For that to work you have to trust the firmware. Overwriting with something random, saving what was fed and then cross-referencing that against the storage could work better, but there's still some non-zero chance that something you're looking for is in a buffer, unreachable part of the disk or the like.
Encrypting the hard drive and then removing the key has a better chance of rendering the data unusable.
But you can't see from the outside if the drive was wiped. How can I be sure that I do not mix up the to-be-wiped and the wiped drives with 99.999% accuracy? That I did not unplug the drive before the whipping was finished? It's much easier with physical destruction.
/dev/urandom is far better option. One problem is that writing a full drive of data can take long time vs chucking it into shredder. For example this[1] 22TB drive can do 260MB/s, meaning that doing one full disk write pass would take almost 24h.
In the olden days hard disks wrote data on spinning platters the size of dinner plates with heads the size of Sharpie markers, and the controllers were a Z80 microprocessor on a card with a few kB of ROM and maybe as much as 16kB of RAM.
Everything past those days though, the data is very thoroughly scrambled for spectral whitening before being written to disk so there's no practical difference between /dev/urandom and /dev/zero.
For an actual HDD, maybe that would work. For any solid state drive, it would definitely not work. SSDs and similar spread writes across pools of blocks for 'endurance', so a 1TB drive might actually have 2TB worth of flash on it.
A read/write head does not follow precisely the same path every time. It has a positioning error that makes subsequent reads/writes take place slightly offset from earlier ones.
With the proper equipment and expertise (and helped out by the error correction mechanisms), you can recover a substantial amount of data that has been "overwritten" on an existing track.
This is why "data shredding" applications erase the old data by overwriting it with random data multiple times. That increases the chances that one of those writes will also write over any older data that was shifted slightly to the side.
But that's no guarantee. This problem is why organizations that need an extreme level of security require the complete physical destruction of the platters when decommissioning.
I had to check with some experts on this that I know, to make sure that I wasn't talking nonsense.
I wasn't, exactly, but I also wasn't correct in the modern day. Retrieving erased information from hard drives like this was certainly a thing (a thing that I myself have seen done, so I know first-hand).
However, after hard drives moved beyond MFM it stopped really being possible.
So what I was saying isn't wrong, exactly, but certainly isn't relevant to today's hardware.
Okay, but how can you determine what the old value was, given that it's now a random value multiplied by a random value with yet another random value added on top?
> but how can you determine what the old value was, given that it's now a random value multiplied by a random value with yet another random value added on top?
It's an extremely difficult problem, and in the best case you won't get a complete copy of old data. That's why this isn't an avenue of attack that you're likely to ever encounter.
This is the sort of thing that would only be considered by very wealthy attackers (governments and corporations), and even then only if they're very certain that the drive contains data of unusually high value.
But it is possible, and has been done, to extract useful data that has been overwritten a single time with zeros.
While the second one relies on active attack hiding data for exfiltration, first poses statistically possible scenario where a sector containing sensitive data like password or part of mbox with "We are operating a fucking unlicensed securities exchange in the USA bro" becomes weak read (still fully completed, but slow) and gets remapped. Anyone with PC-3000 can recover this data.
There hasn't been a single public demonstration of this on a hard drive made after the 90s, nor any credible reports of private ones. So I wonder what your assertion is based on.
Falsehoods like this spreading through populations that consider themselves technically literate is one reason the NIST standard requires absolute destruction.
There are methods available that will allow recovery of second, third or even fourth generation data to be recovered from magnetic disks. Writing /dev/zero "over" an SSD won't necessarily accomplish what you expect either.
There is no way to recover it. If you know anything about how hard disks work, you'll see why.
There's this theoretical idea that you can get a kind of "latent image" of a mark or a space on the platter even if it's been overwritten, but hard disks haven't written things as literal north-to-south or south-to-north flips for 30 years or so. The data is written as changes of level and phase in a signal, and it's thoroughly scrambled to reduce the chances of a long run of patterns of all zeroes or all ones making the signal hard to recover.
Essentially, you'd be taking a list of floating point numbers, multiplying them all by another much smaller floating point number, adding on another floating point number, and trying to imagine what the original was.
It's not possible.
No, the NSA does not have a big magic machine that does it.
Encrypting the hard drive and then removing the key has a better chance of rendering the data unusable.