What is the accelerate method of free space wiping with random fill?

Question

I am currently using sfill to wipe free space in my root partition ( /dev/sdaX). Its default setting is a 38 pass sudo sfill -v directory/mountpoint but its taking hours to complete this step. I then tried to use less secure three pass method sudo sfill -lv directory/mountpoint the problem is its taking fairly the same amount of time to wipe free space as the default. It is due to dev/urandom which peaks at 13MB/s. While searching for an alterntive method to speed up free space wiping step, I reached this link which uses openssl to randomize the wipe.

 openssl rand $(</proc/partitions awk '$4=="sda" {print $3*1024}') >/dev/sda

Is this a good way to wipe free space in root drive or other safer method exists? In the above command sda is our root partion sdaX, right?

Answer 1

First and foremost, wiping your drive 35+ times is completely unnecessary. The Guttmann Method (35 wipes) is something designed to wipe any drive, from brand-new modern spinning drives to massive ancient 5MB behemoths that are more likely to store resident data. With that said, wiping your drive once or twice is pretty much the best you can do. You have a modern magnetic drive.

The sfill command is... silly. See the manpage for what I mean. If you only need to wipe the drive out with zeros, you can just use the (far simpler) sfill -llz /path/to/your/mountpoint to wipe out all free space with zeros, once. This (according to Guttmann himself, see above link as well as right here) is more than good enough for the vast majority of systems. As you're writing zeros instead of random data, your only speed limit will be your drive's speed.

If you need plausible deniability ("No, officer, I didn't wipe this hard drive"), you can use the sister command sfill -ll /path/to/your/mountpoint to wipe your drive in a single pass with random data. This will be slower, but just as secure for your system as any other wiping method with the addition of possible plausible deniability.

However, if you really need to ensure that no data is absolutely recoverable from this drive (in theory or otherwise), use a drill.