Erasing disks securely
By Stefan Hinker-Oracle on Jun 08, 2011
Actually, both the question and the answer are old and well known. However, these things tend to be forgotten and pop up as questions from time to time. Hence a little reminder for all of us:
Solaris makes it easy to erase a disk so that all the data can't be restored, even with sophisticated methods. There is a subcommand "analyze/purge" in the command format(1M) that does it all for you. It will overwrite the selected area of your disk (usually s2) a total of four times with different patterns to achieve this. Of course, depending on the size of the disk, this might take a while. But it's secure enough to comply with Department Of Defence(DOD) wipe disk standard 5220.22-M.
Some more details are here:
- manpage of format(1M)
- Detailed description of the procedure
- Wikipedia article about theoretical background and limitations
- The link to the original DoD standard doesn't work anymore and has been replaced by a link to Wikipedia.
- Here's an additional link to a more recent NIST publication.
- Note that with modern drives, destroying data with OS or application level tools will not satisfy higher security requirements. The sector management of these drives might make defective sectors with sensitive data unavailable to such tools - but not to more intrusive methods of active data recovery. If you want to protect against those, physical destruction is your only reliable option.