Difference between DBAN and dd command to securely wipe a HDD

Posted on

QUESTION :

I have read about dd and see that it can be used to securely wipe a HDD. But there is also a program called DBAN to wipe the HDD as well.

I know that using a live gnu-linux ISO I can wipe my HDD by issuing following command several(say 25) times

sudo dd if=/dev/urandom of=/dev/sda# bs=4M

my question is what’s the difference between using dd and DBAN and can one claim that one of them is superior to the other and why?

thanks

ANSWER :

Using dd with (u)random will write random data (once), with no guarantees on how random that data might be.

DBAN, as a specialized drive wiping tool has a more sophisticated random number generator, and supports various wiping patterns, including a few that are compliant with DoD regulations for wiping sensitive data.

There is a huge difference:

  • With dd (any any other method to write to the drive with lots of data until it is full) you are overwriting old data with new data. Compare it to getting a pencil written notebook and filling all the pages with new text.
  • With the ‘secure erase yourself’ command used by DBAN (or other tools, such as via hdparm) you tell the drive to fully erase itself. You do not generate data and send it to the drive. The drive itself does all the work.

Leave a Reply

Your email address will not be published. Required fields are marked *