Slashdot Mirror
Single Drive Wipe Protects Data
ALF-nl writes "A forensics expert claims that wiping your hard drives with just one pass already makes it next to impossible to recover the data with an electron microscope." But that's not accounting for the super secret machines that the government has, man.
One wipe is never enough.
Didn't your mommy teach you anything?
Especially true after Taco Bell.
Just use encryption (of your whole drive or partition) and forget about wiping it.
It's not that hard. For example, several modern Linux distros support encrypting your entire installation out of the box.
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
1) next to impossible != impossible
2) if the feds require multi-pass wipes for non-classified data and media destruction for classified data, why should I settle for anything less?
OK, maybe this guy is right and maybe the feds are behind the times, but I'd like to see multiple independent studies come out and say this before I'm getting rid of my drive sanitizers. I mean, we all know what happens to societies when they get rid of their equipment sanitizers, don't we?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I thought a few weeks ago we were supposed to drill holes in the drive platters and fill the case with thermite, then drop the whole computer into the fires of mount doom.
This week, a one pass wipe is enough.
it is not like you can have 2 values for a single bit at the same time.. and density is so high these days that it makes sense to have a single write wipe the previous data forever.
have you been defaced today?
That's what they WANT you to think.
In all seriousness. If the government wants to get information, they are not going to the trouble of an electron microscope to look at your hard drive. I'm sure they have other methods of extracting the information they want. While this information (about how many wipes you need) is interesting from a theoretical point of view, it is useless from a practical one.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
I thought this would be fairly obvious from the fact there doesn't exist any recovery services that will recover zerod out data for you, at most they can usually try to recover data that has been deleted(forgotten) by the operating system.
Myhtbusters need to look at this. Then they should do a wipe that would really suit their style - a shock wave through the drive will raise the temperature at the wave front above that where the material is magenetic (curie temperature). In other words - explosives!
I found that taking the disk platter out and using it as a coaster helps too.
Last month my grandma asked for a new laptop and prior to putting her old HP on ebay I wiped it via Gutmann 35-Pass method, way above DoD and NATO standards, so her ultra-secret vanilla cake recipe could remain a household secret.
It says data written to a pristine drive is much easier to access.
If drive-manufacturers wrote random data to their drives 2 or 3 times before shipping, I wonder if this would help?
Combine this with OS-level "overwrite with random after delete" or, to allow for "oopsies," delayed-overwrite after delete but before next use, the problem of "ghost data" in unallocated drive space could mostly disappear.
Of course, there are other issues, like data internal to a file that is no longer current, data in paged-memory files, and data on backup media, but that's outside the scope of the "I deleted the file, it should be gone but it's not" problem.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
[pulls tinfoil hat tighter over head]
Sure, that's just what they want you to think.
Hard drive meets Mr. Thermite.>
These guys will give you 500 bucks
which is surely worth the time and effort involved in something like this.
What's it worth to you to have the data not be recovered? That's the real question here.
If a static pattern wipe will take about an hour and a half, and that's "good enough", great. If you're willing to invest a few days in running dban on the thing, that's better.
If you're willing to pull out a welding torch and reduce the drive to a smoking ingot, well, you're just about paranoid enough.
It's two parallel questions, really:
-what is the data worth to you?
-what is it worth to you to keep anyone else from getting the data?
Even if it isn't deleted, try to recover a simple 10Mb jpg using an electron microscope... I guess it is as close to the "next to impossible" as if the file was deleted.
If there were a reliable way to read the previous value of a bit written to a drive, the drive manufacturers would already be using it to increase density -- effectively storing two bits in the space of one. This is similar to the basic principle of MLC flash drives.
Which, of course, would still make it impossible to recover data that has been overwritten, since each "bit" would be overwritten twice.
I've found one pass of a sledgehammer makes it next to impossible to recover data from a disk. Even read-only media!
What a fool believes, he sees, no wise man has the power to reason away.
Why not:
dd if=/dev/random of=/dev/hda
instead?
That way you get random data, not just all zeros. Also you probably want /dev/hda so you blank the entire drive; not /dev/hda1 which only blanks the first partition.
Cheers,
Dave
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
That would take too long - you can't depend on the blocking kernel random generator, as it needs a source of data to keep feeding the entropy pool.
I want to delete my account but Slashdot doesn't allow it.
It seriously depends on your crime as to how far police will go to obtain data from a hard disk.
If, for instance, to kill no more than three people in cold blood. They won't even look.
If, you have a few ounces of pot, the DEA will use the FBI forensics labs.
If you have a history of violence and have beaten countless women, they won't even look.
If you've given more than a few hundred bucks to an Islamic charity, the NSA will step in.
If you bilk hundreds or thousands of people out of millions of dollars, they won't even look.
if you are accused of fighting on the train in San Fransisco, they'll just hold you down and shoot you in the back. Fuck the computer.
That'd probably be this challenge from further up the page - $500 at the moment, and apparently three companies have turned it down after the dd command was mentioned because they 'know' it isn't possible.
The source of the claim seems Gutmann's 1996 article: http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/index.html where he says: "Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read. Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM)." It was challenged already in 2003 http://www.nber.org/sys-admin/overwritten-data-guttman.html where Feenberg writes: "Surveying all the references, I conclude that Gutmann's claim belongs in the category of urban legend." As usual, this story shows that individual claims have to be checked by independent parties. Even the claim that it can not be done.
I hear writing random numbers like 2s and 9s to the drive works REALLY well
"One up, one down, one to polish."
Dave Lister
From the article:
A coin toss is usually referenced as the worst way to try and predict a 50:50 chance event. Disregarding all of the obvious problems (i.e. - that the bits on a hard disk do not have a 50:50 distribution (unless compressed or encrypted), and that a coin is not necessarily the most random thing, I'm still left with a puzzler
If his methods have less chance of prediction than a coin toss, all he has to do is add a "not" gate at the end of his prediction algorithm, and he'll have better chance than a coin toss.
To take this to an extreme, assuming random incoming data, a coin toss has 50% chance of a hit for the next bit. If you find a method that has a 0% chance of a hit, then just flip its output and you'll get a 100% chance of a hit. Lower chances than a coin toss actually mean a good prediction ability
Shachar
To me a more valid concern is the following linear time algorithm to break encryption: /dev/randing a hdd is so easy that if you are paranoid to encrypt your whole hdd, including swap and filenames, then you might as well erase you hdd just to be on the safe side.
1) Invest $1000.
2) Making use of Moore's law, wait until $1000 is enough to buy a machine that can break that now old outdated encryption.
3) Profit!
It seems to me that zeroing or
You want /dev/urandom. Pseudorandom data is plenty for this purpose, and it won't take forever to generate either.
Give me Classic Slashdot or give me death!
I work for an electronics manufacturing company, and with damn near every consumer device "going green" and being RoHS-compliant, we won't have to worry about long-term storage anyway. Things like tin whiskering will ensure that your data will be wiped for you after a few years of use due to malfunction. After that, nothing a sandblaster or a few high-powered rifle rounds can't ensure that it's completely wiped.
Under normal conditions /dev/random would likely take decades, if not centuries, to do the wipe.
... making it easier for the government to control your mind ... just so you know.
I can't help but sit here shaking my head in some disbelief at the comments I've read on this thread. Slashdotters are a technologically savvy community for the most part, and I lost track of the number of times that I saw something to the effect of "The government probably has means/software/tools/hacks to get your info."
Now, I've done extensive work *for* the government in the realm of computer forensics, which is as far as I'll elaborate, and the tools we use are commercially available. Were anyone so inclined, you could even attend or get notes on FBI or DoD taught digital forensics classes.
There's nothing wrong with some good old fashioned suspicion or conspiracy theory, but the *one* area that slashdotters should be mostly competent and knowledgeable on has more of those wild ideas than anywhere else.
I've sent a drive in for data recovery before and was asked which operating system to recover: solaris or Windows NT....
A reinstall is not a drive wipe in regards to forensics. While IT may call it a wipe and refresh the data is easily recovered. It's this confusion between delete, reinstall, format, and wipe that starts unfounded rumors. Not to mention the differences between different file systems.
A wipe is a writing data to EVERY sector. A format does not wipe, a deletion does not wipe and wiping is not common practice. With the size of drives today, you'd practically have to leave it going overnight. Most drives go their whole life without ever once being wiped.
> if you can recover from 1 overwrite, while still being able to get the new data, the
> capacity has just doubled.
Not if it takes hundreds of hours to do and recovers only 3/4 of the data on average. There is a lot of room between "not secure" and "reliable data storage".
It is very unlikely that any of us need worry that our overwritten files will be recovered, though. None of us have secrets that important.
Besides, the bot that controls your Windows box has already uploaded all your passwords.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
The guy's a forensics expert. Of course he's going to tell you one wipe is enough. If you do more than that, he might be out of a job.
I'm surprised he didn't say "It's cool man, just write 'DELETED' in sharpie on the case and your drive will never function again. *snicker*"
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
His chance of retrieval was trivially above the random 50%.
You just could guess _any_ content with the same probability.
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
Pop in a DBAN cd, hit enter. You can tell the boss that you've performed a wipe that meets DoD specifications. There's no real time difference in doing one wipe, which doesn't meet DoD specs, or the three that DBAN does by default. Unless, of course, you are sitting there watching the percent complete go up. If you have free time to do that, how can I apply for your job?
For the google impaired, http://www.dban.org/
The problem there is occasionally the drive wins or claims a draw by destroying the child as well.
Part of most if not all HDDs fall well under the "choking hazard" category.
Problem? I really don't see a down-side here...
Bow-ties are cool.
In the epilogue of http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html, Peter Gutmann basically calls the author of TFA a rtrd.
Apparently, he's confusing two different techniques, and Gutmann claims that, of course it won't work the way he's doing it. He's doing it wrong. You can't use the Magnetic Force Microscope to perform an error cancelling read, it doesn't work. The success rate is - surprise! - less than 1%, exactly like TFA claims.
Also, mentioned in Gutmann's epilogue, TFA confuses an MFM and a scanning electron microscope. They are not the same thing. An MFM reads magnectic levels, it doesn't "see" electrons like a SEL will.
In any case, Gutmann agrees with TFA but for very different reasons. The new encoding techniques nullify the MFM. There is no point using it because it won't give you any usefull information on a modern drive. Also, the extremely high densities mean the only practical and reliable method of recovery is basic error-cancelling techniques, and that's only practical after one wipe. Even then, it's iffy at best.
So yes, a single wipe is probably all you need. But who knows what data recovery techniques will be invented? A single pass is probably good enough right now, but 3-4 random passes is pretty much a sure thing, regardless of future techniques.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
I used to be a blacksmith, and I still have a nice little power-hammer in my workshop that delivers the clout of a 500 lb sledgehammer. I would be willing to bet that my way of disposing of my old disk drives, which involves heating it to about 800 degrees C in my forge and giving it a few taps with that mother would defeat the most earnest efforts of the NSA, since the drive comes out about the thickness of tin-foil.
:-)
Disclaimer:
The NSA has no jurisdiction here in Australia, (yet) and...
They would probably be bored by the contents of my drives anyway, and...
Yes, I am aware that that temperature will demagnetise the platters, but...
It's good fun to do anyway: shiny hot things and lots of noise.
$500! Hot damn. That sure is a pretty penny to pay for something as EXOTIC AND EXPENSIVE as magnetic force microscopy.
Nice theory, but totally full of shit.
I've done contracting for the government, and worked on a proposal which would have required "Secret" clearance for all staff involved. I have also worked with medical records for the local health authority. Finally, I've worked for oil companies that have both liability of both customer records and planned exploration/acquisition to keep private.
You're making the mistake that everyone else on /. is just like you, huddled at home, worried about their pr0n collection. However, some of us are actually computing professionals, working in sensitive areas. Hopefully none of us are using /. as their sole source of useful information, but it's definitely not a bad tertiary source of input.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
That's why the DoD has lowered their standards to a single fixed wipe and to prove it is going to send all of their super secret hard drives to china to be proven that the data is unreadable.
Because the DoD makes ALL its decisions based on sound science. That's why the Air Force took over the CIA's sponsorship of remote viewing in 70s, why the Navy funded research into cold fusion and anti-grav, and why we're buying hand-held polygraphs for troops in Afghanistan.
I mean, I had the same knee jerk suspicion, but I'm not going to hold up the DoD's standards as proof of anything but potentially reasonable paranoia. The Pentagon has a long-demonstrated sweet tooth for junk science.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
If anyone can recover data from a dd if=/dev/zero of=/dev/sda hard drive, I suspect $500 isn't enough financial incentive for that person to reveal his/her ability to do it. $500,000, then we're talking.
I once had a signature.
One reason they require it is simple paranoia. The lengths you go to protect something depends on the value of the thing you are protecting and thus the lengths someone might go to get it. Same reason they use lots of armed, highly trained agents to protect the president. The president is extremely important to the nation and people will go to great lengths to harm him. When you are talking about classified data, you go to the paranoid extreme.
Another reason is inertia. These rules were written back when drives were much simpler and thus easier to recover data from. However the government moves slow and hasn't bothered to update. Remember that time was disks used frequency modulation to store their data. It was a pure binary "every thing above this level is a 1 everything below this other level is a zero." Thus it was much easier to infer what the previous data had been. Now drives store an analogue waveform and analyze that to determine the maximum likely data it represents. It's call EPRML. It sounds like voodoo, but works great and is very reliable. It also plays hell with any attempt to figure out what was on there before since there are no fixed levels for 1 and 0.
So I'm not saying don't do multiple wipes. It doesn't hurt, just realize that just because the government does it doesn't mean you need to do it too. Remember that one wipe screws over any and all methods that don't involve disassembling the drive. So unless you think someone is so interested in your data they'll take the drive apart and put it under a microscope, then one wipe is all you need. That is a whole shitload of work, and requires rather specialized equipment and training. You worried about people like that after your data? You think if they were that interested they wouldn't maybe just come and put a gun to your head to get it?
You need to wipe your drive because it's easy for any bozo to run a program that looks at what's in unallocated space. However you only need one wipe to prevent that.
That whole "reading between the tracks" thing hasn't been true since hard drive head actuators were powered by stepper motors (over 20 years ago). Voice coil head actuators are precise enough to eliminate this concern entirely.
I may make you feel, but I can't make you think.