完全用 GNU/Linux 工作

30. 銷毀資料 - Shred

過去在 GNU/Linux 裡,凍仁會使用 dd,此指令會將資料填零而達到抹除磁碟的功用,但就算這樣還是有被專業人士還原的風險;現在凍仁都改用 shred指令來完成這項任務,此指令是專門用來撕碎資料的。

dd

將 /dev/sdX 裝置填零。

  1. dd if=/dev/zero of=/dev/sdX bs=1M

shred

  1. 開始 shred 之前,您必須先安裝 coreutils 套件。

    1. $ sudo aptitude install coreutils
    2. # -v 顯示進度。
    3. # -f 強制寫入,必要時允許變更權限寫入。
    4. # -z 用零覆寫並撕碎。
    5. # -n 指定覆寫次數。
    6. # -n 指定覆寫次數。
  2. 抹除硬碟

    1. $ sudo shred -vfz -n 10 /dev/sdX
    2. shred: /dev/sdX11 次之第 1 (random)...
    3. shred: /dev/sdX11 次之第 1 (random)...471MiB/932GiB 0%
    4. shred: /dev/sdX11 次之第 1 (random)...472MiB/932GiB 0%
    5. shred: /dev/sdX11 次之第 1 (random)...949MiB/932GiB 0%
    6. ......
  3. 抹除檔案

    1. $ shred -vu -n 10 hello-sherd.txt
    2. shred: hello-sherd.txt: pass 1/3 (random)...
    3. shred: hello-sherd.txt: pass 2/3 (random)...
    4. shred: hello-sherd.txt: pass 3/3 (random)...
    5. shred: hello-sherd.txt: removing
    6. shred: hello-sherd.txt: renamed to 000000000000000
    7. shred: 000000000000000: renamed to 00000000000000
    8. shred: 00000000000000: renamed to 0000000000000
    9. shred: 0000000000000: renamed to 000000000000
    10. shred: 000000000000: renamed to 00000000000
    11. shred: 00000000000: renamed to 0000000000
    12. shred: 0000000000: renamed to 000000000
    13. shred: 000000000: renamed to 00000000
    14. shred: 00000000: renamed to 0000000
    15. shred: 0000000: renamed to 000000
    16. shred: 000000: renamed to 00000
    17. shred: 00000: renamed to 0000
    18. shred: 0000: renamed to 000
    19. shred: 000: renamed to 00
    20. shred: 00: renamed to 0
    21. shred: hello-sherd.txt: removed

※ shred 在 ext3, ext4 這類的日誌檔案系統上運作時可能無法完整清除,若真不放心可以試試 hdparm

資料來源