Securely erase an external disk using dd on OSX

OSX Secure Disk Wipe.md

Securely erase an external disk using dd on OSX

1. Plug in your SD card, HDD, or other block device and then use the following command to see which /dev/diskN node it's located on:

diskutil list

2. Unmount the disk where “N� is the number of the disk taken from the above command:

diskutil unmountDisk /dev/diskN

If the above command was successful, you will see:

Unmount of all volumes on diskN was successful

3. Execute dd command as super user on disk where "N" is the number of the disk from step 1.

sudo dd if=/dev/urandom of=/dev/diskN bs=1000000

This will overwrite all partitions, master boot records, and data. Please note that this may take a while depending on the size of your disk and there is no progress indicator. However; If you want to check whether or not dd is working you can always use pv (Available on Homebrew) which will dump out the raw data being written to the disk.

sudo pv /dev/disk1

Note that on OS X you can also hit Ctrl+T to show the current process of dd

Thanks! I forgot about diskutil, fdisk wasn't working.

8GB USB took about 30 minutes to finish it.

Thank you!

thx

Thanks!

Thanks!

Also, you may be able to speed up the process by using rdisk.
sudo dd if=/dev/urandom of=/dev/rdiskN bs=1000000

Just what I was looking for - thank you.

Another potential speed up apart from specifying the blocksize bs and using rdisk would be to use /dev/zero as a source instead (zeros are generated faster than random numbers):
sudo dd if=/dev/zero of=/dev/rdiskN bs=1m

This is equivalent to sudo diskutil zeroDisk /dev/rdiskN. If you want true secure erase then use: sudo diskutil [0-4] secureErase /dev/rdiskN
The security levels are:

        0 - Single-pass zeros.
        1 - Single-pass random numbers.
        2 - US DoD 7-pass secure erase.
        3 - Gutmann algorithm 35-pass secure erase.
        4 - US DoE 3-pass secure erase.

This is equivalent to sudo diskutil zeroDisk /dev/rdiskN. If you want true secure erase then use: sudo diskutil [0-4] secureErase /dev/rdiskN

Nice solution, but the number must be put after the secureErase option.
sudo diskutil secureErase [0-4] /dev/rdiskN

8GB USB took about 30 minutes to finish it.

Thank you!

oh wait I have an HDD with 500GB

Nice solution, but the number must be put after the secureErase option.
sudo diskutil secureErase [0-4] /dev/rdiskN

Also note for anyone arriving here from google and such that the man pages state this method isn't considered safe by modern standards despite being called "secureErase".

From the diskutil man page:

NOTE: This kind of secure erase is no longer considered safe. Modern devices have wear-leveling, block-
sparing, and possibly-persistent cache hardware, which cannot be completely erased by these commands. The
modern solution for quickly and securely erasing your data is encryption. Strongly-encrypted data can be
instantly "erased" by destroying (or losing) the key (password), because this renders your data irretrievable
in practical terms. Consider using APFS encryption (FileVault).

Also note for anyone arriving here from google and such that the man pages state this method isn't considered safe by modern standards despite being called "secureErase".

From the diskutil man page:

NOTE: This kind of secure erase is no longer considered safe. Modern devices have wear-leveling, block-
sparing, and possibly-persistent cache hardware, which cannot be completely erased by these commands. The
modern solution for quickly and securely erasing your data is encryption. Strongly-encrypted data can be
instantly "erased" by destroying (or losing) the key (password), because this renders your data irretrievable
in practical terms. Consider using APFS encryption (FileVault).

This is still a good solution for use cases involving spinning-disk HDs, however. The manpage caveat applies to solid-state storage devices.