On Wed, Jan 08, 2020 at 12:53:15PM -0700, ghe wrote:
On 1/8/20 11:59 AM, Michael Stone wrote:No, that's still an unnecesarily slow alternativeHence the suggestion to run it overnight, while asleep. And, I suspect, dd is plenty good enough to make the disk in a Mac Mini unreadable by a Mac OS.
If you use /dev/zero you'll be limited by the speed of the disk. If you use /dev/random you'll run probably under 1 megabyte per second (that is, probably on the order of 100 times slower; unless your night is more than a month long it won't be overnight on a modern disk). There are also some gotchas involving block sizes, and verifying that everything worked right and you didn't stumble over a gotcha is hard. /dev/urandom is faster--depending on the speed of the computer you might get close to 100 megabytes per second these days--but it will still probably be a bottleneck vs /dev/zero. dd is certainly sufficient, but suggesting that someone use random data is to suggest slowing things down without providing any advantage.
which will not improve your security but will make verification harder. :)In that case, dban or equivalent. Still overnight.
how does running another program change anything?
I don't know what verification is,
Verification is making sure that you actually did what you think you did. Both overwriting with zeros and overwriting with random bytes provide exactly the same level of security, but it's a lot harder to be sure that you overwrote the entire disk with random bytes than it is to be sure that you overwrote the disk with zeros. (In the latter case, you merely need to ensure that there are no non-zero bytes; there's no simple way to distinguish "random" from potentially sensitive data that failed to get wiped from the disk.) Verification is helpful (for example) to make sure that the overwrite didn't stop prematurely.
but a few passes from dban sure will improve security
no, it won't; one pass is sufficient.