Re: Wiping hard drives - Re: debian-user-digest Digest V2011 #1704
On Mon, Sep 19, 2011 at 10:27 AM, Aaron Toponce <aaron.toponce@gmail.com> wrote:
> On Sat, Sep 17, 2011 at 08:59:14AM +0200, Ralf Mardorf wrote:
>> If you want to be safe, you need to overwrite the data several times,
>
> Have anything to back that up? If you're using drives that used the old MFM
> or RLL encoding schemes, and had massive space for bits per linear inch,
> then sure, but on today's drives, with perpindicular encoding, and the
> extremely dense bit capacity, going more than once is silly.
That conclusion is not valid.
All such analysis is sensitive to the value of the data. If you are
going up against a serious adversary, colloquially known as "National
Technical Means", then no amount of overwriting is secure.
If you are going up against an ordinary thief of the machine or drive,
then a single overwrite is sufficient. In fact there is no need to
overwrite the entire drive when the meta-data of directories, inodes,
journals, etc. is a small fraction of the entire drive.
I perform this service for commercial recyclers. In addition to
scrubbing techniques, some need to damage the drive by rendering it
non-functional (with a hammer or a drill). Some need to destroy the
drive, usually by shredding. Some need to destroy the recording
medium, for which incineration tends to be the least expensive.
For high security situations a combination of scrubbing and physical
measures are recommended. For example, unscrubbed media that has been
finely shredded can still offer recoverable data because the high
density of the recording means that a very small shred may contain
many intact sectors of data.
>
>> 'shred' does delete data several times. We hardly are able to recover
>> data that one time really was deleted at home, but CSI is able to do
>> this
>
> [citation needed]
>
>> and I'm not talking about the trash that is produced by Jerry
>> Bruckheimer. There e.g. are real methods with lasers that make it
>> possible to recover magnetic data from sledgehammer deformed HDDs and
>> even a private person legally just need to pay some k of Euros to a
>> company and can benefit from those methods. OTOH nobody is able to
>> factorise primes, it would take 20 or 30 years to crack openPGP with a
>> super computer, but if there should be delicate data on your HDDs, that
>> isn't encrypted, note, it just takes some seconds to open the door of
>> your flat and to get your HDD that's still in use.
>
> You may want to read this, as well as the references the article links to:
>
> http://goo.gl/5QG4U
>
> Claiming that you can recover data after a single pass of zeros on today's
> spinning platters is urban legend.
No.
Consider that those organizations able to recover after a single pass
with known mask pattern have a negative incentive to advertise their
abilities.
One pass scrubbing, even with a variable mask pattern driven by a TRNG
rather than a PRNG, is ineffective because the write activity hands
the adversary a complete copy of the mask pattern. A second pass to
obscure the mask pattern is strongly recommended.
> I guess if you like wasting your time,
> go for it. I've got better things to do than do several passes on a 2TB
> SATA disk, running at 30MBps, and I can sleep at night knowing that no one
> will get access to the data.
Why do you care how long it takes? Stick the drive in in a spare,
low-end machine and let it hum for as long as it takes.
Lee Winter
Nashua, New Hampshire
United States of America (NDY)
Reply to: