On Wed, Jan 08, 2020 at 12:53:15PM -0700, ghe wrote:
On 1/8/20 11:59 AM, Michael Stone wrote:
No, that's still an unnecesarily slow alternative
Hence the suggestion to run it overnight, while asleep. And, I suspect,
dd is plenty good enough to make the disk in a Mac Mini unreadable by a
Mac OS.
If you use /dev/zero you'll be limited by the speed of the disk. If you
use /dev/random you'll run probably under 1 megabyte per second (that
is, probably on the order of 100 times slower; unless your night is more
than a month long it won't be overnight on a modern disk). There are
also some gotchas involving block sizes, and verifying that everything
worked right and you didn't stumble over a gotcha is hard. /dev/urandom
is faster--depending on the speed of the computer you might get close to
100 megabytes per second these days--but it will still probably be a
bottleneck vs /dev/zero.
dd is certainly sufficient, but suggesting that someone use random data
is to suggest slowing things down without providing any advantage.
which will not improve
your security but will make verification harder. :)
In that case, dban or equivalent. Still overnight.
how does running another program change anything?
I don't know what verification is,
Verification is making sure that you actually did what you think you
did. Both overwriting with zeros and overwriting with random bytes
provide exactly the same level of security, but it's a lot harder to be
sure that you overwrote the entire disk with random bytes than it is to
be sure that you overwrote the disk with zeros. (In the latter case, you
merely need to ensure that there are no non-zero bytes; there's no
simple way to distinguish "random" from potentially sensitive data that
failed to get wiped from the disk.) Verification is helpful (for
example) to make sure that the overwrite didn't stop prematurely.
but a few passes from dban sure will improve security
no, it won't; one pass is sufficient.
