Secure drive wipe

Last update: Dec 19, 2022

Overview

Lethe

A secure, free, cross-platform and open-source drive wiping utility.

Should work with any HDD, SSD (read limitations) and flash drives.

The usual methods for wiping (or sanitization) a drive, including those (allegedly) used by government agencies are based on destructive writes. In other words, on overwriting existing data with multiple layers of randomly generated data or some static pattern. This is basically what this tool does.

There are other similar applications around (including multiple built-in Linux tools). Most of them are proprietary, or slow, or non cross-platform, which was a requirement for me. So I wrote this application.

Features

Supports Windows (but not WSL), macOS and Linux.
Validates the data (reads back) to make sure all write commands were successful
Uses fast cryptographic random generator
Allows to override OS recommended block size for possibly faster operations
Tracks & skips bad blocks and other localized errors automatically (Experimental)

Limitations

For SSD, it's impossible to reliable wipe all the data because of the various optimizations performed by modern SSD controllers, namely wear leveling and compression. The best approach currently is to use multiple wiping rounds with random data. Later, a support for Secure Erase ATA commands may be added to make the process more reliable.
The maximum number of blocks per storage device is 2³², or 4,294,967,296. For example, using a block size of 1 MB the size of the storage can be up to 4096 TB.
The application hasn't even been tested on RAID storages, beware.

Current status

The initial active development phase is done. I have been using the application for some time for personal needs on all supported platforms. It does what it was designed to do. Didn't have to deal with forensics experts yet though. I still make some additions/changes occasionally, but there's no exact roadmap. I would love to learn about other people's experience with the application. Let me know if you have any issues!

Download

Current release: v0.5.0 Changelog

Download and unzip binaries for your OS:

Or install lethe from sources using latest Rust toolchain:

cargo install lethe

Usage

lethe is a CLI (command-line interface). Run it without parameters or use help command to dispay usage information.

lethe help

You can also use help command to get more information about any particular command.

lethe help wipe

Note that lethe operates on a low level and will require a root/administrator access (e.g. sudo) to work with any real drives.

Benchmarks

macOS

Tested on Macbook Pro 2015 with macOS 10.14.4 (Mojave) using a Sandisk 64G Flash Drive with USB 3.0 interface. OS recommended block size is 128k.

Zero fill

Command	Block size	Time taken (seconds)
`dd if=/dev/zero of=/dev/rdisk3 bs=131072`	128k	2667.21
`lethe wipe --scheme=zero --blocksize=128k --verify=no /dev/rdisk3`	128k	2725.77
`dd if=/dev/zero of=/dev/rdisk3 bs=1m`	1m	2134.99
`lethe wipe --scheme=zero --blocksize=1m --verify=no /dev/rdisk3`	1m	2129.61

Random fill

Command	Block size	Time taken (seconds)
`dd if=/dev/urandom of=/dev/rdisk3 bs=131072`	128k	4546.48
`lethe wipe --scheme=random --blocksize=128k --verify=no /dev/rdisk3`	128k	2758.11

License

Lethe is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Comments

How to wipe multiple external drives?

I've 3-4 external drives connected, When I initiate the wipe on 1 drive it starts wiping and when I start another process of LETHE and try to wipe the other drive it gives error "Unable to enumerate storage devices". How I can use it to wipe multiple drives? The -l (list) command also doesn't work. This is the error I get when I try to wipe the other drives if some are already in progress. Unable to enumerate storage devices. : Cannot open device \?\Volume{7e6adb17-0000-0000-0000-100000000000}.:

opened by shadowwalkersteam 4

How can I use this app on the Windows?

C:\Users\Administrator\Downloads\lethe.exe wipe --scheme=zero --blocksize=128k --verify=no E:

Error: Unknown device E:

opened by xmha97 2

Skip bad sectors
Experimental support for detecting/skipping bad blocks.

Short derived Device IDs.

More detailed information before and after wipe.

A "badblocks" inspired wiping scheme.
opened by Kostassoid 0
Verification failed
Hey Kosta,

i´ve used your nice tool to wipa a 1,8TB HDD Seagate on Windows 10 v20H2 (Biuld 19042.1586). The disk got filled randomly twice, but verification failed.

C:\WINDOWS\system32>cmd /K D:/downloads/lethe.exe wipe --blocksize=4k \Device\Harddisk1\Partition2
Wiping: Device \Device\Harddisk1\Partition2 Size 1.82TB Scheme Double random fill, 2 passes - random fill - random fill Block size 4.00KB Verification Last stage only Are you sure? (type 'yes' to confirm): yes Stage 1/2: Performing Random Fill ✔ Completed in 14 hours Stage 2/2: Performing Random Fill ✔ Completed in 9 hours Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds. Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds. Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds. Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds. Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds. Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds. Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds. Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! Retrying previous stage at 2000263573504 in 3 seconds. Stage 2/2: Performing Random Fill ✔ Completed in 0 seconds Stage 2/2: Verifying Random Fill ❌ FAILED! Verification failed! ❌ Unexpected error: Verification failed!
C:\WINDOWS\system32> C:\WINDOWS\system32>
bug windows
opened by Bofrostmann07 7
Request elevated privileges using application manifest

Currently the app will notify the user if the application is not running with elevated privileges. A better UX could be to actually request these privileges automatically using application manifests.

Sadly, rust does not currently support this. Relevant ticket in rust-lang: https://github.com/rust-lang/rfcs/issues/721

There's a way to workaround that: https://crates.io/crates/winres Should be simple enough to do for local builds. The potential challenge is the CI.
feature windows

opened by Kostassoid 0

Releases(v0.8.2)

v0.8.2(Sep 26, 2022)

Source code(tar.gz)
Source code(zip)
lethe-v0.8.2-aarch64-apple-darwin.tar.gz(1.05 MB)
lethe-v0.8.2-x86_64-apple-darwin.tar.gz(1.13 MB)
lethe-v0.8.2-x86_64-pc-windows-gnu.zip(1.32 MB)
lethe-v0.8.2-x86_64-unknown-linux-musl.tar.gz(1.46 MB)
v0.8.0(Sep 25, 2022)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.8.0-x86_64-unknown-linux-musl.tar.gz(1.43 MB)
v0.7.0(Jul 11, 2022)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.7.0-x86_64-apple-darwin.tar.gz(1.23 MB)
lethe-v0.7.0-x86_64-pc-windows-gnu.zip(1.75 MB)
lethe-v0.7.0-x86_64-unknown-linux-musl.tar.gz(1.71 MB)
v0.6.1(Nov 24, 2021)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.6.1-x86_64-apple-darwin.tar.gz(1.23 MB)
lethe-v0.6.1-x86_64-pc-windows-gnu.zip(1.76 MB)
lethe-v0.6.1-x86_64-unknown-linux-musl.tar.gz(1.64 MB)
v0.6.0(Aug 14, 2021)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.6.0-x86_64-apple-darwin.tar.gz(1.11 MB)
lethe-v0.6.0-x86_64-pc-windows-gnu.zip(1.60 MB)
lethe-v0.6.0-x86_64-unknown-linux-musl.tar.gz(1.58 MB)
v0.5.1(Apr 14, 2021)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.5.1-x86_64-apple-darwin.tar.gz(1.02 MB)
lethe-v0.5.1-x86_64-pc-windows-gnu.zip(1.60 MB)
lethe-v0.5.1-x86_64-unknown-linux-musl.tar.gz(1.59 MB)
v0.5.0(Dec 30, 2020)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.5.0-x86_64-apple-darwin.tar.gz(1.00 MB)
lethe-v0.5.0-x86_64-pc-windows-gnu.zip(1.61 MB)
lethe-v0.5.0-x86_64-unknown-linux-musl.tar.gz(1.58 MB)
v0.4.0(Jun 10, 2020)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.4.0-x86_64-apple-darwin.tar.gz(1006.50 KB)
lethe-v0.4.0-x86_64-pc-windows-gnu.zip(1.32 MB)
lethe-v0.4.0-x86_64-unknown-linux-musl.tar.gz(1.38 MB)
v0.3.3(Jun 7, 2020)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.3.3-x86_64-apple-darwin.tar.gz(1000.64 KB)
lethe-v0.3.3-x86_64-pc-windows-gnu.zip(1.32 MB)
lethe-v0.3.3-x86_64-unknown-linux-musl.tar.gz(1.38 MB)
v0.3.2(Jun 7, 2020)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.3.2-x86_64-apple-darwin.tar.gz(1004.00 KB)
lethe-v0.3.2-x86_64-pc-windows-gnu.exe(949.88 KB)
lethe-v0.3.2-x86_64-unknown-linux-musl.tar.gz(1.38 MB)
v0.3.0(Jun 6, 2020)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.3.0-x86_64-apple-darwin(2.58 MB)
lethe-v0.3.0-x86_64-pc-windows-gnu.exe(3.92 MB)
lethe-v0.3.0-x86_64-unknown-linux-musl(3.92 MB)
v0.2.2(Sep 23, 2019)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.2.2-x86_64-apple-darwin.tar.gz(893.33 KB)
lethe-v0.2.2-x86_64-unknown-linux-musl.tar.gz(1.12 MB)
v0.2.1(Sep 23, 2019)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.2.1-x86_64-apple-darwin.tar.gz(896.20 KB)
lethe-v0.2.1-x86_64-unknown-linux-musl.tar.gz(1.12 MB)
v0.2.0(Sep 16, 2019)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.2.0-x86_64-apple-darwin.tar.gz(896.30 KB)
lethe-v0.2.0-x86_64-unknown-linux-musl.tar.gz(1.13 MB)
v0.1.5(Sep 11, 2019)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.1.5-x86_64-apple-darwin.tar.gz(883.41 KB)
lethe-v0.1.5-x86_64-unknown-linux-musl.tar.gz(1.12 MB)
v0.1.4(Sep 11, 2019)

null
Source code(tar.gz)
Source code(zip)
lethe-v0.1.4-x86_64-apple-darwin.tar.gz(880.88 KB)
lethe-v0.1.4-x86_64-unknown-linux-musl.tar.gz(1.12 MB)

Owner

Konstantin Alexandroff

GitHub

Secure transport for running MPC protocols backed by Signal

MPC over Signal Overview This library provides a high-level interface for connecting to Signal Server and using it to exchange messages with other con

42 Jan 4, 2023

Secure sandboxing system for untrusted code execution

Godbox Secure sandboxing system for untrusted code execution. It uses isolate which uses specific functionnalities of the Linux kernel, thus godbox no

19 Dec 14, 2022

Cross-platform Secure TUI Secret Locker

SafeCloset keeps your secrets in password protected files. SafeCloset is designed to be convenient and avoid common weaknesses like external editing or temporary files written on disk.

63 Dec 26, 2022

Secure and fast microVMs for serverless computing.

Our mission is to enable secure, multi-tenant, minimal-overhead execution of container and function workloads. Read more about the Firecracker Charter

20.3k Jan 1, 2023

Secure storage for cryptographic secrets in Rust

secrets secrets is a library to help Rust programmers safely held cryptographic secrets in memory. It is mostly an ergonomic wrapper around the memory

165 Dec 22, 2022

Use Touch ID / Secure Enclave for SSH Authentication!

SeKey About SeKey is a SSH Agent that allow users to authenticate to UNIX/Linux SSH servers using the Secure Enclave How it Works? The Secure Enclave

2.3k Dec 26, 2022

Cyg will help you to secure files in your repository directly using PGP encryption

cyg: Secure files in your repository Cyg will help you to secure files in your repository directly using PGP encryption. The name "cyg" was inspired b

2 Aug 31, 2022

Wipe your terminal with a random animation.

Wipe Wipe your terminal with a smooth animation. This is the perfect program for you, if you like clear but want to add an unnecessary animation. Down

3 Nov 23, 2022

shavee is a Program to automatically decrypt and mount ZFS datasets using Yubikey HMAC as 2FA or any USB drive with support for PAM to auto mount home directories.

shavee is a simple program to decrypt and mount encrypted ZFS user home directories at login using Yubikey HMAC or a Simple USB drive as 2FA written in rust.

38 Dec 24, 2022

A TUI to quickly find files in your Google Drive

21 Nov 18, 2022

A commmand line tool for uploading homework coded on the dcloud server onto specific google drive course folders.

2 Sep 8, 2022

A simple and fast FRC autonomous path planner (designed for swerve drive)! (Desktop/Laptop only)

This is a website developed for planning autonomous paths for FRC robots. It is intended to be a simple and fast tool to create autos, which works offline at competitions.

2 Jan 6, 2023

Polydrive an experimental open source alternative to Google Drive

Polydrive is an experimental open source alternative to Google Drive. It allows users to synchronize their files on multiple devices.

3 Apr 20, 2022

A CLI tool to drive test-driven Rust workshops

wr A Rust workshop runner wr is a CLI to drive test-driven workshops written in Rust. It is designed to be used in conjunction with a workshop reposit

7 Oct 16, 2023

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

1.6k Dec 30, 2022

Secure drive wipe

Related tags

Overview

Lethe

Features

Limitations

Current status

Download

Usage

Benchmarks

macOS

License

Comments

How to wipe multiple external drives?

How can I use this app on the Windows?

Skip bad sectors

Verification failed

Request elevated privileges using application manifest

Releases(v0.8.2)

v0.8.2(Sep 26, 2022)

v0.8.0(Sep 25, 2022)

v0.7.0(Jul 11, 2022)

v0.6.1(Nov 24, 2021)

v0.6.0(Aug 14, 2021)

v0.5.1(Apr 14, 2021)

v0.5.0(Dec 30, 2020)

v0.4.0(Jun 10, 2020)

v0.3.3(Jun 7, 2020)

v0.3.2(Jun 7, 2020)

v0.3.0(Jun 6, 2020)

v0.2.2(Sep 23, 2019)

v0.2.1(Sep 23, 2019)

v0.2.0(Sep 16, 2019)

v0.1.5(Sep 11, 2019)

v0.1.4(Sep 11, 2019)