11

I heard that a disk is reusable just after being wiped with DBAN. Just to make sure, is this true? Will I be able to use it again just as easily if I ran the autonuke command on it?

I don't care about my files because they're all backed up, but I want to make sure I can reuse my HDD because I'm not interested in having to buy another one for a stupid mistake.

Cheers.

GPWR
  • 441
  • 3
  • 17
  • 7
    The only caution I'd give is check your SMART stats to ensure the disk is healthy, and check it again after running DBAN to ensure the numbers are more or less the same (especially current pending and reallocated sectors, raw read errors, etc). DBAN will really exercise the disk, and if its teetering on the edge, it may push the disk over the cliff into failure. – Frank Thomas Dec 07 '21 at 19:38
  • 1
    If for secure data destruction you should use one of DBAN's competitors (e.g. hammer, drill, pool of lava, launching into the sun) then, yes, the drive will be unusable. – Lance U. Matthews Dec 08 '21 at 09:54
  • List of programs, for sale, that can damage a working, non-teetering on the edge, HDD? I think there's viruses that can but no one sells that. – Mazura Dec 09 '21 at 02:22
  • 1
    If you're planning to re-use it, you don't necessarily need to put extra effort into wiping it; even Windows "full format" (one pass of zeroes) might be sufficient. DBAN is for people who have hostile intelligence services going through their trash. – pjc50 Dec 09 '21 at 09:53

5 Answers5

40

DBAN will make the data unusable. You should still be able to partition and format the drive to use it again.

DBAN might, on a drive that is already very close to failure, provoke the final death throes and make a drive completely unusable, but that drive would have to have been pretty much nearly dead already.

Mokubai
  • 89,133
  • 25
  • 207
  • 233
  • 1
    Thank you so much for your answer. Will stopping DBAN during the operation cause any problems if I just want to format the disk, finally? It's taking a preeeety long time to run, and I might just borrow my brother's computer to format my drive and get it done before the next hundred million years (indeed the "time remaining" has just been increasing for the past three hours.) Thank you again for your answer. – GPWR Dec 07 '21 at 22:46
  • 3
    Cancelling that wipe should just result in a partially empty disk. You will have wiped the partition table already so you'll just be needing to partition it as part of installing your operating system – Mokubai Dec 07 '21 at 23:19
  • 1
    Great to know. Thank you so much for taking the time to answer my questions. It's really appreciated. Peace. – GPWR Dec 08 '21 at 00:07
  • 4
    @G-Power For future reference, unless you are expecting to deal with a state-level actor as a potential attacker, you can skip all the fancy disk wiping options and just fill the whole disk with zeroes or with random data (random data is preferrable if you plan to use full-disk encryption when reusing the drive). Recovering anything from a drive that’s been zeroed out is functionally impossible without exceedingly expensive equipment and rare expertise. – Austin Hemmelgarn Dec 08 '21 at 12:53
  • 24
    _"DBAN might ... provoke the final death ... but that drive would have to have been pretty much nearly dead already."_ - And honestly, I'd call that a feature. If a drive is about to die, I'd rather have it fail during a wipe than 2 weeks later when it holds actual data ;) – marcelm Dec 08 '21 at 13:20
  • 3
    If the disk is partitioned using GPT, there's a backup partition table at the end as well. Unless DBAN nukes both the primary and backup GPT first before erasing the rest of the drive, cancelling the wipe mid-way might leave a perfectly valid GPT on the drive. – TooTea Dec 08 '21 at 14:33
  • *indeed the "time remaining" has just been increasing for the past three hours* That is a classic indication (but not a guarantee) of hard drive problems, such as an increasing number of bad sectors. – manassehkatz-Moving 2 Codidact Dec 08 '21 at 17:43
  • There were some early disc drives where firmware and/or configuration data was stored in an unprotected area and could be accidentally wiped, but I've not heard of that for a long time. On the other hand, it's likely that a pure software "security erase" /won't/ wipe areas which have been relocated by the drive firmware due to bit errors: the only way to be sure a disc's wiped is by use of a very big hammer. – Mark Morgan Lloyd Dec 08 '21 at 18:55
  • @TooTea In theory this is true, but in practice I have yet to encounter a platform that will accept the backup GPT at the end of the disk as valid unless it sees some other indication that GPT is being used for partitioning the disk (such as a protective MBR, or an obviously present but obviously broken primary table at the start of the disk). – Austin Hemmelgarn Dec 08 '21 at 20:10
  • @AustinHemmelgarn Fair point, I'm not saying you will be able to mount the partitions as usual or boot from them, but it's fairly likely that whatever partitioning tool you use afterwards to partition the disk will notice the backup GPT. (At least common Linux tools do.) – TooTea Dec 08 '21 at 20:14
  • @marcelm Yes. When you next format the disk or partition you are writing to it the most critical parts of the filesystem metadata. It's nice to know that all the blocks it might write to, have been thoroughly tested recently! – nigel222 Dec 10 '21 at 09:53
15

By design DBAN is supposed to destroy the data, not the drive.

However, some of the more overzealous erasure modes of DBAN overwrite every single bit on the drive multiple times with multiple different values. For example, the "gutmann" mode will do 35(!) overwrites of every single bit. This kind of abuse is not how drives are usually used and can reduce the lifetime of the disk considerably.

And you probably don't need to do that anyway. For most scenarios, a single overwrite with zeroes ("quick" mode) is more than enough. That is all that is needed to make sure that no data can be restored via software methods.

More overwrites are only required to foil forensic methods which go for the hardware. For example, if you believe that someone might go so far as to disassembles your drive in a lab and examine it with an electron microscope cell-by-cell. Which is far too impractical and unreliable for anyone who doesn't expect to find some very important data on your drive (matter of national security, millions of bitcoins, etc). And if you indeed face adversaries which are able and willing to invest that many resources into restoring data from your hard drive, then 3 overwrites with random data ("dodshort") should suffice to foil their dastardly plan of villainy.

Philipp
  • 719
  • 1
  • 4
  • 16
  • 7
    It should be noted that Gutmann himself said that the 35 passes are pointless and that you only need the passes for your drives encoding technology. Or, to quote the man himself: *"For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now."* – MechMK1 Dec 08 '21 at 16:04
  • 3
    @MechMK1, this is also supported by research on real-world modern magnetic HDDs indicates that data is (almost) certainly unrecoverable after a single overwrite. at a bit-by-bit level, the margin of error for inferring overwritten values is too high for any meaningful length of bits. – Frank Thomas Dec 08 '21 at 18:01
  • 1
    @FrankThomas: That may depend upon how closely packed the tracks are, and how head positioning is affected by temperature. On some really old drives, it may be that no number of writes when the drive is warm will ever completely overwrite data that was written when it is cold. – supercat Dec 08 '21 at 23:34
  • 1
    @supercat: but reusing such old drives isn't economical anyway. DBAN makes sense for drives that are still economically valuable, while also holding data that isn't too sensitive. If either condition is not satisfied, you safely dispose of the disk instead of reusing it. That's why I don't really agree with the "3 overwrites"- any data that would warrant such a level of safety would also justify the expense for a new drive. – MSalters Dec 09 '21 at 16:05
  • 1
    @MSalters: If one were interested in drives purely from a modern functionality perspective, that would be true. If, however, one wants to sell an old drive to someone who would want to use it with a vintage computer, and the drive has information on it that would still be considered sensitive after all these years, then one should be aware that the purchasers might be able to recover old data if they really wanted to [some purchasers might want to try to recover old data as an experiment, but recovery of such old data, even if successful, would be unlikely to harm the seller] – supercat Dec 09 '21 at 17:46
  • If you have adversaries like that, then open the drive, take out the platters and thoroughly destroy them with a sledgehammer. After that take the remains and put them in random garbage dumpsters throughout a wide area. Now you're safe. – Vilx- Dec 09 '21 at 23:33
  • @MSalters I agree fully. The formula is quite simple: `(Damage if data is disclosed * likelihood of disclosure) > (Cost of new drive)` – MechMK1 Dec 10 '21 at 15:02
  • This part is bullshit: “can reduce the lifetime of the disk considerably”. Many companies such as Google have published papers comparing idle time vs life expectancy and seen no correlation. Personally I’ve got drives running at ~100% RW utilization in servers for years and they last just as long as disks that are accessed a couple of times per day. And no, I’m not stupid enough to buy “enterprise” HDDs for my servers so that’s not why those disks haven’t failed. – Navin Jan 02 '22 at 13:42
9

Unless you're worried about a future owner of the drive being able to access your old data, you don't need to nuke it at all.
Just reformat if it's still for your own use.

Tetsujin
  • 47,296
  • 8
  • 108
  • 135
  • 1
    Unless you just plan to store the drive in a closet for indefinite period of time - in that case wipe it just in case, you likely won’t remember to do it later when you dispose it. – vhu Dec 08 '21 at 07:15
  • tbh, & having just done it for 30 old drives going to recycle, it's easier to remember to wipe them all at once before disposal. YMMV but I just stacked them from one pile into another as I went through the whole lot. – Tetsujin Dec 08 '21 at 10:20
1

It doesn't destroy the drive, but it does cause unnecessary wear, take a long time, and waste CPU cycles and energy.

Your drive already has the in-built ability to permanently wipe all data: ATA Secure Erase.

There are a lot of ways to issue this command.  Google "PArted MAgic" (not sure but you might have to pay for that now).

Try this: GParted Live on USB:

... download and install Unetbootin on your MS Windows computer.  Download the GParted Live iso file.  From Windows, run the Unetbootin program and follow the instructions in the GUI to install GParted Live on your USB flash drive.

then Advanced: Erasing SATA Drives by using the Linux hdparm Utility - GROK Knowledge Base:
[See the linked article for screenshots.]

How to Issue the Secure Erase Command

  1. Download and burn a Linux LiveCD that includes the hdparm utility.  CentOS 6.3 LiveCD DOES contain hdparm, however the Fedora 17 LiveCD DOES NOT, so your mileage will vary.

  2. Attach the drive(s) to be erased and boot the computer up from the Linux LiveCD, and get to a root shell.  All commands from now on will be issued as root.

  3. Find the name of the drive(s) that you want to wipe by using the fdisk command:

    fdisk -l

    NOTE: For this example, we will be using /dev/sda.

  4. Check to see if the drive is frozen:

    hdparm -I /dev/sda

    NOTE: The drive is frozen, it supports Enhanced Security Erasing, and the estimated completion time is 50 minutes.

  5. Since the drive in this example is frozen, we need to unfreeze it but putting the computer to sleep with the command below. Skip this step if your drive is not frozen.

    echo -n mem > /sys/power/state

  6. After letting the computer sleep for a few seconds, wake it up and check to see if the drive is no longer in frozen state by issuing the command:

    hdparm -I /dev/sda

    NOTE: The drive is no longer in frozen state.

  7. Repeat steps 5 and 6 if the drive is still frozen. Otherwise, set a temporary password "p" in order to issue the secure erase command:

    hdparm --user-master u --security-set-pass p /dev/sda

  8. Check to see if the password is set correctly and that security is now enabled:

    hdparm -I /dev/sda

  9. Erase the drive:

    If the drive DOES support Enhanced Security Erase:

    hdparm --user-master u --security-erase-enhanced p /dev/sda

    If NOT:

    hdparm --user-master u --security-erase p /dev/sda

Warning:  ALL data on the drive will be erased and will not be recoverable.  Please backup all necessary data ahead of time.

  1. After waiting at least the estimated amount of time as shown by hdparm output (step 4), check to see if the security erase command is finished.
   hdparm -I /dev/sda
  1. We recommend verifying that secure erase actually worked by reading the first few MBs of the disk.
   dd if=/dev/sda bs=1M count=5
    If dd outputs nothing to the screen, it's reasonably safe to assume that the disk has been wiped. *Note: If enhanced security was chosen, there may be a randomized output.
Scott - Слава Україні
  • 21,399
  • 46
  • 64
  • 121
Ne Mo
  • 725
  • 1
  • 7
  • 19
  • 1
    Um. It occurs to me that if you really want data security, it's a bad idea to leave it entirely up to the drive's firmware (which might have been subverted). Of course it might have been up to no good during normal operation, but if you explicitly write and read back every block multiple times with random data it's harder for firmware-malware to be deceptive. – nigel222 Dec 10 '21 at 10:02
  • Is there a documented case of a drive's firmware being compromised? Genuine question - I would think no, but always willing to learn. – Ne Mo Dec 10 '21 at 22:49
  • 2
    @NeMo https://www.kaspersky.com/blog/equation-hdd-malware/7623/ but organizations considering that risk probably just grind their obsolete drives. – Martheen Dec 11 '21 at 03:40
  • Ha! Yeah if you're that worried smash the hard drive and go on the run. – Ne Mo Dec 15 '21 at 14:54
-1

It destroys the data, not the drive.

Bib
  • 1,175
  • 1
  • 6
  • 8