Announcement

Collapse
No announcement yet.

Secure deletion: a single overwrite will do it

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secure deletion: a single overwrite will do it

    Who actually believes this?

    http://www.h-online.com/news/Secure-...do-it--/112432

    The myth that to delete data really securely from a hard disk you have to overwrite it many times, using different patterns, has persisted for decades, despite the fact that even firms specialising in data recovery, openly admit that if a hard disk is overwritten with zeros just once, all of its data is irretrievably lost.

    Craig Wright, a forensics expert, claims to have put this legend finally to rest. He and his colleagues ran a scientific study to take a close look at hard disks of various makes and different ages, overwriting their data under controlled conditions and then examining the magnetic surfaces with a magnetic-force microscope. They presented their paper at ICISS 2008 and it has been published by Springer AG in its Lecture Notes in Computer Science series (Craig Wright, Dave Kleiman, Shyaam Sundhar R. S.: Overwriting Hard Drive Data: The Great Wiping Controversy).
    The guy's paper is here:

    http://www.springerlink.com/content/408263ql11460147/
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

  • #2
    Re: Secure deletion: a single overwrite will do it

    TFB Theory: Data recovery houses are pushing the story so people will not bother to do a thorough wipe of the drive, but only wipe it once.

    Reality: I don't know, I read a similar article shortly after Shmoocon, that basically said that overwriting once was enough as well, and even the whole electron microscope idea was a farce.

    I still do a DoD wipe on any drive that is being returned regardless of what they say, since it's relatively easy to do. Any drive that isn't being returned to the vendor for warranty work is thoroughly destroyed.

    (harddrive platters make a nice mobile to hang in your office.)
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

    Comment


    • #3
      Re: Secure deletion: a single overwrite will do it

      (harddrive platters make a nice mobile to hang in your office.)
      Then if you have even *more* time on your hands:

      Comment


      • #4
        Re: Secure deletion: a single overwrite will do it

        A single zero-wipe will put recovery out of the hands of home users, advanced home hackers, and most data recovery firms. The only group of people that could even possibly recover the data are well-funded groups supported either by a government or high-powered corporation.
        Against an adversary with such power/wealth, the contents of your HDD are practically moot, anyway (in most cases).

        edit:
        my point, as demonstrated by an xkcd comic.
        http://xkcd.com/538/

        Even if data recovery after a zero-wipe is possible, it's not likely to happen.
        It's not stupid, it's advanced.

        Comment


        • #5
          Re: Secure deletion: a single overwrite will do it

          Originally posted by YenTheFirst View Post
          A single zero-wipe will put recovery out of the hands of home users, advanced home hackers, and most data recovery firms. The only group of people that could even possibly recover the data are well-funded groups supported either by a government or high-powered corporation.
          Against an adversary with such power/wealth, the contents of your HDD are practically moot, anyway (in most cases).

          edit:
          my point, as demonstrated by an xkcd comic.
          http://xkcd.com/538/

          Even if data recovery after a zero-wipe is possible, it's not likely to happen.
          And thats exactly why the DoD has its standard. They aren't concerned about Dateline reporters buying surplus computers and recovering the data for embarrassing and hilarious results. Their threats are the nation states and groups that have those kinds of resources at their disposal to go above and beyond what Bob's Bait and Data Recovery Warehouse can do.

          I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

          Comment


          • #6
            Re: Secure deletion: a single overwrite will do it

            Originally posted by noid View Post
            Bob's Bait and Data Recovery Warehouse can do.
            Hey, I sent my drives there, they did a damn find job, even with the drives coming back smelling of fishguts.

            On a serious note, if you're returning a drive with sensitive, the cost of doing a DoD wipe on the drive is minimal compared to the embarrassment your company could suffer if you didn't do it, and your data was recovered.
            Last edited by streaker69; March 11, 2009, 13:27.
            A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

            Comment


            • #7
              Re: Secure deletion: a single overwrite will do it

              I thought the DoD standard involved a sledgehammer as well, but I don't see people using that, either.
              Being secure even against imaginary threats, or threats only believed to be imaginary, is part of the job of an organization like the DoD. For a home user, though, it's unnecessary. Not much more difficult, if you use something like DBAN, but if you're impatient, zero-wipe really does work.

              semi TFB theory:
              Note that a single random wipes should be a bit slower than a simple zero wipe. If a criminal/terrorist/whatever gets a tip-off that the feds are after them, and they believe a slower wipe is necessary, that adds an extra time to get the computer before the first wipe completes. I doubt it would make much of a difference, maybe 30 minutes on a really big drive, but still. Then again, a smart wiper might just use the sledgehammer.

              Hmm. if you smash a hard drive without wiping, though, data might still be recoverable - right?
              It's not stupid, it's advanced.

              Comment


              • #8
                Re: Secure deletion: a single overwrite will do it

                Originally posted by YenTheFirst View Post
                I thought the DoD standard involved a sledgehammer as well, but I don't see people using that, either.
                Being secure even against imaginary threats, or threats only believed to be imaginary, is part of the job of an organization like the DoD. For a home user, though, it's unnecessary. Not much more difficult, if you use something like DBAN, but if you're impatient, zero-wipe really does work.

                semi TFB theory:
                Note that a single random wipes should be a bit slower than a simple zero wipe. If a criminal/terrorist/whatever gets a tip-off that the feds are after them, and they believe a slower wipe is necessary, that adds an extra time to get the computer before the first wipe completes. I doubt it would make much of a difference, maybe 30 minutes on a really big drive, but still. Then again, a smart wiper might just use the sledgehammer.

                Hmm. if you smash a hard drive without wiping, though, data might still be recoverable - right?
                Unfortunately my homepage is currently down, but I have some videos that I did of harddrive destruction. One was folding a harddrive in half with a big vice. The platters shattered, so I doubt that the data would be recoverable if you smashed it with a hammer.

                I did a 3pass wipe on the last drive I sent back and it took about 3 hours to run on an 80G drive, if you need something faster, I'd suggest thermite with a detonator connected to the delete key (Die Hard 4).
                A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                Comment


                • #9
                  Re: Secure deletion: a single overwrite will do it

                  I talked with a man who worked with the NSA / NISSC back in the day that looked into the effectiveness of wipes. Now grated this is work done on MFM and RLL drives and who knows how it works with the new perpendicular recording technology.

                  He said it was more important that there be time between the wipes. This was because the magnetic particles tend to re-align themselves to the last state on the disk surface, even if you overwrite 10 times all in a row at some point they statistically realign to the state they were in for the most amount of time. If you overwrite, wait an hour, overwrite, wait an hour etc. then you are changing the state after they re-align - but nobody wanted to wait that long so doing a jillion overwrites was the next best thing.

                  Now that sounds like voodoo to me, but it made me think of problems they have with old school ring memory that was used to store crypto keys in military gear that had to be EMP proof. If you re-energized the memory over and over again at some point you could statistically calculate if the ring memory had spent its life in a 0 or a 1 state. To prevent this you had to 'rotate' your keys through ring memory so they wouldn't always occupy the same space.

                  Me? I do a full disk encryption then one pass overwrite, or a drill, or a .223, or sometimes a hammer. I'll be recording my new method this weekend, thermite on a stack of drives to see how many melt through. I'll post it one way or the other!
                  PGP Key: https://defcon.org/html/links/dtangent.html

                  Comment


                  • #10
                    Re: Secure deletion: a single overwrite will do it

                    Originally posted by Dark Tangent View Post

                    Me? I do a full disk encryption then one pass overwrite, or a drill, or a .223, or sometimes a hammer. I'll be recording my new method this weekend, thermite on a stack of drives to see how many melt through. I'll post it one way or the other!
                    If the drive isn't serviceable, I hit it with the drill press. Some of my friends in SoCal made the 'blogosphere' a few years back by documenting how they smelted them in their backyard foundry.

                    If the drive is serviceable, i do roughly the same thing. I encrypt it, then wipe it with DBAN.

                    In regards to thermite + hard drives + this weekend..um..need a ride? I can sight my M4 in on the remainder.

                    I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

                    Comment


                    • #11
                      Re: Secure deletion: a single overwrite will do it

                      My typical approach for wiping a drive is to boot a Linux live CD and dd it (once) with /dev/urandom. Then for fun I might take a hammer to the drive controller's logic board.

                      Sounds like from this I could get away with /dev/zero
                      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
                      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
                      [ redacted ]

                      Comment


                      • #12
                        Re: Secure deletion: a single overwrite will do it

                        Originally posted by noid View Post
                        Some of my friends in SoCal made the 'blogosphere' a few years back by documenting how they smelted them in their backyard foundry.
                        bah.. beaten again. I saw this as well and I was gonna comment on it ;/ http://driveslag.eecue.com/

                        We use DBAN at work to wipe HDDs that have NCIC/FCIC data on it and its good enough for FDLE :3 We use the DoD standard.
                        Last edited by g3k_; March 11, 2009, 15:14. Reason: hah, my post included a link :D
                        "As Arthur C Clarke puts it, "Any sufficiently advanced technology is indistinguishable from magic". Here is my corollary: "Any sufficiently technical expert is indistinguishable from a witch"."

                        Comment


                        • #13
                          Re: Secure deletion: a single overwrite will do it

                          Secure file deletion.
                          http://web.mac.com/barrywoods/Site/DOD_drive_wipe.html
                          http://web.mac.com/barrywoods/Site/D...rough_it!.html
                          http://web.mac.com/barrywoods/Site/M...struction.html

                          I need to fix my page links, they do a little dance on some of the pages......


                          Originally posted by streaker69 View Post

                          (harddrive platters make a nice mobile to hang in your office.)
                          Pics or it didn't happen!
                          Last edited by barry99705; March 11, 2009, 18:05.

                          Comment


                          • #14
                            Re: Secure deletion: a single overwrite will do it

                            Originally posted by bascule View Post
                            My typical approach for wiping a drive is to boot a Linux live CD and dd it (once) with /dev/urandom. Then for fun I might take a hammer to the drive controller's logic board.

                            Sounds like from this I could get away with /dev/zero
                            I used to always boot then dd /dev/zero, but someone recommended DBAN once. It has an option for a zero wipe mode, but it runs much more quickly, in my experience. (I guess it sets the block size correctly or something)
                            It's not stupid, it's advanced.

                            Comment


                            • #15
                              Re: Secure deletion: a single overwrite will do it

                              Scott Moulton's talk at Shmoocon explained the easiest and quickest way to wipe a drive is using Secure Erase which is built into the drive itself--not software!
                              "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

                              Comment

                              Working...
                              X