QUESTION :
I have read about dd and see that it can be used to securely wipe a HDD. But there is also a program called DBAN to wipe the HDD as well.
I know that using a live gnu-linux ISO I can wipe my HDD by issuing following command several(say 25) times
sudo dd if=/dev/urandom of=/dev/sda# bs=4M
my question is what’s the difference between using dd and DBAN and can one claim that one of them is superior to the other and why?
thanks
ANSWER :
Using dd with (u)random will write random data (once), with no guarantees on how random that data might be.
DBAN, as a specialized drive wiping tool has a more sophisticated random number generator, and supports various wiping patterns, including a few that are compliant with DoD regulations for wiping sensitive data.
There is a huge difference:
- With
dd(any any other method to write to the drive with lots of data until it is full) you are overwriting old data with new data. Compare it to getting a pencil written notebook and filling all the pages with new text. - With the ‘secure erase yourself’ command used by DBAN (or other tools, such as via hdparm) you tell the drive to fully erase itself. You do not generate data and send it to the drive. The drive itself does all the work.