Erasing hard disks fast & securely with OpenSSL

March 2016

Erasing & overwriting disks with dd can take a very long time, both with /dev/null and /dev/urandom. Most modern CPUs are capable of AES-NI, accelerating cryptographic operations while reducing system load dramatically. That’s why I’m using OpenSSL to erase my disk drives. The advantages are clear - encrypted pseudorandom data output and maximum I/O throughput. Studies have shown that one wipe is sufficient on magnetic HDDs.

openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 </dev/null | base64)" -nosalt </dev/zero | pv --progress --eta --rate --bytes | dd of=/dev/sda

Replace sdX with the target drive. Make sure pv is installed before executing. OpenSSL is encrypting /dev/zero with a randomized password of /dev/urandom. You should see a progress bar & ETA.