tech-security: Re: securely erasing a hard disk

Subject: Re: securely erasing a hard disk
To: Philip Jensen <philiprjensen@gmail.com>
From: Travis H. <solinym@gmail.com>
List: tech-security
Date: 10/21/2005 13:08:52
The Peter Gutmann paper is the seminal paper on this subject, read that.

Basically, the problem is unsolvable.

The best solution is to never write plaintext to the drive in the first pla=
ce.

You can, with varying degrees of thoroughness, wipe things.

Unlinking alone is no good.  There are commercial tools to undelete.

Format is worthless, as it just reads most of the surface, to find bad
sectors.  It overwrites less than 1% of the data, just enough to mark
it as blank.  Don't let the long run time fool you; it's not
overwriting.

See Simson Garfinkel's paper "A Remembrance of Data Past" for a good
analysis of what you can find on used hard drives.

Overwrite once is pretty good.  You might be able to recover it with
e.g. Spinrite, but it will take a while.

Overwrite with several non-random passes is decent, you might be able
to recover the data with sensitive heads and signal processing that
removes the bias introduced by the overwrites, assuming the attacker
knows what you overwrote it with.  This will require a sensitive read
head and some signal processing to subtract the effect of overwriting.

Overwrites with random data might be okay, assuming people can't
predict the output of your PRNG.  rand(3) is fast but no good.  Better
invest in a HWRNG with high bandwidth.  I recommend the quantis random
number generator.

Overwrites with good random data and all the Gutmann patterns might be
okay, depending on exactly where the disk heads settled on the tracks
you're interested in.  The fringe bands can be recovered with a
magnetic force microscope.  It seems reasonable that someone could use
some optical signal processing to automate the process, if they were
suitably interested or did this for a living.

Here's an image of an overwritten data track taken using a MFM,
clearly showing the bands of old data on each side:
http://www.veeco.com/nanotheatre/imagesBig/11mfm.gif

Remapped bad sectors may forever be beyond your abililty to overwrite.
--
http://www.lightconsulting.com/~travis/  -><-
"We already have enough fast, insecure systems." -- Schneier & Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B