[vox] Wipe data

Bill Broadley bill at broadley.org
Sat Feb 21 00:00:52 PST 2015


On 02/20/2015 11:06 PM, Rick Moen wrote:
>> I'd recommend a single overwrite with dd, or just to a ATA Secure Erase.
> 
> Not tested, but here are some tips about using ATA Secure Erase using a
> gratis utility for DOS (which means you can presumably use it from a
> FreeDOS image):
> http://www.zdnet.com/article/how-to-really-erase-a-hard-drive/

Or just from linux.

> Bill, I had the impression that Dban was a good bit better than
> single-pass dd'ing, and that the disclaimers were primarily intended as
> an answer to the 'Are you guaranteeing that $BIG_TLA_AGENCY cannot
> recover my data after Dban?' people, but that it's good enough for most
> needs.

Well there's a ton of incorrect legacy information about disk wiping,
much played up by the folks selling such utilities.  There's been a huge
amount of confusion around the "Gutamann mathod" that involved writing
over 30 patterns to disk.  Even the author mentions he never intended
for anyone to do that, just that each one was optimized for a particular
technology.  Not that even 2-3 wipes wasn't plenty in 1996 and it's
gotten quite a bit harder to recover isnce then.

Sure if you are worried about a $10M scanner and man weeks of very
highly paid staff scanning your disk at a uber high resolution and
producing a few petabytes of data and doing a statistical analysis of
the track edges to try to peal back the previous right you might want to
do more than one pass.

Sure if you are Edward Snowden and the full might of the NSA is focused
on you, then you use physical description... or encryption.

But for anything less (from wiki)
* According to the 2006 NIST Special Publication 800-88 Section 2.3 (p.
  6): "Basically the change in track density and the related changes in
  the storage medium have created a situation where the acts of
  clearing and purging the media have converged. That is, for ATA disk
  drives manufactured after 2001 (over 15 GB) clearing by overwriting
  the media once is adequate to protect the media from both keyboard
  and laboratory attack
* According to the 2006 Center for Magnetic Recording Research Tutorial
  on Disk Drive Data Sanitization Document (p. 8): "Secure erase does a
  single on-track erasure of the data on the disk drive. The U.S.
  National Security Agency published an Information Assurance
  Approval[citation needed] of single-pass overwrite, after technical
  testing at CMRR showed that multiple on-track overwrite passes gave
  no additional erasure."[23] "Secure erase" is a utility built into
  modern ATA hard drives that overwrites all data on a disk, including
  remapped (error) sectors.[24]
* Further analysis by Wright et al. seems to also indicate that one
  overwrite is all that is generally required. [25]

So unless you have more expertise than NIST, the Center for Magnetic
Recording Research, and the NSA I'd just go with one wipe or secure erase.

> Back when I helped build an HPC cluster for LLNL, they would never send
> back a deployed hard drive for any reason, and my understanding was that 
> HDs were 'retired' using thermite.  _That's_ secure erasure.

Well Governments, bureaucracy, and low paid gov employees being what
they are, they are worried about the mistakes, made on Friday, because
someone wants to take off early.  It's much easier to verify that a disk
is visually destroyed/melted/turned into small flakes than it is to make
sure the write software was run for hours.  It's also much easier to
witness.  I believe the related policies require one person to destroy
and a second person to watch.  Not to mention even a full wipe might
fail part way through if there's a malfunction.  When hammers
malfunction you can just grab another ;-).

> I've mostly worked with SCSI drives and guestimated that low-level
> reformatting them using a SCSI HBA's firmware routines is good enough.

Single wipe is quite good, especially since drives have gotten quite a
bit denser since 2001.  If you are worried about the 0.1% of sectors
that might have been remapped then do the secure erase.  But sure if the
value of the data is huge, and the consequences of even a few bits
escaping is dire then physically destory the drive.  Doubly so if your
enemy has a huge budget, expertise, and fancy time then melting or
shredding is the ultimate protection.

Math exercise for the bored, assume:
* 6TB drive has 6x10^12 bytes
* has 7 platters (both sides are used)
* outer diameter of platter is 2.5"
* inner diameter of the platter is 1.5"
* 340,000 tracks per inch

How big is a bit?

If a track overwrite covers 97.5% of a track what resolution do you need
to see the 5%?

If you image 7 platters at that resolution how much data is that?




More information about the vox mailing list