Talk:Securely wipe disk/Tips and tricks
dd advanced example
Regarding dd - advanced example
Since only relatively few random numbers are required for the seed, why don't we recommend /dev/random instead of /dev/urandom and also bs=256 instead of 128 ?
Alphazo (talk) 21:18, 28 March 2017 (UTC)
- I've reworded it a little, so that it does not sound like a "recommendation". For the u/random part, my first thought is that it really depends on your system and usage. A lot of users may use such procedure from an installation ISO, i.e. there may not be a full random pool. In such case one might not want to use it up for something like a disk wipe, when it may be more important to have the best quality pool for other purposes. --Indigo (talk) 19:30, 29 March 2017 (UTC)
2.1 Prevent wiping mounted partitions
The example script has a fatal flaw. It tests the supplied argument to be a valid block device, but in parsing the lsblk output, it modifies the argument to set "NOT_safe". The comment then recommends sending the original unmodified argument to the wipe/shred/scrub command of your choice.
This works well if device names only include a partition number as the final characters and stripping those numerals results in the device name of the parent device. Ex: /dev/sda3 -> /dev/sda.
But with device names like /dev/nvme0n1p2, the parent device is /dev/nvme0n1. /dev/nvme0 also exists, but is not a block device. In this case, the value evaluated by lsblk it /dev/nvmenp, since the substitution strips all numerals. lsblk returns an error because the argument isn't a valid block device, but "NOT_safe" is still a null value and passes the test to start the wipe.
Unfortunately, I can't think of a foolproof way to obtain the parent device to check if any partitions are mounted. At the very least, we should test an unmodified argument. (For now, this is the approach I'm taking in my personal copy.)
While it would complicate the example script, we could continue to check all partitions, but for a functional script, we have to ensure the modified value is a valid block device before proceeding. If not, we could prompt the user to supply the parent device (and test that) before proceeding. Barthel (talk) 18:54, 3 August 2025 (UTC)