On 10/08/10 23:09, Wayne Stallwood wrote:
Do any of the drive manufacturers warranty the performance of the secure erase feature then...seems unlikely.
Maybe not, but rightly or wrongly it's easier to have someone "trust" Seagate than some bloke called Darik!
So if Seagate can ship drives with a bug as massive as that in their primary function. What are the chances that a little used and sparsely documented feature is checked heavily in QA before firmware builds are signed off ?
Not great, I agree!
DBAN cannot afford to imply any warranty I doubt that statement is any reflection of known flaws in the software, more likely that their lawyer made them put it in.
Agreed, and there'll be similar terms in the warranties of the hard drive manufacturers, I am sure. But Darik doesn't hide them the way a commercial organisation does!
DBAN is likely better in many regards - it is open source and open to scrutiny, it's well established and well used, it's the one you'd attack if you wanted to prove you could defeat something and nobody has. If it was my own data and I was seriously worried about it, I'd DBAN rather than secure erase (and maybe do both). That said I have nothing that /dev/random wouldn't suffice for.
If I can find the right hardware and make all this work, I'd probably DBAN *and* secure erase, on the understanding that secure erase is fast enough to make this a viable option (and from looking at it, the most likely way to make it work is via E-SATA and not plugging the drive in until after the PC has booted, which means I could swap through multiple disks without rebooting if I wanted to, and could even do it from my desktop given that the BIOS has locked the commands out from my own master drive).
As an aside, though:
How secure would you consider wiping a single partition with /dev/random, compared with wiping the whole disk? The reason I ask is that in many cases the idea is to wipe the disk and then re-install the OS, and if the disk has a hidden recovery partition on it then that is by far the best way to restore the OS. Securely wiping the main partition(s) then re-installing would be the quickest way to achieve this, wouldn't it?