When people ask on how to wipe a drive, it almost seems as if the default answer is DBAN and I am not really sure why. Especially when doing commands like
dd if=/dev/zero of=/dev/sda
dd if=/dev/urandom of=/dev/sda
dcfldd pattern="00" of=/dev/sda
dcfldd pattern="FF" of=/dev/sda
shred /dev/sda
wipe /dev/sda
cat /dev/sda | cat > /dev/sda
etc
All of these will do the exact same thing and using a tool like hdparm to execute a secure-erase command will be much better than all of the above. Given that it will also erase those blocks on the glist,
So what makes Dban so good and so recommended. Is there a technical reason why it is recommended? To me it seems like a waste of bandwidth and a blank cd.
The technical reason is it's much more straightforward. When trying to erase data, the last thing you want to do is make a mistake, which is far more likely with a series of commands than running a single program. You might target the wrong drive, or get distracted halfway through, or not perform the steps in the best order. With DBAN, you know for sure that all the drives connected to the machine will be securely erased.
I use it for all the reasons already stated, but I have one BIG additional one. My auditors KNOW what it is and have approved it for fulfilling the secure disposal requirement. Being able to say "We use DBAN" and the auditor going "Ok, lets move on" is worlds better than "I use this custom script" which would trigger, ok let me see it work, Explain each of these commands, wipe a disk and give to me to audit. That's 30 seconds compared to what could be hours and still the possibility of it not getting their ok.
I think mostly because dban actually gives you a GUI and progress bar. DD works, but for some people it could be nerve-wrecking to just type and not see anything happens, until it does. Technically speaking, I think dban has enough features to wipe a drive safely.
No idea. Most SATA disks have the ability to self-erase via the "secure erase" instruction. You just need a utility to invoke the command.
See the Center for Magnetic Recording Research page for more info.
I use DBAN for a simple reason. I tell it what to do and walk away. I don't have to keep coming back to check if command xyz completed and run the next one. Not to mention it will work on multiple disks at simultaneously. Sure I could script it, but why reinvent the wheel.
Quite simply, it works, works very well and is dead easy to use. No fiddling, no trying to remember commands or what the name of the script is or standing around while it does it's thing. Just boot from the CD, regardless of what OS is on the machine, or even if it doesn't have an OS, and run it. Answer a couple of questions and hit the go button.
Using dd with (u)random will write random data (once), with no guarantees on how random that data might be.
DBAN, as a specialized drive wiping tool has a more sophisticated random number generator, and supports various wiping patterns, including a few that are compliant with DoD regulations for wiping sensitive data.