hit - the R/W heads actually touched the platter, I think.

You can use

open -n /path/to/app

to get multiple instances of the same app to run on macOS (which is not necessarily always a good idea). You’ll need the true path to the app though, i.e. /System/Applications/Utilities/Disk\ Utility.app/

Can you share any articles from anyone claiming that actual files have been recovered from media with a magnetic force microscope? After a few clickbait articles many years ago showing that magnetic afterimages exist, nobody seems to have published anything about taking it to the next step for actual data recovery.

(I found an article from 2012 that seems to agree with me: https://commons.erau.edu/cgi/viewcontent.cgi?article=1131&context=jdfsl)

I’m well aware of government paranoia. I assume that after the platters are melted, they will want to classify the slag in case someone ever invents a quantum time-reversing device that can unmelt it back into a hard drive. But until someone shows me evidence that such paranoia is justified, I’m going to continue to say it doesn’t matter.

With the command-line tool? I don’t see why not. But keep in mind that your interfaces only have so much bandwidth. So (depending on the drive and how it’s connected to your computer), you may or may not see much advantage.

For the GUI tool, @Simon posted a way. I would just be careful because some GUI apps assume that there will only be one copy running (since macOS normally prevents multiple instances), so two instances may interfere with each other. Maybe Disk Utility is fine, but I’d be nervous trying it.

2 Likes

I am just going to use the old iMac to do this and I can also run the process on my macStudio too.

Lots of interesting and helpful information in this thread. Thanks to all of you.

David

Larry Wall’s perl principle of TMTOWTDI (pronounced tim-toedi) certainly applies here. (There’s More Than One Way To Do It)…

Sidebar: I have discovered that HDDs are nearly impossible to sell or donate in the US. On eBay, you’re lucky to get a buck per TB. Most recyclers declare on their websites that they accept all electronic devices… except disk drives. Charitable organizations do the same. When Goodwill receives a hard disk drive, they destroy it.

1 Like

Sorry…it was from a time back when I wore a uniform…and while I personally did not see the output our place of business was kinda sorta in that business and it was one of the things that we knew could be attempted if you were willing to spend a lot of money…and the results weren’t perfect. The data was incomplete and garbled from what we inferred but we never actually saw the data…and I’m completely in the dark about how they did whatever they did.

Here in Summerlin (West side of Las Vegas) we have an “electronics donation event” once a year and they (The Blind Center) accept disk drives - if they are in working order they are given to other users. The Las Vegas Rescue Mission also accepts and reuses electronics. The Blind Center also accepts electronic waste and recycles it. You never know for sure, but at least I am not just trashing these drives (all working fine now, albeit slowly).