On Jan 7, 2016, at 1:13 PM, Chuck Guzis <cclist at
sydex.com> wrote:
On 01/07/2016 09:36 AM, Fred Cisin wrote:
I've heard that there are
"standards" for a number of overwrites, and
what patterns to use, . . .
The paper that got the most notice was from Peter Gutmann from the early 90s.
https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
Oh yes, one of my favorite topics. I get a lot of questions where people refer to
"the DoD wiping standard". Unfortunately, there isn't one. There are some
very old documents that give suggestions, but those seem to have expired long ago.
Gutmann's document is similarly old. Any decade-old rule suffers from the fact that
drive technology has changed drastically, and considerations that were valid then are no
longer valid. Gutmann did great work at the time, and his contribution deserves to be
honored, but it has very much been superseded by technology change. Tracks are so much
smaller and margins so tiny that multiple erasures don't add much if anything.
On the other hand, block replacement, and especially the write remapping done by SSDs, can
leave stuff in places you can't even see until you take the device apart. In fact,
hard drives are not much of an issue, but SSDs should make you worry.
Incineration should work, but use enough heat. Shredding is questionable, unless the
particles are very small. I think high end shredders are required to produce particles
less than 1/32 inch in size.
Much more recent work on erase was done by Gordon Hughes at UCSD. See
http://cmrr.ucsd.edu/people/Hughes/secure-erase.html for more.
If you want data security and don't like destroying your hardware, SED
("self-encrypting drives") are a solution. Those encrypt all data, and
"erase" by discarding and replacing the data encryption key. So all your
sectors instantly turn to random noise. SSD versions of those are starting to appear,
which addresses the invisible old copies problem that regular SSDs have. The great thing
of an SED is not just the security of its erase function, but in particular the speed: it
takes only seconds to destroy all the data on the drive.
paul