Secure data scrambler
.sh
appliance
Famous example rewritten in more secure way by passing random password using process substitution
function scramble {
# Famous example rewritten in more secure way by passing random password using a pipe
openssl enc -aes-256-ctr -pbkdf2 -nosalt \
-pass file:<(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64) \
</dev/zero 2>/dev/null \
| sudo dd status=progress iflag=fullblock bs=8M of=$1 oflag=direct
}
## Usage sample
# for (( i = 3 ; i ; i-- ))
# do
# scramble /dev/foo
# done
## Other auxiliaries
# sudo dd status=progress iflag=fullblock bs=8M if=/dev/zero of=/dev/foo oflag=direct
# sudo badblocks -b 512 -c 8192 -s -w /dev/foo
Notes
More on
-pbkdf2
: https://askubuntu.com/a/1126882.Why
iflag=fullblock
? – For the case whendd
’scount
is in use: https://unix.stackexchange.com/a/121868.Mind
2>/dev/null
s to suppressdd
’s output andopenssl
’s message on broken pipe (https://unix.stackexchange.com/a/248261).When direct I/O may fail: https://stackoverflow.com/questions/13115819/reasons-for-direct-io-failure.
PS. A nice thread on AES encryption modes https://stackoverflow.com/questions/1220751/how-to-choose-an-aes-encryption-mode-cbc-ecb-ctr-ocb-cfb.