My goal is to overwrite a hard drive after a client project completes in order to secure their privacy.

My goal is to create a perl script that will write ZEROS to a text file until the file is around 2GB in size.

Which one is it? The latter isn't a means of achieving the first. Especially when it comes to security, don't reinvent the wheel. Use a disk-wiping program written by someone who knows what they're doing. (Even that might not be reliable for flash-based storage. But a good program should tell you that if it's the case.)

Disk wiping for security purposes almost certainly needs to interact with the disk on lower level than merely writing large files. As an example, the claimed "Mil-Spec security" provided by one vendor involved writing each of a set of byte patterns, in a particular order, to each sector of the disk. Multiple times, I think.

As with many other security considerations, what needs to be done will depend also on the tenacity and resources of the adversary. It's one thing to make sure somebody can't reconstruct a particular file using Norton Utilities, and another to keep the NSA from reading the disk by using data remnants from seeker head hysteresis.

Security also has limited resources. Using them wisely only limits the number of adversaries who can potentially access our data. I believe that all suggestions so far are in the spirit of making better use of available resources.
Bill

Agreed. I can use a "disk wiper" which we have, but they are slow and I was hoping for a quick simple method for overwriting data, especially when the drive is needed within a very short timespan. US DOD 5220 standards are not required here.Even linux's sudo shred command is slow with only a single zero pass. Thanks for the help, though.

What you have demonstrated is that you are ill-equipped to deal with issues of privacy or data security.

The recommended approach is to drop down to low-level. Issue a drive-erase command (there exist software to that purpose). Before reusing the drive, one ought to scan for badblocks and/or smart test. These operations take hours, possibly more that day with modern HDDs.

The best, most reliable way to provide security is to melt/shred/demagnetize the drive in industrial setting. You can substitute this process with a more affordable Hammer Method. That, too, may take hours to accomplish the objective but might be considered a good workout.

"What you have demonstrated is that you are ill-equipped to deal with issues of privacy or data security."

I won't stoop to returning insults or presuming facts not present. I am an admitted perl newbie. I came here for information, not insults from people who do not know me & have likely never met me. Thankfully, someone with both knowledge & common courtesy provided what I needed to know.

I felt the response was insulting too and disapprove of the tone and approach but the message was accurate and the follow-up message equally worth hearing. This kind of thing is extremely difficult to get right everywhere; if you aren’t an up-to-date expert, you are nearly guaranteed to get it wrong in some way. Even the experts sometimes get these things surprisingly wrong; e.g., http://crypto.stackexchange.com/questions/14487/can-someone-explain-the-ecb-penguin.

There was no insult. Perl may be outside your expertise (as you freely admit), but so is data security. (And it does no good to try to conceal this fact.)

Take any advice you can collect here with a grain of salt. This is not a forensics forum.

While Perl can do what you want, filling slack space with garbage files is not a sound media-wiping method, especially on Windows.

You mention that you often have Windows machines sitting idle. An idle Windows box can be temporarily converted into a Linux box using a live CD, then you could use dd or shred to overwrite the entire media.

For a modern hard disk, badblocks in write mode on the entire disk should be enough to scrub it clean, unless there are reallocated sectors. After running badblocks, use the smartctl command to list the SMART attributes and look for "Reallocated_Sector_Ct". If the raw value is zero, congratulations, your drive has not grown any bad sectors. Otherwise, the drive should probably not be trusted to actually hold data any longer and some of the data you want destroyed might be on a sector that the drive has remapped. Physical destruction of the entire drive is probably a good idea in this case, since it can no longer be trusted to hold data.

For an SSD, you need to consider the effects of wear-leveling and possibly data compression. In this case, multiple runs of dd if=/dev/urandom of=/dev/SSD should be enough to ensure that every block is overwritten at least once, but you should really use a special tool that issues a Secure Erase command to the drive. I have no experience with these.

A much better option is to use disk encryption, like LUKS/dmcrypt in Linux. If the entire contents of the drive are encrypted, you will only need to worry about destroying the key, which should be much easier, but you will lose the data if you lose the key before you are ready to destroy it.

There is a fundamental trade-off between confidentiality and availability. Consider how valuable having the data is to you and your clients, how valuable the privacy of that data is to you and your clients, and how valuable having that data would be to third-parties that you and your clients do not want to have it.

I forgot to include that I do not mind running two scripts if that is the easiest way to accomplish this. So running a script to create 512 text files & then running a second script that will write zeros across those 512 files is ok with me. I'm sure it could be a single script, but I'm not at the place where my perl skills can do that.

Just in the interest of "full disclosure.

Based on reading your replies in the thread, it sounds like you really don't need to securely wipe their data so why not just reformat the partitions?