Getty Images/iStockphoto
Using shred and dd commands in Linux to securely wipe data
When it's time to get rid of old systems or when moving one system from one location to another, it's a good idea to use Linux utilities to securely delete existing data.
Deleting a file on a storage disk does not wipe or overwrite the data. Instead, it marks the location as available for the system to use when writing other files. This approach isn't typically a problem on a daily basis, but it becomes an issue when disposing of disks or repurposing storage media.
Whether donating systems to charity, selling a used computer or throwing out that old, outdated hard disk drive, it is important to carefully wipe the data on it. That's also true if you're repurposing an old desktop from the sales department to the kiosk in the front lobby, for example.
Linux relies on two primary tools to overwrite data securely: shred and dd. They offer similar functionality but have a few different configuration options. Let's examine how to use shred and dd commands, and discuss how to use them to manage old storage devices that might contain information you want covered up.
How to use the shred command
The Linux shred command obfuscates data by overwriting it with random information or zeros. All you have to do is target a file or storage area and define any additional features. Shred takes care of the rest.
Be aware that shred can take a long time to run on today's massive storage devices.
Install shred
Begin by verifying shred is installed on your distribution. Not all Linux distributions include it. Type shred without options or arguments to see if it's installed.
If it's not installed, use the DNF package manager on your Red Hat-derived distribution to add it.
sudo dnf install -y shred
If you're using a Debian-derived distro, such as Ubuntu, type the following.
sudo apt install -y shred
It's also part of the GNU Coreutils package, which most distributions have. You can add the Coreutils package using your package manager.
sudo dnf install -y coreutils
sudo apt install -y coreutils
Be careful with shred. Remember, it is designed to make data unrecoverable. Be sure of your target device or file before running this command.
Common shred options
The following are some of the most common shred options:
- -n defines the number of passes (overwrites) for the target. More is better, but the process takes longer.
- -v displays progress information.
- -f forces shred to overwrite files with read-only permissions.
- -z adds a final overwrite job consisting of zeros.
- -u overwrites the data and then deletes the file for an extra layer of security.
Use shred --help to display all options.
Example 1. Shred a file
The shred command is straightforward. You don't even need any options. To shred a single file using default settings, type the following.
shred filename.txt
Define a custom number of overwrites by using the -n option. In this case, there are 10 overwrites.
shred -n 10 filename.txt
It's advisable to conduct a final overwrite with zeros. Use the -z option for that feature, as seen here.
shred -z filename.txt
As with other Linux commands, you can combine options for increased functionality.
Example 2. Shred a partition
You can direct shred to a volume by using the device path instead of a file name. For example, to apply shred to the sdb1 partition with five overwrites, a final pass with zeros and then deleting the file, type the following.
shred -n 5 -uvz /dev/sdb1
Recall that shred may take a long time on large storage devices.
How to use the dd command
The Linux dd command is quite versatile. One of its capabilities is securely overwriting data on a storage disk. It also copies and converts file system trees.
Be careful using dd on production systems. It overwrites existing data, making it difficult to recover from any mistakes.
The syntax for dd is different from most Linux commands you're familiar with. It includes specifications for the input and output files. Think of these files as the source and target of the content you're writing.
- if={input-file}
- of={output-file}
The input file can be a file, file system or special source device, such as /dev/zero or /dev/random.
You also define the block size by using the bs option. Larger block sizes speed up processing.
Install dd
Like shred, dd is part of the GNU Coreutils package, so you probably already have access to it. You can use both commands if you installed the Coreutils package, as seen in the shred section above.
Like shred, dd irrevocably overwrites information, so be careful when using it in production. Check your commands carefully.
Using the dd command
To sanitize a disk using dd, overwrite existing data with random content sourced from the /dev/random special device. Begin by unmounting the storage space and then running the dd command.
umount /dev/sdb
dd if=/dev/urandom of=/dev/sdb bs=1M status=progress
When the process completes, add a new file system using the mkfs command. You can then mount the file system and begin using the overwritten space for new data.
Comparing shred and dd commands
Both tools are essential, so it benefits you to know when to use each. The following lists compare attributes of each and when to use each tool:
- Attributes
- Shred is usually better for individual files.
- Shred overwrites data multiple times, ensuring greater effectiveness.
- Shred can overwrite data with random numbers and then conduct a final pass of zeros to hide the shredding process.
- Dd is usually faster than shred for partitions and disks.
- Dd can use larger block sizes for greater efficiency.
- Dd provides a single pass, so you may need to run it multiple times.
- Use shred in the following situations:
- You need to delete files or directories securely.
- You want multiple passes during the overwriting process.
- You want to preserve the file system but securely delete the files.
- Use dd in the following situations:
- You need to wipe a partition or drive.
- Speed is more important than multiple passes.
The shred and dd utilities are not necessarily an either-or decision. Instead, you use each tool for specific circumstances.
SSDs need special care
When it's time to dispose of an entire computer -- or at least the storage devices -- ensure confidential data is unrecoverable. Deleting files or reformatting the drive with fdisk is not enough. Instead, rely on shred and dd commands or other utilities.
Before donating or repurposing storage media, use multiple passes of either tool -- or both -- to help prevent data forensics tools from recovering your files. You might also need shred if you wish to securely delete individual files without destroying the file system or touching other resources you want to keep.
It's worth noting that you should manage solid-state drives (SSDs) differently from spinning disk devices. SSDs distribute files across the storage space differently from traditional disks, meaning an apparent file wipe with shred or dd might not be as effective as you think. SSDs also have limited writes, which disk wipe utilities can consume. Most SSD manufacturers provide a disk wipe tool, so it's best to use that.
Disk encryption and physical destruction are other ways to prevent data from being recovered from unwanted storage drives.
Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides and contributes extensively to Informa TechTarget, The New Stack and CompTIA Blogs.
