Subject: Re: securely erasing a hard disk
To: Jan Danielsson <>
From: Philip Jensen <>
List: tech-security
Date: 10/21/2005 15:04:45
On 10/21/05, Jan Danielsson <> wrote:
> Philip Jensen wrote:
> > I am wanting to understand the risk outlined in this paper:-
> >
> >
> > Is it widely acknowledged that a disk (or file) needs to be
> > overwritten up to 30 times in order to remove any traceable
> > information on the magnetic media for the file?
>    Hmm.. 30 times isn't enough. You'll never be able to get rid of the
> first set of data you wrote to the disk by overwriting it. Not the
> second set of data either... Probably not third, and perhaps not even
> the fourth.
>    If you are going to store sensitive data which you do not want to be
> recoverable, you should fill the disk with random data a couple of times
> before you start using it seriously.
> > If so, then does the -P switch for the NetBSD rm command really
> > provide the "security" of data erasure people think they are getting?
> > Or should the man page have an addition of "If you are serious about
> > removing all traces of this file then ......."?
>    The manual page should probably state that someone _really_
> determined will be able to recover certain ("early") data no matter how
> many times you overwrite it.

I agree.

> > Lastly, how long would it take to retrieve the contents of a disk (or
> > file) which has been overwritten with `dd if=3D/dev/zero of=3D/dev/rsd0=
> With limited or unlimited resources?

Either, any ideas?