On Thu, Jan 09, 2020 at 10:11:15AM +0000, Andy Smith wrote:
Hello, On Thu, Jan 09, 2020 at 12:11:54PM +1300, Ben Caradoc-Davies wrote:If you need to protect against an attacker willing to examine your HDD with magnetic force microscopy, there is no substitute for physical destruction of the media.Even then it's unnecessary! No has ever recovered usable data from a modern (less than 15 years old) used HDD after a single pass of writes.
[...]
So, for the main data areas of the HDD, one pass of writes is always enough and anything more is just a meaningless ritual. Some will argue that a better-funded attacker may somehow have better microscopes even to the point that they have technological breakthroughs not known to the wider world. However, the paper also makes clear that the limit is not the sensitivity of the microscope, but the fact that any drive that has been in use for a while has too much noise for the data immediately prior to the wipe to be distinguishable from that.
Physical destruction is recommended in three cases: 1) the drive is broken. overwriting a broken drive is hard.3) the data is high value and needs to be protected "forever". this probably doesn't apply to you, but if it does it would be irresponsible to not destroy the drive. the liklihood of future advances making it possible to recover overwritten data may be low, but if the cost of destroying the drive is basically the value of an EOL drive (near zero) and the potential cost of the data being compromised is high, it makes no sense to not simply destroy the drive.
3) you need to wipe and verify that the data has been wiped on a large number of EOL hard drives. in many cases it is sufficient to sample hard drives after a wiping process, but for high value data if 100% wiping and verification is warranted it's probably more cost effective to shred the drives than pay for the labor to overwrite and verify the overwriting.