Subject: Re: securely erasing a hard disk
To: Philip Jensen <>
From: Ken Seefried <>
List: tech-security
Date: 10/21/2005 00:12:24
Philip Jensen wrote:

>I am wanting to understand the risk outlined in this paper:-
Wether or not this a "risk" that you should care about depends on your 
unique threat environment.

Yes...there exists technology to recover information otherwise thought 
deleted from a hard disks and other media (cds, tapes, etc.).  This is 
not's been a subject of interest since the beginning of 
computer storage. I did my time 20 years ago or so with an obscenely 
powerful bulk eraser (electromagnet) and a metric ton or so of 9-track 
reel tapes (universities are cheap, and it's cheaper to get a student 
intern to erase tapes, and irridate their gonads till they glow, than to 
buy new tapes...I was engaged to a nuclear physicist at the time...I'm 
not kidding about the glowing gonads).  Amazingly, I subsequently had a 
child who so far seems to be perfect.  I've clearly used up any and all 
karma I might have stored up...

P.S. - Okay...I was actually kidding.  I know that electromagents won't 
induce glowing to gonads.  It was a joke.  Let it go.  Don't send me 
hate mail.  The cesium that my 
then-finace-that-got-smart-and-got-rid-of-me spilled all over the place 
in the campus nuclear reactor might, however, have caused her 'nads to 
glow.  Or not.  It was 20 years ago.  I hear she had normal kids, 
too...probably really attractive and smart ones.  Don't send me hate 
mail.  Only public ridicule lives down that path.

>Is it widely acknowledged that a disk (or file) needs to be
>overwritten up to 30 times in order to remove any traceable
>information on the magnetic media for the file?
There are any number of theories about what will really delete 
information from a disk.  Most of them, as far as I can tell, make bad 
or outdated assumptions about the underlying storage device.  That 
is...they don't work except against trivial recovery efforts. There are 
tools that anyone can get to recover normally deleted files.  There are 
companies that can recover more agressively deleted data for a price.  
There are government entities that can do vastly more.

If this is really, truly an issue for you (and it probably isn't), keep 
your naughty bits on media that you can quickly physically destroy.  
Burning tapes or cds is good; sandblasting hard disk platers is normal.  
N.B. - shredding CDs or breaking up disk platters isn't enough for 
really dedicated recovery efforts.

>If so, then does the -P switch for the NetBSD rm command really
>provide the "security" of data erasure people think they are getting? 
>Or should the man page have an addition of "If you are serious about
>removing all traces of this file then ......."?
Others have pointed out how problematic this solution is.

>Lastly, how long would it take to retrieve the contents of a disk (or
>file) which has been overwritten with `dd if=/dev/zero of=/dev/rsd0c`?
Well, that depends.  Is the recovering agent "Ken in his basement" or 
"the NSA with an axe to grind"?  "How long" is radically different 
depending on your answer.