Subject: Re: securely erasing a hard disk
To: Steven M. Bellovin <email@example.com>
From: Florian Stoehr <firstname.lastname@example.org>
Date: 10/21/2005 12:01:37
On Fri, 21 Oct 2005, Steven M. Bellovin wrote:
> In message <email@example.com>, Philip
> Jensen writes:
>> I am wanting to understand the risk outlined in this paper:-
>> Is it widely acknowledged that a disk (or file) needs to be
>> overwritten up to 30 times in order to remove any traceable
>> information on the magnetic media for the file?
> I don't know of any *public* source that I'd trust on this -- the paper
> you cite is almost 10 years old, and disk technology has changed a lot
> since then. Have a look at http://dban.sourceforge.net/faq/index.html
> which quotes the author of that paper as saying
> "in the time since this paper was published, some people
> have treated the 35-pass overwrite technique described in
> it more as a kind of voodoo incantation to banish evil
> spirits than the result of a technical analysis of drive
> encoding techniques. As a result, they advocate applying
> the voodoo to PRML and EPRML drives even though it will
> have no more effect than a simple scrubbing with random
> data... For any modern PRML/EPRML drive, a few passes of
> random scrubbing is the best you can do". >
>> If so, then does the -P switch for the NetBSD rm command really
>> provide the "security" of data erasure people think they are getting?
>> Or should the man page have an addition of "If you are serious about
>> removing all traces of this file then ......."?
>> Lastly, how long would it take to retrieve the contents of a disk (or
>> file) which has been overwritten with `dd if=/dev/zero of=/dev/rsd0c`?
> Who is trying to do the retrieval? What are they wiling to spend? How
> good are they?
> The free product that purports to do the best job of erasing a disk
> is dban, "Darik's Boot and Nuke" -- see http://dban.sourceforge.net/.
> (Someone, probably me, should put it in pkgsrc.) But even it has its
> limits. This is from the FAQ:
> Q: Does DBAN wipe remapped sectors?
> A: No.
> Q: Does DBAN wipe the Host Protected Area ("HPA")?
> A: No.
> Most vendors that are using the HPA have a toggle for it
> in the BIOS setup program. Future releases of DBAN may
> override or dishonor the HPA.
> The author also notes that there are some other situations where it
> won't work, including a serious enemy, and says "If you are seriously
> concerned about any of these situations, then consider drilling open your
> hard disk, grinding down the platters, and melting all of the parts in a
> A better source for that paper you pointed to is the author's copy, at
> http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html (and you should
> notify the maintainer of that page). Peter's own version has an Epilogue
> that says "Looking at this from the other point of view, with the
> ever-increasing data density on disk platters and a corresponding
> reduction in feature size and use of exotic techniques to record data on
> the medium, it's unlikely that anything can be recovered from any recent
> drive except perhaps one or two levels via basic error-cancelling
I implemented the Gutmann 35-pass method for NetBSD. This is
in pkgsrc-wip as "neb-wipe".
I updated it for 64-bit platforms, but have not committed it yet
(although it worked for me on 32-bit platforms).
Can run 35-pass as well as user-defined number of random passes.
Note that this can wipe disklabel slices as well as whole
And, like dban, it will not wipe remapped sectors or hpa.