[vox-tech] Secure Wiping hard drives

Bill Broadley bill at broadley.org
Fri May 11 19:36:11 PDT 2012 

On 05/11/2012 09:32 AM, Darth Borehd wrote:
> We need a fast way to securely wipe hard drives.

As you might imagine the faster the less secure.

Are you trying to protect against:
* A determined attacker with a $10M budget?
* An expert willing to do disk surgery?
* Someone that wants 99% of the drive?
* Someone that wants even just a few 100 bits?
* Joe Random running some undelete/recovery tool?

The knee in the curve is to use the ATA Secure Erase or a single pass
random overwrite.

> Is there really any way to recover data after doing 1 pass writing zeros to
> every sector? (This is what we are doing now using the free version of
> Active Killbits, but it takes over an hour per hard drive.)

Yeah, zillions of ways to do that.  Linux dd will happily do this as
well.  Keep in mind that an overwrite will NOT overwrite any sectors
marked bad.  Secure erase should make it much harder to read those
sectors marked bad.

The only secure way to instantly securely erase a drive are physical
means (destruction) or to use a strong password in the first place (and
make sure the attacker doesn't have said password).

> If we repartition and reformat Windows NTFS drives as Ext3, is there any
> way to recover data from them?  (We found this method is faster, but are
> not sure if it is as secure as the above.)

Yeah, that's will stop only the most casual of attacks.   Someone even
moderately curious about the used computer/drive they bought used might
well run a partition/file recovery tool and easily get close to 100% of
your data back.

> The company will not pay for a degausser.
> 
> Safety requirements prevent us from doing physical destruction of the
> "sledge-o-matic" variety.
> 
> We use a computer recycler, but do not trust them 100% to destroy our
> data.  We know for a fact that equipment they get from us sit unguarded in
> a warehouse for months before destruction.

Within your constraints I think you already have the best solution.

> Interested in hearing opinions on this.

Keep in mind that Peter Gutmann did design a series of 35 patterns for
overwriting, but he also does NOT advocate overwriting 35 times.  A quote:
  In the time since this paper was published, some people have treated
  the 35-pass overwrite technique described in it more as a kind of
  voodoo incantation to banish evil spirits than the result of a
  technical analysis of drive encoding techniques. As a result, they
  advocate applying the voodoo to PRML and EPRML drives even though it
  will have no more effect than a simple scrubbing with random data.

So while theoretically someone could recover some bits from a drive
overwritten once, the labor required to make a VERY high resolution
magnetic image (this takes a LONG time on a very expensive machine) it's
not a practical attack.  Someone's more likely to throw large bundles of
cash at your janitor before attempting such extreme measures.

So in cases where serious cases of espionage at the corporate of
government level physical destruction is the standard.  But if you are
just trying to protect the random personal information a single
overwrite should be plenty.  Granted random numbers (or pseudo random)
is likely to be somewhat better that zeros.

More information about the vox-tech mailing list