"security-erase" vs "s...

2011-02-13
2015-10-15
  • TinyApps.Org
    TinyApps.Org
    2011-02-13

    What is the difference between "security-erase" and "security-erase-enhanced"? The man page entries for the two switches are virtually identical:

    Erase (locked) drive, using password PWD (DANGEROUS). Password is given as an ASCII string and is padded with NULs to reach 32 bytes. The applicable drive password is selected with the --user-master switch.
    

    and

    Enhanced erase (locked) drive, using password PWD (DANGEROUS). Password is given as an ASCII string and is padded with NULs to reach 32 bytes. The applicable drive password is selected with the --user-master switch.
    
     
  • TinyApps.Org
    TinyApps.Org
    2011-02-13

    Just found the answer in the HDDerase.exe FAQ

    Q:  What is the difference between secure erase and enhanced secure erase?

    A:  Secure erase overwrites all user data areas with binary zeroes.  Enhanced
    secure erase writes predetermined data patterns (set by the manufacturer) to
    all user data areas, including sectors that are no longer in use due to
    reallocation. ***NOTE:  the enhanced secure erase option is not supported by
    all ATA drives.

     
  • Tom Yan
    Tom Yan
    2015-10-15

    I think the difference could be pretty vendor/device-specific. For example, in some SSD they seem to be doing exactly the same thing. In some others, which you may see that enhanced-erase takes shorter time than erase, enhanced-erase probably means a regeneration of some internal encryption key, while erase is more or less like a full disk trim.