"sanitizing" disks: wiping swap, non-allocated space, and file-tails

David Kreil kreil at ebi.ac.uk
Fri Aug 13 21:45:37 PDT 2004

Dear Brooks,

> > > > > The easiest way to scrub a disk is:
> > > > >
> > > > > dd if=/dev/random of=/dev/<disk> bs=<sthg big>
> > > > > <repeat a few times>
> >
> > I noticed that it will refuse to let me do that on swap, even if it is
> > of f. Of course, I can edit the disklabel to read "unused", run dd, and
> > restore the swap disklabel to "swap" but is there another way?
> That's broken.  Which OS are you using?

Don't know whether I answered that before: 5.2.1-RELEASE-p9/GENERIC

To which list, if not fs, should I send a bug-report in your opinion?

> > Also, I've just done some tests, and
> >
> >   dd if=/dev/random of=/dev/<mydisk> bs=1048576
> >
> > only writes at 6.5MB/s on my system (/dev/zero gives 7.9MB/s). Is that=20
> > typical? My drives theoretically should do 30-40MB/s on read, and
> > 20-30MB/s on write.
> >
> > If these results are "normal", however, that means, for a 10GB swap file
> > and, say 6 wipes, I'd be waiting 3h on shutdown, while a BND-safe thorough
> > 20 wipes would take half a day. Not really practical :-/
> > So unless you tell me that I should be able to achieve much faster write
> > speeds, I think I'll have to ditch the idea of regularly wiping swap (or
> > anything else for that matter).

Actually, I just had one of the drives in my RAID replaced (which was 
apparently on its way breaking down) and now get ~50MB/s write performance for 
dd if=/dev/zero, and ~13MB/s for /dev/random. So if I could generate good 
pseudo-random numbers fast enough, I should be able to wipe a 10GB partition 
20x in an hour - that's good enough!

> If you
> really want performance, you should use arc4random in a custom userland
> program.  That's faster, but expect wiping a 40GB disk to take hours
> even in that case.  I've got such an application, but I haven't had time
> to clean it up and submit it for release.  I'll probably do it some day,
> but I can't recommend waiting for that.  It's only about 800 lines of
> code including the man page and a fancy composable operations system to
> allow just about any DoD or non-DoD pattern or writes and verifies to be
> written on the command line.

I'd be grateful if you could make your utility available. All I need is random 
patterns (white noise). Would that be possible at all, please?

With best regards,


Dr David Philip Kreil                 ("`-''-/").___..--''"`-._
Research Fellow                        `6_ 6  )   `-.  (     ).`-.__.`)
University of Cambridge                (_Y_.)'  ._   )  `._ `. ``-..-'
++44 1223 764107, fax 333992         _..`--'_..-_/  /--'_.' ,'
www.inference.phy.cam.ac.uk/dpk20   (il),-''  (li),'  ((!.-'

More information about the freebsd-fs mailing list