Secure drive wipe

Overview

Lethe

Build Status

A secure, free, cross-platform and open-source drive wiping utility.

Should work with any HDD, SSD (read limitations) and flash drives.

The usual methods for wiping (or sanitization) a drive, including those (allegedly) used by government agencies are based on destructive writes. In other words, on overwriting existing data with multiple layers of randomly generated data or some static pattern. This is basically what this tool does.

There are other similar applications around (including multiple built-in Linux tools). Most of them are proprietary, or slow, or non cross-platform, which was a requirement for me. So I wrote this application.

Features

  • Supports Windows (but not WSL), macOS and Linux.
  • Validates the data (reads back) to make sure all write commands were successful
  • Uses fast cryptographic random generator
  • Allows to override OS recommended block size for possibly faster operations
  • Tracks & skips bad blocks and other localized errors automatically (Experimental)

Limitations

  • For SSD, it's impossible to reliable wipe all the data because of the various optimizations performed by modern SSD controllers, namely wear leveling and compression. The best approach currently is to use multiple wiping rounds with random data. Later, a support for Secure Erase ATA commands may be added to make the process more reliable.
  • The maximum number of blocks per storage device is 232, or 4,294,967,296. For example, using a block size of 1 MB the size of the storage can be up to 4096 TB.
  • The application hasn't even been tested on RAID storages, beware.

Current status

The initial active development phase is done. I have been using the application for some time for personal needs on all supported platforms. It does what it was designed to do. Didn't have to deal with forensics experts yet though. I still make some additions/changes occasionally, but there's no exact roadmap. I would love to learn about other people's experience with the application. Let me know if you have any issues!

Download

Current release: v0.5.0 Changelog

Download and unzip binaries for your OS:

Or install lethe from sources using latest Rust toolchain:

cargo install lethe

Usage

lethe is a CLI (command-line interface). Run it without parameters or use help command to dispay usage information.

lethe help

You can also use help command to get more information about any particular command.

lethe help wipe

Note that lethe operates on a low level and will require a root/administrator access (e.g. sudo) to work with any real drives.

Benchmarks

macOS

Tested on Macbook Pro 2015 with macOS 10.14.4 (Mojave) using a Sandisk 64G Flash Drive with USB 3.0 interface. OS recommended block size is 128k.

Zero fill

Command Block size Time taken (seconds)
dd if=/dev/zero of=/dev/rdisk3 bs=131072 128k 2667.21
lethe wipe --scheme=zero --blocksize=128k --verify=no /dev/rdisk3 128k 2725.77
dd if=/dev/zero of=/dev/rdisk3 bs=1m 1m 2134.99
lethe wipe --scheme=zero --blocksize=1m --verify=no /dev/rdisk3 1m 2129.61

Random fill

Command Block size Time taken (seconds)
dd if=/dev/urandom of=/dev/rdisk3 bs=131072 128k 4546.48
lethe wipe --scheme=random --blocksize=128k --verify=no /dev/rdisk3 128k 2758.11

License

Lethe is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Comments
  • How to wipe multiple external drives?

    How to wipe multiple external drives?

    I've 3-4 external drives connected, When I initiate the wipe on 1 drive it starts wiping and when I start another process of LETHE and try to wipe the other drive it gives error "Unable to enumerate storage devices". How I can use it to wipe multiple drives? The -l (list) command also doesn't work. This is the error I get when I try to wipe the other drives if some are already in progress. Unable to enumerate storage devices. : Cannot open device \?\Volume{7e6adb17-0000-0000-0000-100000000000}.:

    opened by shadowwalkersteam 4
  • How can I use this app on the Windows?

    How can I use this app on the Windows?

    How can I use this app on the Windows?

    C:\Users\Administrator\Downloads\lethe.exe wipe --scheme=zero --blocksize=128k --verify=no E:
    
    Error: Unknown device E:
    

    image

    opened by xmha97 2
  • Skip bad sectors

    Skip bad sectors

    • Experimental support for detecting/skipping bad blocks.
    • Short derived Device IDs.
    • More detailed information before and after wipe.
    • A "badblocks" inspired wiping scheme.
    opened by Kostassoid 0
  • Verification failed

    Verification failed

    Hey Kosta,

    i´ve used your nice tool to wipa a 1,8TB HDD Seagate on Windows 10 v20H2 (Biuld 19042.1586). The disk got filled randomly twice, but verification failed.

    C:\WINDOWS\system32>cmd /K D:/downloads/lethe.exe wipe --blocksize=4k \Device\Harddisk1\Partition2

    Wiping:

    Device           \Device\Harddisk1\Partition2  
    
    Size             1.82TB  
    
    Scheme           Double random fill, 2 passes  
    
                     - random fill
    
                     - random fill
    
    Block size       4.00KB
    
    Verification     Last stage only
    

    Are you sure? (type 'yes' to confirm): yes

    Stage 1/2: Performing Random Fill ✔ Completed in 14 hours

    Stage 2/2: Performing Random Fill ✔ Completed in 9 hours

    Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds.

    Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds

    Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds.

    Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds

    Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds.

    Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds

    Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds.

    Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds

    Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds.

    Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds

    Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds.

    Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds

    Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds.

    Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds

    Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds.

    Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds

    Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! ❌ Unexpected error: Verification failed!

    C:\WINDOWS\system32> C:\WINDOWS\system32>

    bug windows 
    opened by Bofrostmann07 7
  • Request elevated privileges using application manifest

    Request elevated privileges using application manifest

    Currently the app will notify the user if the application is not running with elevated privileges. A better UX could be to actually request these privileges automatically using application manifests.

    Sadly, rust does not currently support this. Relevant ticket in rust-lang: https://github.com/rust-lang/rfcs/issues/721

    There's a way to workaround that: https://crates.io/crates/winres Should be simple enough to do for local builds. The potential challenge is the CI.

    feature windows 
    opened by Kostassoid 0
Releases(v0.8.2)
Owner
Konstantin Alexandroff
Konstantin Alexandroff
Secure transport for running MPC protocols backed by Signal

MPC over Signal Overview This library provides a high-level interface for connecting to Signal Server and using it to exchange messages with other con

[ZenGo X] 42 Jan 4, 2023
Secure sandboxing system for untrusted code execution

Godbox Secure sandboxing system for untrusted code execution. It uses isolate which uses specific functionnalities of the Linux kernel, thus godbox no

Nathanael Demacon 19 Dec 14, 2022
Cross-platform Secure TUI Secret Locker

SafeCloset keeps your secrets in password protected files. SafeCloset is designed to be convenient and avoid common weaknesses like external editing or temporary files written on disk.

Canop 63 Dec 26, 2022
Secure and fast microVMs for serverless computing.

Our mission is to enable secure, multi-tenant, minimal-overhead execution of container and function workloads. Read more about the Firecracker Charter

firecracker-microvm 20.3k Jan 1, 2023
Secure storage for cryptographic secrets in Rust

secrets secrets is a library to help Rust programmers safely held cryptographic secrets in memory. It is mostly an ergonomic wrapper around the memory

Stephen Touset 165 Dec 22, 2022
Use Touch ID / Secure Enclave for SSH Authentication!

SeKey About SeKey is a SSH Agent that allow users to authenticate to UNIX/Linux SSH servers using the Secure Enclave How it Works? The Secure Enclave

SeKey 2.3k Dec 26, 2022
Cyg will help you to secure files in your repository directly using PGP encryption

cyg: Secure files in your repository Cyg will help you to secure files in your repository directly using PGP encryption. The name "cyg" was inspired b

Hisam Fahri 2 Aug 31, 2022
Wipe your terminal with a random animation.

Wipe Wipe your terminal with a smooth animation. This is the perfect program for you, if you like clear but want to add an unnecessary animation. Down

Rico Riedel 3 Nov 23, 2022
shavee is a Program to automatically decrypt and mount ZFS datasets using Yubikey HMAC as 2FA or any USB drive with support for PAM to auto mount home directories.

shavee is a simple program to decrypt and mount encrypted ZFS user home directories at login using Yubikey HMAC or a Simple USB drive as 2FA written in rust.

Ashutosh Verma 38 Dec 24, 2022
A TUI to quickly find files in your Google Drive

A TUI to quickly find files in your Google Drive

David Somers 21 Nov 18, 2022
A commmand line tool for uploading homework coded on the dcloud server onto specific google drive course folders.

A commmand line tool for uploading homework coded on the dcloud server onto specific google drive course folders.

Daniel Kogan 2 Sep 8, 2022
A simple and fast FRC autonomous path planner (designed for swerve drive)! (Desktop/Laptop only)

This is a website developed for planning autonomous paths for FRC robots. It is intended to be a simple and fast tool to create autos, which works offline at competitions.

Weaver Goldman 2 Jan 6, 2023
Polydrive an experimental open source alternative to Google Drive

Polydrive is an experimental open source alternative to Google Drive. It allows users to synchronize their files on multiple devices.

null 3 Apr 20, 2022
A CLI tool to drive test-driven Rust workshops

wr A Rust workshop runner wr is a CLI to drive test-driven workshops written in Rust. It is designed to be used in conjunction with a workshop reposit

Mainmatter 7 Oct 16, 2023
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Dec 30, 2022
ARM TrustZone-M example application in Rust, both secure world side and non-secure world side

ARM TrustZone-M example application in Rust, both secure world side and non-secure world side; projects are modified from generated result of cortex-m-quickstart.

null 44 Dec 4, 2022
User-friendly secure computation engine based on secure multi-party computation

CipherCore If you have any questions, or, more generally, would like to discuss CipherCore, please join the Slack community. See a vastly extended ver

CipherMode Labs 356 Jan 5, 2023
A secure JavaScript and TypeScript runtime

Deno Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Features Secure by default. No file,

Deno Land 87.1k Jan 5, 2023
Skybase is an extremely fast, secure and reliable real-time NoSQL database with automated snapshots and SSL

Skybase The next-generation NoSQL database What is Skybase? Skybase (or SkybaseDB/SDB) is an effort to provide the best of key/value stores, document

Skybase 1.4k Dec 29, 2022
A secure embedded operating system for microcontrollers

Tock is an embedded operating system designed for running multiple concurrent, mutually distrustful applications on Cortex-M and RISC-V based embedded

Tock Embedded OS 4.1k Jan 5, 2023