Every data erasure tool lists a menu of wiping methods, and most people have no idea which one to pick. DoD 5220.22-M? Gutmann 35-pass? NIST Clear? The names sound important, but some of these methods are decades obsolete, others only work on specific drive types, and a few are outright pointless on modern hardware. This chart breaks down every major erasure method side by side so you can pick the right one and stop wasting hours on unnecessary passes.
Key Takeaways:
- A single overwrite pass is sufficient for modern HDDs — multi-pass methods like DoD 5220.22-M and Gutmann add time without improving security
- Overwrite-based methods do not work reliably on SSDs due to wear leveling and over-provisioning
- SSDs require firmware-level commands (ATA Secure Erase, NVMe Sanitize) rather than software overwriting
- Crypto Erase is the fastest method available and is valid for NIST 800-88 Purge when the drive supports encryption
- Physical destruction is the only option that achieves NIST 800-88 Destroy level, but it prevents drive reuse
The Complete Comparison Chart
This table covers 16 erasure methods across six key dimensions. Use it as a quick reference when selecting a method for your drives.
| Method | Passes | Pattern | NIST 800-88 Level | HDD | SSD | Speed (1TB) | Recommended? |
|---|---|---|---|---|---|---|---|
| Single-pass zero fill | 1 | All zeros (0x00) | Clear | Yes | No | 3-5 hrs | Yes (HDD) |
| Single-pass random | 1 | Pseudorandom data | Clear | Yes | No | 3-5 hrs | Yes (HDD) |
| NIST 800-88 Clear | 1 | Fixed value (e.g., zeros) | Clear | Yes | No | 3-5 hrs | Yes (HDD) |
| NIST 800-88 Purge | Varies | Firmware-level command | Purge | Yes | Yes | Mins-hrs | Yes (all) |
| DoD 5220.22-M (3-pass) | 3 | Zero, one, random + verify | Clear | Yes | No | 9-15 hrs | No |
| Gutmann (35-pass) | 35 | Specific patterns + random | Clear | Yes | No | 4-7 days | No |
| HMG IS5 Baseline | 1 | Single overwrite + verify | Clear | Yes | No | 3-5 hrs | Conditional |
| HMG IS5 Enhanced | 3 | Zero, one, random + verify | Clear | Yes | No | 9-15 hrs | No |
| RCMP TSSIT OPS-II | 7 | Alternating 0/1, random | Clear | Yes | No | 21-35 hrs | No |
| ATA Secure Erase | 1 | Firmware-level reset | Purge | Yes | Yes | 2 min-2 hrs | Yes |
| NVMe Sanitize Block Erase | 1 | Flash block reset | Purge | No | Yes | 2-30 min | Yes |
| NVMe Sanitize Crypto Erase | 1 | Key destruction | Purge | No | Yes | Seconds | Yes |
| NVMe Format (User Data Erase) | 1 | Varies by controller | Clear | No | Yes | Seconds-min | Conditional |
| Crypto Erase (SED) | 1 | Key destruction | Purge | Yes* | Yes* | Seconds | Yes |
| Degaussing | 1 | Magnetic field disruption | Purge/Destroy | Yes | No | Seconds | Conditional |
| Physical Destruction | 1 | Shredding/crushing/drilling | Destroy | Yes | Yes | Minutes | Conditional |
* Crypto Erase applies to self-encrypting drives (SEDs) regardless of whether the underlying media is HDD or SSD.
Overwrite-Based Methods Explained
These methods write data patterns across the entire drive surface. They work on traditional magnetic hard drives but are unreliable on SSDs because wear leveling and over-provisioning prevent overwrite commands from reaching all flash cells. Read our overview of data erasure standards for full context on how these fit into the broader sanitization landscape.
Single-Pass Zero Fill
Writes zeros (0x00) to every addressable sector on the drive. This is the simplest and fastest overwrite method. On modern HDDs, it renders data unrecoverable by any known technique. NIST 800-88 explicitly confirms that a single overwrite pass with a fixed value is sufficient for Clear-level sanitization. There is no advantage to using random data over zeros for modern drives, though either works.
Single-Pass Random
Writes pseudorandom data to every sector. Functionally identical to a zero fill in terms of security on modern drives. Some organizations prefer random data because it makes it easier to verify that the overwrite actually occurred — if you read back a sector and see the same random pattern you wrote, you know the overwrite succeeded. If you read back all zeros, you cannot distinguish between "I wrote zeros" and "this sector was already empty."
DoD 5220.22-M (3-Pass)
The U.S. Department of Defense's former overwrite specification: pass one writes zeros, pass two writes ones (0xFF), pass three writes random data, with verification after each pass. The DoD no longer references this standard, having replaced it with NIST 800-88 guidance. The three passes take three times longer than a single pass with no measurable improvement in security. Software tools continue listing it because the name carries perceived authority.
Gutmann Method (35-Pass)
Peter Gutmann's 1996 paper proposed 35 specific overwrite patterns designed to defeat magnetic force microscopy on MFM and RLL encoded drives — technologies that have not been manufactured since the 1990s. Gutmann himself has stated publicly that a few passes of random data are sufficient for modern drives and that running all 35 passes on current hardware is pointless. A 35-pass wipe of a 1TB drive takes 4 to 7 days. Learn more about why this method is outdated.
HMG IS5 (Baseline and Enhanced)
The UK government's Her Majesty's Government Infosec Standard 5 defines two levels. Baseline is a single overwrite with verification — functionally equivalent to a NIST Clear operation. Enhanced adds two more passes (three total), mirroring the DoD 5220.22-M approach. Baseline remains a reasonable choice for UK organizations that need to reference a national standard. Enhanced is unnecessary for the same reasons as any multi-pass method. See our full HMG IS5 breakdown.
RCMP TSSIT OPS-II
The Royal Canadian Mounted Police Technical Security Standard specifies 7 alternating passes of zeros and ones followed by a random data pass. Created for the same era of drive technology as DoD 5220.22-M, it is equally unnecessary on modern hardware. At 7 passes, it takes roughly 21-35 hours for a 1TB drive — seven times longer than a single pass that achieves the same result.
Bottom Line: For any HDD manufactured in the last 20 years, a single overwrite pass — whether zeros or random data — is all you need. Multi-pass methods exist in modern software for backward compatibility, not because they add security. Read how many passes to wipe a hard drive for the full research breakdown.
Firmware-Level Methods Explained
These methods operate at the drive controller level rather than through the file system, which means they can reach areas that software-based overwriting cannot — including over-provisioned cells, the host-protected area, and device configuration overlays. They are the only reliable way to erase SSDs and are also effective on HDDs.
ATA Secure Erase
A command built into the ATA specification that instructs the drive's firmware to perform an internal erase of all stored data. On HDDs, it overwrites every sector including reallocated ones. On SATA SSDs, it resets all flash cells. Execution time varies widely — some SSDs complete in under a minute, while HDDs may take up to two hours. ATA Secure Erase achieves NIST 800-88 Purge level. Tools like BitRaser can issue this command and generate a compliance certificate.
NVMe Sanitize Block Erase
The NVMe Sanitize command with Block Erase mode resets all flash memory blocks to their erased state. Unlike NVMe Format, the Sanitize command is required to erase all user data areas including namespaces that are not currently active. It is the preferred method for NVMe SSDs when the goal is physical data removal rather than just key destruction. Achieves NIST 800-88 Purge. Defined in the IEEE 2883 standard as a recommended sanitization action for flash media.
NVMe Sanitize Crypto Erase
Destroys the encryption key on an NVMe drive that supports encryption, rendering all stored data permanently unreadable. This is the fastest method available — it completes in seconds regardless of drive capacity because it only needs to destroy a key, not touch every flash cell. Achieves NIST 800-88 Purge level provided the drive meets NIST 800-88 Rev. 2 requirements for cryptographic erase: the encryption must have been active since the drive was provisioned, and the key must have been generated by an approved random number generator.
NVMe Format (User Data Erase)
The NVMe Format command with the User Data Erase setting instructs the controller to erase data across the specified namespace. However, unlike the Sanitize command, NVMe Format may not erase all namespaces or all internal data areas. It achieves NIST 800-88 Clear level — not Purge. Use it only when Clear is acceptable for your data sensitivity level, or when the drive does not support the Sanitize command.
Crypto Erase (Self-Encrypting Drives)
Self-encrypting drives (SEDs) that support TCG Opal, TCG Enterprise, or IEEE 1667 perform hardware-level encryption on all data written to the drive. Crypto Erase destroys the media encryption key, making the encrypted data permanently undecipherable. This applies to both HDD-based and SSD-based SEDs. It completes in seconds and is valid as NIST 800-88 Purge, but only if encryption was active from first use and the implementation meets the cryptographic requirements. If encryption was enabled after data was already written in the clear, Crypto Erase will not sanitize the pre-encryption data.
Physical and Magnetic Methods
Degaussing
Exposes the drive to a powerful magnetic field that disrupts the magnetic orientation of data on the platters, rendering the data unrecoverable. Effective on HDDs and magnetic tape. Completely useless on SSDs, which store data as electrical charges in flash cells, not magnetic signals. Degaussing typically destroys the drive's servo tracks as well, making the drive non-functional afterward. A professional degausser costs $5,000-$30,000, so this is primarily an enterprise and government method.
Physical Destruction
Shredding, crushing, incineration, or disintegration of the storage media. This is the only method that achieves NIST 800-88 Destroy level and the only approach that provides absolute certainty for both HDDs and SSDs. Options range from drilling holes through platters (imperfect — data may survive between holes) to industrial shredders that reduce drives to particles smaller than 2mm. Physical destruction prevents drive reuse and generates electronic waste, so it should be reserved for the highest-sensitivity scenarios or non-functional drives.
Which Method to Use: Quick Decision Guide
Personal HDD being recycled or donated: Single-pass zero fill or NIST 800-88 Clear. Free tools like DBAN or ShredOS work well. Fast and sufficient.
Business HDD leaving organizational control: NIST 800-88 Purge via ATA Secure Erase or enhanced overwrite. Use BitRaser for a certificate of erasure.
Any SATA SSD: ATA Secure Erase. Do not attempt overwrite-based methods. BitRaser or manufacturer tools (Samsung Magician, Crucial Storage Executive) can issue the command.
Any NVMe SSD: NVMe Sanitize Block Erase or Crypto Erase. Use BitRaser or nvme-cli on Linux.
Self-encrypting drive (SED): Crypto Erase if encryption was active from first use. Fastest option available.
Classified or top-secret data: Physical destruction. Degaussing for HDDs followed by shredding. Shredding alone for SSDs.
Damaged or non-functional drive: Physical destruction. You cannot run software or firmware commands on a dead drive.
Regulatory compliance (HIPAA, GDPR, PCI DSS): NIST 800-88 Purge minimum. Use software that generates a certificate of erasure documenting the method, result, drive serial number, and timestamp.
Common Mistakes When Choosing an Erasure Method
Using DoD 5220.22-M because it sounds official. It is obsolete. The DoD does not use it. A single-pass wipe does the same job in one-third the time.
Running overwrite passes on an SSD. The flash translation layer means overwriting cannot reach all cells. You are wearing out the drive while leaving data in over-provisioned areas.
Assuming NVMe Format equals NVMe Sanitize. NVMe Format (User Data Erase) only achieves Clear level and may not erase all namespaces. NVMe Sanitize is the correct choice for Purge-level erasure.
Choosing Crypto Erase on a drive that was not encrypted from day one. If the drive stored unencrypted data before encryption was enabled, that data may still be recoverable after Crypto Erase. The key destruction only protects data that was encrypted when it was written.
Degaussing an SSD. Degaussers only affect magnetic media. A degausser has absolutely no effect on flash memory.
Frequently Asked Questions
Which data erasure method should I use in 2026?
For HDDs, a single-pass zero fill or NIST 800-88 Clear overwrite is sufficient. For SSDs, use ATA Secure Erase or NVMe Sanitize (Block Erase or Crypto Erase) depending on the drive interface. If the SSD is a self-encrypting drive, Crypto Erase is the fastest option. Multi-pass methods like DoD 5220.22-M or Gutmann are unnecessary for modern drives.
Is a 3-pass DoD wipe more secure than a single-pass wipe?
No. Research confirms that a single overwrite pass renders data unrecoverable on modern HDDs. The DoD 5220.22-M 3-pass method was designed for 1990s drive technology and the DoD itself no longer references it. A single pass takes one-third the time and provides the same result on any drive manufactured in the last 20 years.
Do overwrite-based methods work on SSDs?
Not reliably. SSDs use wear leveling and over-provisioning, which means overwriting cannot reach all stored data. The flash translation layer redirects writes to different physical cells, leaving original data intact in areas the overwrite never touches. SSDs require firmware-level commands — ATA Secure Erase, NVMe Sanitize, or Crypto Erase — for effective sanitization.
What is the difference between NIST 800-88 Clear and Purge?
Clear protects against data recovery using standard software tools and is appropriate for low-sensitivity data on drives that will be reused within the organization. Purge protects against laboratory-level recovery using specialized equipment and is required for sensitive data or drives leaving organizational control. For HDDs, Clear means overwriting; Purge means enhanced overwrite or degaussing. For SSDs, Purge requires firmware-level commands.
What is Crypto Erase and when should I use it?
Crypto Erase destroys the encryption key on a self-encrypting drive, rendering all data unreadable. It completes in seconds regardless of drive capacity. Use it when your drive supports hardware encryption (TCG Opal, IEEE 1667, or NVMe with crypto erase support). NIST 800-88 Rev. 2 recognizes Crypto Erase as a valid Purge method when the drive meets specific encryption requirements.
How long does it take to wipe a 1TB drive?
It depends entirely on the method. A single-pass overwrite on a 1TB HDD takes 3-5 hours. A DoD 3-pass wipe takes 9-15 hours. A Gutmann 35-pass wipe takes 4-7 days. ATA Secure Erase on a 1TB SSD takes 2-30 minutes. NVMe Sanitize Crypto Erase takes under a minute regardless of capacity. The fastest methods are firmware-level commands, not overwrite-based approaches.
Is degaussing effective on SSDs?
No. Degaussing works by disrupting the magnetic field on magnetic media. SSDs store data as electrical charges in flash memory cells, not on magnetic platters. A degausser has zero effect on an SSD. Degaussing is only effective on HDDs and magnetic tape. For SSDs, use firmware-level erase commands or physical destruction.
What is the difference between NVMe Sanitize Block Erase and Crypto Erase?
Block Erase resets all flash memory blocks to their erased state, physically removing the stored data. Crypto Erase destroys the encryption key so the existing data cannot be decrypted. Block Erase takes minutes; Crypto Erase takes seconds. Both achieve NIST 800-88 Purge level, but Crypto Erase requires the drive to support encryption. Block Erase works on any NVMe drive that supports the Sanitize command.
Should I use physical destruction instead of software-based erasure?
Physical destruction is the only method that achieves NIST 800-88 Destroy level and is appropriate when data sensitivity is extremely high, the drive is damaged, or the drive will not be reused. However, it is wasteful for working drives with routine data. For most scenarios, Purge-level sanitization with firmware commands provides sufficient security while preserving the hardware for reuse or resale.
What does the RCMP TSSIT OPS-II method involve?
RCMP TSSIT OPS-II is a Canadian government erasure standard that specifies 7 overwrite passes alternating between zeros and ones, with a final random data pass. Like DoD 5220.22-M, it was designed for older magnetic media and is unnecessary for modern drives. A single overwrite pass provides equivalent security on current hardware.
The Bottom Line
Pick your erasure method based on drive type, not habit. HDDs need a single overwrite pass. SSDs need firmware-level commands. Self-encrypting drives need Crypto Erase. Physical destruction is for dead drives and classified data. Everything else on the list exists for backward compatibility. Consult our complete standards overview for deeper technical details.
Last updated: February 2026. We regularly review and update our guides to ensure accuracy.
Sources:
- NIST Special Publication 800-88 Rev. 2 — Guidelines for Media Sanitization. https://csrc.nist.gov/publications/detail/sp/800-88/rev-2/final
- IEEE 2883-2022 — Standard for Sanitizing Storage. https://standards.ieee.org/ieee/2883/10277/
- Gutmann, Peter. "Secure Deletion of Data from Magnetic and Solid-State Memory." https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
- Wright, Craig; Kleiman, Dave; Sundhar, Shyaam. "Overwriting Hard Drive Data: The Great Wiping Controversy" (2008). https://link.springer.com/chapter/10.1007/978-3-540-89862-7_21
- NVMe Base Specification 2.1. https://nvmexpress.org/specifications/
- TCG Storage Architecture Core Specification. https://trustedcomputinggroup.org/resource/tcg-storage-architecture-core-specification/
