Results 1 to 11 of 11
  1. #1
    Inactive Pokémon Moderator JigPu's Avatar
    10 Year Badge
    Join Date
    Jun 2001
    Location
    Vancouver, WA

    One-pass wipe enough? Maybe not...

    I reformatted my computer the other day, and it got me wondering if there's been any more information on the hard drive wiping front. A little Googling later provided something I hadn't seen before.

    The most well-known resource regarding the wiping of hard drives is likely Peter Gutmann's "Secure Deletion of Data from Magnetic and Solid-State Memory". This paper, first published in 1996, looks at several ways that data could be recovered from a drive. The results of this paper inspired the writers of many wiping programs to even include a Gutmann-style 35-pass wipe. However, that was 1996. This is 2010. In the intervening time, drive densities have marched onward: the 1.5 GB drive of the day was just as much a marvel as a 1.5 TB drive is today. These increasing densities have chiefy come through the shrinking of magnetic domains, making the attacks outlined by Gutmann more difficult.

    More recently (January 2009), Craig Wright et al. published "Overwriting Hard Drive Data: The Great Wiping Controversy" which aimed to unseat the notion that multiple erasure passes are required. Using techniques like Magnetic Force Microscopy (an attack vector specifically mentioned by Gutmann) they could only succeed 9 times in a million to recover just 4 bytes of data. Many news organizations wrote short articles about their results, leading many readers to believe that Gutmann's paper is out of date in today's high-density world.

    Unfortunatly, few who have heard about the paper have actually read it. While this is in part due to simple lazyness, it's also due to the article being very difficult to get for free. In addition to the online version existing behind a paywall, few public libraries subscribe to the periodical.

    Fortunately, Peter Gutmann has read this article and has posted a "Further Epilogue" to his paper (click on the link above and scroll to the very end) dealing specifically with this paper. He's found many glaring errors and talks breifly about each. One of the most glaring is their apparent confusion of magnetic force microscopes and electron microscopes (I don't see how anyone writing a paper on this topic could make that giant an error repeatedly). In short, because of the errors, Gutmann believes the results should be taken with a salt block or two.

    EDIT: After more googling, I managed to find a "simplified" version of the paper. It doesn't go into as much detail as the actual paper, but provides a little info nonetheless.

    ~~~~

    On an additional (but unrelated) note, Gutmann also has added an "Epilogue" section that you may not have read. This is directed to those who "[treat] the 35-pass overwrite technique . . . more as a kind of voodoo incantation to banish evil spirits"

    Quote Originally Posted by Secure Deletion of Data from Magnetic and Solid-State Memory
    In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do.
    JigPu
    Last edited by JigPu; 02-20-10 at 01:56 PM.
    .... ASRock Z68 Extreme3 Gen3
    .... Intel Core i5 2500 ........................ 4 thread ...... 3300 MHz ......... -0.125 V
    2x ASUS GTX 560 Ti ............................... 1 GiB ....... 830 MHz ...... 2004 MHz
    .... G.SKILL Sniper Low Voltage ............. 8 GiB ..... 1600 MHz ............ 1.25 V
    .... OCZ Vertex 3 ................................. 120 GB ............. nilfs2 ..... Arch Linux
    .... Kingwin LZP-550 .............................. 550 W ........ 94% Eff. ....... 80+ Plat
    .... Nocuta NH-D14 ................................ 20 dB ..... 0.35 C°/W ................ 7 V


    "In order to combat power supply concerns, Nvidia has declared that G80 will be the first graphics card in the world to run entirely off of the souls of dead babies. This will make running the G80 much cheaper for the average end user."
    "GeForce 8 Series." Wikipedia, The Free Encyclopedia. 7 Aug 2006, 20:59 UTC. Wikimedia Foundation, Inc. 8 Aug 2006.

  2. #2

    reap3r's Avatar
    Join Date
    Jun 2009
    Location
    BC, Canada
    Benching Profile
    This is really interesting stuff... i've actually wondered just how effective those multiple pass erases are anymore.. Macs have the ability to do a 35-pass erase using their disk utility.. and what makes me amused is the fact that the caption for 7-pass erase reads "This option takes 7 times longer than zero out data, and meets the US Department of Defense (DOD) 5220-22 M standard for securely erasing magnetic media..

    Makes you wonder whether that holds true these days or not...

  3. #3
    mjw21a's Avatar
    Join Date
    Sep 2004
    Location
    Australia, Brisbane
    Apparently the write heads are much more accurate these days so generally a single write should be enough.

    Back with the older drives the write heads weren't so accurate so 2-3 writes was a better idea. Depends on how paranoid you are I guess.
    CPU & HSF: AMD FX-8120 & Noctua NH-D14
    Mobo: Asus M5A97-EVO
    RAM: 16GB (4Gx4) DDR3 2133 G.Skill RipjawZ F3-17000CL11Q-16GBZL
    Storage: 1x 120GB OCZ Vertex II SSD, 1x 250GB Samsung 830 SSD, 1x 1.5TB Samsung Silencer Series HDD
    GFX: 4GB Gigabyte ATI R9 270X OC Edition + Yamakasi Catleap Q270 SE 27" IPS LED LCD
    Teamspeak Audio: SMSL SD-793II DAC, Sennheiser CX270 Earbuds + BM800 Condenser Microphone
    Amp/Speakers: SMSL SA-50 T-Amp, Polk Audio TSi500 Bookshelf Speakers
    Case & Lighting: Silverstone Temjin TJ04-E w/ Side Window + Red CCFL's
    PSU: 550W Antec EarthWatts Platinum

  4. #4
    Registered dorkbert's Avatar
    Join Date
    Oct 2009
    Location
    California, USA
    For the most part, unless your adversary is someone of substantial financial means (that can afford expensive data recovery services), otherwise a couple erasure passes should be plenty.

  5. #5
    At Fort Huachuca, the US Army still grinds up (or chips up) the old hard drives.

  6. #6
    Member Creegz's Avatar
    Join Date
    Jan 2010
    Location
    British Columbia, Canada
    One pass with a hammer is about the best solution.
    Intel Core i7 940 OC to 3.7GHZ
    Corsair H70
    EVGA X58 FTW3
    6GB Mushkin Ridgeback 1600
    ASUS Radeon 6970 2GB
    500GB Caviar Black, 3TB Seagate Barracuda
    Silverstone Strider 850W
    Fractal Designs Define R3

  7. #7
    Member
    Join Date
    Oct 2007
    Quote Originally Posted by Anti-Hero View Post
    One pass with a hammer is about the best solution.
    No, it really isn't. A single overwrite is much more secure.

  8. #8
    Mr.Guvernment's Avatar
    10 Year Badge
    Join Date
    Feb 2003
    Location
    Costa Rica - and toronto sometimes
    Folding Profile
    i recall reading that the FBI or some agency can recover data off broken disks, even if they are in pieces they can pull the data from that section and piece it together if needed?

    giant magnet FTW

    ¸,ř¤°`°¤ř,¸© Poor Planning On Your Part Does Not Constitute An Emergency On My Part ©¸,ř¤°`°¤ř,¸
    ¸,ř¤°`°¤ř,¸© The trouble with life is there’s no background music ©¸,ř¤°`°¤ř,¸
    ¸,ř¤°`°¤ř,¸© Life isnt short, you're just dead for too long©¸,ř¤°`°¤ř,¸



  9. #9

    c(π*199780) Senior Member
    c627627's Avatar
    10 Year Badge
    Join Date
    Feb 2002
    Location
    Kansas
    Author Profile
    Just to be clear. JigPu, after 1 pass of rewriting with zeroes, it is not possible to recover more than 1 byte of data, right?

  10. #10
    Inactive Pokémon Moderator JigPu's Avatar
    10 Year Badge
    Join Date
    Jun 2001
    Location
    Vancouver, WA
    Quote Originally Posted by c627627 View Post
    Just to be clear. JigPu, after 1 pass of rewriting with zeroes, it is not possible to recover more than 1 byte of data, right?
    The point of my post was that this still isn't clear.

    Craig Wright et al. were able to successfully recover a single byte of data between 30% and 3% of the time depending on how heavily the drive was used beforehand. However, Gutmann believes their study was flawed. Clearly the study by Craig Wright et al. sets a lower bound, but how close that bound is to the average case is still up for debate.

    Leaving the world of theory though, I'd say that there's no practical chance of recovery after a single pass. No software will recover it, I've never heard of a data recovery firm doing it, and have also never heard of law enforcement doing it. Also, there is the XKCD factor:



    JigPu
    .... ASRock Z68 Extreme3 Gen3
    .... Intel Core i5 2500 ........................ 4 thread ...... 3300 MHz ......... -0.125 V
    2x ASUS GTX 560 Ti ............................... 1 GiB ....... 830 MHz ...... 2004 MHz
    .... G.SKILL Sniper Low Voltage ............. 8 GiB ..... 1600 MHz ............ 1.25 V
    .... OCZ Vertex 3 ................................. 120 GB ............. nilfs2 ..... Arch Linux
    .... Kingwin LZP-550 .............................. 550 W ........ 94% Eff. ....... 80+ Plat
    .... Nocuta NH-D14 ................................ 20 dB ..... 0.35 C°/W ................ 7 V


    "In order to combat power supply concerns, Nvidia has declared that G80 will be the first graphics card in the world to run entirely off of the souls of dead babies. This will make running the G80 much cheaper for the average end user."
    "GeForce 8 Series." Wikipedia, The Free Encyclopedia. 7 Aug 2006, 20:59 UTC. Wikimedia Foundation, Inc. 8 Aug 2006.

  11. #11

    c(π*199780) Senior Member
    c627627's Avatar
    10 Year Badge
    Join Date
    Feb 2002
    Location
    Kansas
    Author Profile
    ↑ Yh-eah.


    In absence of proof that more than 1 byte can be recovered after a single pass, why the controversy?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •