Slashdot Mirror
Single Drive Wipe Protects Data
ALF-nl writes "A forensics expert claims that wiping your hard drives with just one pass already makes it next to impossible to recover the data with an electron microscope." But that's not accounting for the super secret machines that the government has, man.
Wow, they put the prize money up! Last time we discussed that here, the prize was a whopping $40.
By reading this signature, you hereby agree with the content of the above comment.
Add a wipe to the encryption and you may be safe.
The old problem with multiple wipes depended on the fact that there were rather large tolerances, but modern drives are very close to limits caused by physics, which means that it's a lot harder to extract wiped data.
If the data also was encrypted it will probably be impossible to re-create since there always is a level of loss even at recovery. For unencrypted data this may not be a big problem and it can be rectified by hand, but for encrypted data it will upset the whole packet that was encrypted.
But in a majority of cases a single wipe will be sufficient when the hardware is sold as surplus, since it's not easy to track and find out if a certain drive contains anything of interest.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
That would take too long - you can't depend on the blocking kernel random generator, as it needs a source of data to keep feeding the entropy pool.
I want to delete my account but Slashdot doesn't allow it.
That'd probably be this challenge from further up the page - $500 at the moment, and apparently three companies have turned it down after the dd command was mentioned because they 'know' it isn't possible.
The source of the claim seems Gutmann's 1996 article: http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/index.html where he says: "Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read. Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM)." It was challenged already in 2003 http://www.nber.org/sys-admin/overwritten-data-guttman.html where Feenberg writes: "Surveying all the references, I conclude that Gutmann's claim belongs in the category of urban legend." As usual, this story shows that individual claims have to be checked by independent parties. Even the claim that it can not be done.
Yes, a two year old with Torx for fingers. But seriously if you really want to know how to erase your media here are the instructions for the US government http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf. For destroying hard drives they recommend you "disintegrate, shred, pulverize, incinerate" (p19) the hard drive
Tanto nomini nullum par elogium.
Gutmann 35-pass is designed for hard drives which use MFM/RLL encoding. New disks don't use this encoding anymore, so this method is pretty much equal in deletion quality to the other methods.
Well, the feds only specify that unclassified drives be wiped. Classified drives (that is, hard drives with classified material on them) must be destroyed.
Incidentally, a lot of data on hard drives is user-inaccessible due to the hard drive remapping bad sectors. Only a low-level format will touch that data--not application-level wiping tools.
> if you can recover from 1 overwrite, while still being able to get the new data, the
> capacity has just doubled.
Not if it takes hundreds of hours to do and recovers only 3/4 of the data on average. There is a lot of room between "not secure" and "reliable data storage".
It is very unlikely that any of us need worry that our overwritten files will be recovered, though. None of us have secrets that important.
Besides, the bot that controls your Windows box has already uploaded all your passwords.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
There is *no* way to recover the data on a modern drive after a single wipe. It is actually impossible. It cannot be done.
The reason is simple - although you may be able to detect a tiny tiny bit of data from the previous recording, you've no idea how strongly overwritten it is. Now, with old drives which used simple on/off pulses to write data to the disk, it would be possible to see if the bit you're looking at is a little higher or lower than it should be, and infer the previous value from that. Modern drives use a system similar to QAM - quadrature amplitude modulation - to pack more bits of data into each transition on the disk. Since the signal is essentially analogue, you'd need to know how badly degraded the print-through was. You can't do this, so you can't recover data after it's been overwritten even once.
Evidence of what?
You know it is often important to hide data that isn't involved with anything illegal. For example: Credit Card numbers, social security numbers and other personal information, trade secrets, personal journals and diaries that you don't want other people reading. There are many MANY reasons to want to wipe data that doesn't implicate you in a crime.
In the epilogue of http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html, Peter Gutmann basically calls the author of TFA a rtrd.
Apparently, he's confusing two different techniques, and Gutmann claims that, of course it won't work the way he's doing it. He's doing it wrong. You can't use the Magnetic Force Microscope to perform an error cancelling read, it doesn't work. The success rate is - surprise! - less than 1%, exactly like TFA claims.
Also, mentioned in Gutmann's epilogue, TFA confuses an MFM and a scanning electron microscope. They are not the same thing. An MFM reads magnectic levels, it doesn't "see" electrons like a SEL will.
In any case, Gutmann agrees with TFA but for very different reasons. The new encoding techniques nullify the MFM. There is no point using it because it won't give you any usefull information on a modern drive. Also, the extremely high densities mean the only practical and reliable method of recovery is basic error-cancelling techniques, and that's only practical after one wipe. Even then, it's iffy at best.
So yes, a single wipe is probably all you need. But who knows what data recovery techniques will be invented? A single pass is probably good enough right now, but 3-4 random passes is pretty much a sure thing, regardless of future techniques.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
You are wrong. Because any decent hard drive encryption solution will not use the password to directly encrypt the sectors. They will use it to encrypt one ore more master keys which will then be used to encrypt sectors. For example dm-crypt/LUKS works that way (up to 7 master keys), as well as TrueCrypt. They do that precisely to render all the data inaccessible by simply wiping the master key. Another advantage of this technique is that the user can change her password at anytime without having to re-encrypt the whole disk (the app just re-encrypts the master key).
So the GP is right: use disk encryption instead of relying on time-wasting/manual/unreliable data wiping !