Disk Erase, 2023 Edition

  • Tue 19 September 2023
  • misc

Still think that the DoD 7-pass random data erase is the gold standard?

That might have made sense years ago, back when there were wide guard bands between tracks on disks and tolerances were sloppy.

Here in the future, though, the tracks sometimes even overlap (ever hear of SMR?) and in any event the tolerances are super tight, which is how they fit 20 terabytes of data in a 3.5" hard drive.

Turns out that NIST hasn't suggested multi-pass since 2005. NIST SP800-88 gives the skinny, including cryptographic erase, solid state media, etc.

Long story short, a single pass is fine. This is how we do it on the Mac:

diskutil unmountdisk /dev/disk2 ; time diskutil secureErase 0 /dev/disk2 ; diskutil unmountdisk /dev/disk2

(assuming /dev/disk2 is what you want to actually erase, yaknow)