tech-security: Re: securely erasing a hard disk

Subject: Re: securely erasing a hard disk
To: Philip Jensen <philiprjensen@gmail.com>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-security
Date: 10/21/2005 02:08:27
In message <e14f4ca0510201735t4f23cdfeja44d3d8f3bb8993d@mail.gmail.com>, Philip
 Jensen writes:
>I am wanting to understand the risk outlined in this paper:-
>http://wipe.sourceforge.net/secure_del.html
>
>Is it widely acknowledged that a disk (or file) needs to be
>overwritten up to 30 times in order to remove any traceable
>information on the magnetic media for the file?

I don't know of any *public* source that I'd trust on this -- the paper 
you cite is almost 10 years old, and disk technology has changed a lot 
since then.  Have a look at http://dban.sourceforge.net/faq/index.html
which quotes the author of that paper as saying 

	"in the time since this paper was published, some people
	have treated the 35-pass overwrite technique described in
	it more as a kind of voodoo incantation to banish evil
	spirits than the result of a technical analysis of drive
	encoding techniques. As a result, they advocate applying
	the voodoo to PRML and EPRML drives even though it will
	have no more effect than a simple scrubbing with random
	data... For any modern PRML/EPRML drive, a few passes of
	random scrubbing is the best you can do".  >

>If so, then does the -P switch for the NetBSD rm command really
>provide the "security" of data erasure people think they are getting? 
>Or should the man page have an addition of "If you are serious about
>removing all traces of this file then ......."?
>
>Lastly, how long would it take to retrieve the contents of a disk (or
>file) which has been overwritten with `dd if=/dev/zero of=/dev/rsd0c`?
>

Who is trying to do the retrieval?  What are they wiling to spend?  How 
good are they?

The free product that purports to do the best job of erasing a disk
is dban, "Darik's Boot and Nuke" -- see http://dban.sourceforge.net/.
(Someone, probably me, should put it in pkgsrc.)  But even it has its
limits.  This is from the FAQ:

	Q: Does DBAN wipe remapped sectors?

	A: No.

	Q: Does DBAN wipe the Host Protected Area ("HPA")?

	A: No.

	Most vendors that are using the HPA have a toggle for it
	in the BIOS setup program. Future releases of DBAN may
	override or dishonor the HPA.

The author also notes that there are some other situations where it
won't work, including a serious enemy, and says "If you are seriously
concerned about any of these situations, then consider drilling open your
hard disk, grinding down the platters, and melting all of the parts in a
furnace."

A better source for that paper you pointed to is the author's copy, at
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html (and you should
notify the maintainer of that page).  Peter's own version has an Epilogue
that says "Looking at this from the other point of view, with the
ever-increasing data density on disk platters and a corresponding
reduction in feature size and use of exotic techniques to record data on
the medium, it's unlikely that anything can be recovered from any recent
drive except perhaps one or two levels via basic error-cancelling
techniques."