<div dir="ltr">I recall using a utility called "shred" to securely erase files. It did do many passes<div>to completely erase the data. I used it once on a 1 gigabyte drive and it took</div><div>8 hours. So I guess that would mean 8000 hours for a one terabyte drive.</div><div><br></div><div>Richard</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Feb 21, 2015 at 12:00 AM, Bill Broadley <span dir="ltr"><<a href="mailto:bill@broadley.org" target="_blank">bill@broadley.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 02/20/2015 11:06 PM, Rick Moen wrote:<br>
>> I'd recommend a single overwrite with dd, or just to a ATA Secure Erase.<br>
><br>
> Not tested, but here are some tips about using ATA Secure Erase using a<br>
> gratis utility for DOS (which means you can presumably use it from a<br>
> FreeDOS image):<br>
> <a href="http://www.zdnet.com/article/how-to-really-erase-a-hard-drive/" target="_blank">http://www.zdnet.com/article/how-to-really-erase-a-hard-drive/</a><br>
<br>
</span>Or just from linux.<br>
<span class=""><br>
> Bill, I had the impression that Dban was a good bit better than<br>
> single-pass dd'ing, and that the disclaimers were primarily intended as<br>
> an answer to the 'Are you guaranteeing that $BIG_TLA_AGENCY cannot<br>
> recover my data after Dban?' people, but that it's good enough for most<br>
> needs.<br>
<br>
</span>Well there's a ton of incorrect legacy information about disk wiping,<br>
much played up by the folks selling such utilities. There's been a huge<br>
amount of confusion around the "Gutamann mathod" that involved writing<br>
over 30 patterns to disk. Even the author mentions he never intended<br>
for anyone to do that, just that each one was optimized for a particular<br>
technology. Not that even 2-3 wipes wasn't plenty in 1996 and it's<br>
gotten quite a bit harder to recover isnce then.<br>
<br>
Sure if you are worried about a $10M scanner and man weeks of very<br>
highly paid staff scanning your disk at a uber high resolution and<br>
producing a few petabytes of data and doing a statistical analysis of<br>
the track edges to try to peal back the previous right you might want to<br>
do more than one pass.<br>
<br>
Sure if you are Edward Snowden and the full might of the NSA is focused<br>
on you, then you use physical description... or encryption.<br>
<br>
But for anything less (from wiki)<br>
* According to the 2006 NIST Special Publication 800-88 Section 2.3 (p.<br>
6): "Basically the change in track density and the related changes in<br>
the storage medium have created a situation where the acts of<br>
clearing and purging the media have converged. That is, for ATA disk<br>
drives manufactured after 2001 (over 15 GB) clearing by overwriting<br>
the media once is adequate to protect the media from both keyboard<br>
and laboratory attack<br>
* According to the 2006 Center for Magnetic Recording Research Tutorial<br>
on Disk Drive Data Sanitization Document (p. 8): "Secure erase does a<br>
single on-track erasure of the data on the disk drive. The U.S.<br>
National Security Agency published an Information Assurance<br>
Approval[citation needed] of single-pass overwrite, after technical<br>
testing at CMRR showed that multiple on-track overwrite passes gave<br>
no additional erasure."[23] "Secure erase" is a utility built into<br>
modern ATA hard drives that overwrites all data on a disk, including<br>
remapped (error) sectors.[24]<br>
* Further analysis by Wright et al. seems to also indicate that one<br>
overwrite is all that is generally required. [25]<br>
<br>
So unless you have more expertise than NIST, the Center for Magnetic<br>
Recording Research, and the NSA I'd just go with one wipe or secure erase.<br>
<span class=""><br>
> Back when I helped build an HPC cluster for LLNL, they would never send<br>
> back a deployed hard drive for any reason, and my understanding was that<br>
> HDs were 'retired' using thermite. _That's_ secure erasure.<br>
<br>
</span>Well Governments, bureaucracy, and low paid gov employees being what<br>
they are, they are worried about the mistakes, made on Friday, because<br>
someone wants to take off early. It's much easier to verify that a disk<br>
is visually destroyed/melted/turned into small flakes than it is to make<br>
sure the write software was run for hours. It's also much easier to<br>
witness. I believe the related policies require one person to destroy<br>
and a second person to watch. Not to mention even a full wipe might<br>
fail part way through if there's a malfunction. When hammers<br>
malfunction you can just grab another ;-).<br>
<span class=""><br>
> I've mostly worked with SCSI drives and guestimated that low-level<br>
> reformatting them using a SCSI HBA's firmware routines is good enough.<br>
<br>
</span>Single wipe is quite good, especially since drives have gotten quite a<br>
bit denser since 2001. If you are worried about the 0.1% of sectors<br>
that might have been remapped then do the secure erase. But sure if the<br>
value of the data is huge, and the consequences of even a few bits<br>
escaping is dire then physically destory the drive. Doubly so if your<br>
enemy has a huge budget, expertise, and fancy time then melting or<br>
shredding is the ultimate protection.<br>
<br>
Math exercise for the bored, assume:<br>
* 6TB drive has 6x10^12 bytes<br>
* has 7 platters (both sides are used)<br>
* outer diameter of platter is 2.5"<br>
* inner diameter of the platter is 1.5"<br>
* 340,000 tracks per inch<br>
<br>
How big is a bit?<br>
<br>
If a track overwrite covers 97.5% of a track what resolution do you need<br>
to see the 5%?<br>
<br>
If you image 7 platters at that resolution how much data is that?<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
_______________________________________________<br>
vox mailing list<br>
<a href="mailto:vox@lists.lugod.org">vox@lists.lugod.org</a><br>
<a href="http://lists.lugod.org/mailman/listinfo/vox" target="_blank">http://lists.lugod.org/mailman/listinfo/vox</a><br>
</div></div></blockquote></div><br></div>