Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Single Drive Wipe Protects Data

CmdrTaco posted more than 5 years ago | from the two-wipes-are-better-than-one dept.

Data Storage 625

ALF-nl writes "A forensics expert claims that wiping your hard drives with just one pass already makes it next to impossible to recover the data with an electron microscope." But that's not accounting for the super secret machines that the government has, man.

Sorry! There are no comments related to the filter you selected.

One wipe is not enough. (5, Funny)

htnmmo (1454573) | more than 5 years ago | (#26515481)

One wipe is never enough.

Didn't your mommy teach you anything?

Especially true after Taco Bell.

Re:One wipe is not enough. (0)

Anonymous Coward | more than 5 years ago | (#26515499)

Why would I bring a hard drive to Taco Bell? Do they have Wi-Fi now, like Panera's?

Re:One wipe is not enough. (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26515549)

No you dipshit. Go back to jacking off to hentai before I put you back in your mom's ass.

Re:One wipe is not enough. (1)

pharwell (854602) | more than 5 years ago | (#26515809)

Actually, they do. At least the newer or remodeled ones. Older ones might not have it yet, but it's becoming more prevalent.

Re:One wipe is not enough. (0)

Anonymous Coward | more than 5 years ago | (#26515537)

One wipe is never enough.

Didn't your mommy teach you anything?

Especially true after Taco Bell.

Am I the only one who doesn't experience this adverse reaction to Taco Bell?

Re:One wipe is not enough. (0)

Anonymous Coward | more than 5 years ago | (#26515683)

Nope. It's pretty lousy food, but I don't think I've ever had digestive troubles with it, unlike other poor-quality food I've eaten.

Re:One wipe is not enough. (1)

jovius (974690) | more than 5 years ago | (#26515663)

With all the mess around I think that's the general government policy.

Re:One wipe is not enough. (3, Funny)

craagz (965952) | more than 5 years ago | (#26515765)

This guy here [bash.org] will need 30 bullets to wipe his hard drives.

Re:One wipe is not enough. (1)

Talderas (1212466) | more than 5 years ago | (#26515905)

You've never seen the brain reading device.

Tag this "itsatrap" (0)

Anonymous Coward | more than 5 years ago | (#26515501)

See subject.

Re:Tag this "itsatrap" (1)

pyster (670298) | more than 5 years ago | (#26515749)

I agree. This post is a troll. btw; there was a reward for anyone who could recover data from a wiped drive offered up. I think /. even posted this up when it was offered.

Re:Tag this "itsatrap" (1)

Timothy Brownawell (627747) | more than 5 years ago | (#26515851)

I agree. This post is a troll. btw; there was a reward for anyone who could recover data from a wiped drive offered up. I think /. even posted this up when it was offered.

The "reward" was a joke, something like $200. I'm pretty sure nobody who matters took them seriously, if they even knew about it.

Re:Tag this "itsatrap" (5, Informative)

IBBoard (1128019) | more than 5 years ago | (#26515959)

That'd probably be this challenge [16systems.com] from further up the page - $500 at the moment, and apparently three companies have turned it down after the dd command was mentioned because they 'know' it isn't possible.

Why are we still discussing this?! (5, Insightful)

MartinG (52587) | more than 5 years ago | (#26515513)

Just use encryption (of your whole drive or partition) and forget about wiping it.

It's not that hard. For example, several modern Linux distros support encrypting your entire installation out of the box.

Re:Why are we still discussing this?! (5, Funny)

postbigbang (761081) | more than 5 years ago | (#26515643)

Sadly, it's best just to physically destroy the drive after use. I suggest a two-year old child just after its nap ought to do the trick.

Re:Why are we still discussing this?! (1, Funny)

Zordak (123132) | more than 5 years ago | (#26516005)

[I]t's best just to physically destroy the drive after use. I suggest a two-year old child just after its nap

Armed with a peanut butter and jelly sandwich!

Re:Why are we still discussing this?! (5, Insightful)

dmdavis (949140) | more than 5 years ago | (#26515735)

You encrypt it, and someone can still potentially get it, even if the probability is miniscule. Maybe the algorithm is discovered to be flawed, or they see you type your password, or they install a hardware key-logger, or while it would theoretically take thousands of years to brute force it, random chance has them guess the right sequence on the first try (it could happen). You wipe the data though, and there is no chance for anyone to get it.

Encrypting it is definitely a good idea, but not as a replacement for wiping it.

Re:Why are we still discussing this?! (2, Interesting)

itsme1234 (199680) | more than 5 years ago | (#26515901)

while it would theoretically take thousands of years to brute force it, random chance has them guess the right sequence on the first try (it could happen). You wipe the data though, and there is no chance for anyone to get it.

If we are to totally forget the order of magnitude needed for random chance to guess the key at first try then we can say that by chance "they" could actually guess your data at first try! Even if you wipe the data! Even if you vaporize your hdd!

Re:Why are we still discussing this?! (2, Insightful)

dmdavis (949140) | more than 5 years ago | (#26515981)

Sure, but they won't know if they data they guessed is right. If they guess the password correctly, it successfully decrypts the data, and you know it was right.

Re:Why are we still discussing this?! (1)

bsDaemon (87307) | more than 5 years ago | (#26515947)

I'd suggest a counter-point that wiping your drive is definitely a good idea, but not as a replacement for encrypting it in the first place.

Step 1: Encrypt drive
Step 2: ??? (may or may not be illegal)
Step 3: shred -uz
Step 4: no more evidence, la-la-la-la-lala

Re:Why are we still discussing this?! (4, Funny)

morgan_greywolf (835522) | more than 5 years ago | (#26515823)

Yep. They'll never get my data. It's all encrypted with the superior ROT13 encryption method. Twice just to be sure.

Re:Why are we still discussing this?! (2, Informative)

morgan_greywolf (835522) | more than 5 years ago | (#26515993)

Note to the clueless: The above comment is entirely intended to make the point that encryption is not a substitute for wiping. If you can recover encrypted data with a key, so can someone who doesn't have the key given enough time, skill and determination. It's not just a theoretical possibility.

By showing myself to be sounding confident with an obviously wrong statement, I was parroting the parent.

Re:Why are we still discussing this?! (5, Informative)

Z00L00K (682162) | more than 5 years ago | (#26515929)

Add a wipe to the encryption and you may be safe.

The old problem with multiple wipes depended on the fact that there were rather large tolerances, but modern drives are very close to limits caused by physics, which means that it's a lot harder to extract wiped data.

If the data also was encrypted it will probably be impossible to re-create since there always is a level of loss even at recovery. For unencrypted data this may not be a big problem and it can be rectified by hand, but for encrypted data it will upset the whole packet that was encrypted.

But in a majority of cases a single wipe will be sufficient when the hardware is sold as surplus, since it's not easy to track and find out if a certain drive contains anything of interest.

Re:Why are we still discussing this?! (2, Interesting)

Kr3m3Puff (413047) | more than 5 years ago | (#26515939)

Just to point out that we have to be abrest of the limitations of our chosen encryption scheme. Several of the IT Foresincs have started to exploit some the weaknesses that, while they may not be able to de-code infromation, might be able to identify that encrypted information is there and even what type of infromation might be encrypted.

Legally, in some places, like the UK, you do not have the legal option to not disclose your encryption keys. Your only hope of keeping the government out of your pants is plausable deniability, which can be totally ruined if they can prove that you aren't fully disclosing your information. Also, if a non-government agency thinks you are hiding something, they don't just throw you in jail...

You know what else is virtually impossible (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26515521)

Donovan McNabb winning the big game

Re:You know what else is virtually impossible (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26515591)

Donovan McNabb winning the big game

You know you are 100% correct. He chokes every time. I have never liked him much.

If it 'snot good enough for the feds... (5, Insightful)

davidwr (791652) | more than 5 years ago | (#26515527)

1) next to impossible != impossible
2) if the feds require multi-pass wipes for non-classified data and media destruction for classified data, why should I settle for anything less?

OK, maybe this guy is right and maybe the feds are behind the times, but I'd like to see multiple independent studies come out and say this before I'm getting rid of my drive sanitizers. I mean, we all know what happens to societies when they get rid of their equipment sanitizers [tlb.org] , don't we?

Re:If it 'snot good enough for the feds... (5, Insightful)

Talderas (1212466) | more than 5 years ago | (#26515815)

Unless you work for the government or military, no one would be interested enough in the data on your drives to go through the effort and cost of doing the forensic investigation to find out what was on your hard drive before the wipe.

For those of you in Rio Linda, nobody cares about you, or your data, unless you work for the government or military.

Re:If it 'snot good enough for the feds... (1)

morgan_greywolf (835522) | more than 5 years ago | (#26515879)

For those of you in Rio Linda, nobody cares about you, or your data, unless you work for the government or military.

Ah. A dittohead.

The government or military might be interested in your data, especially if you are not government or military. Especially if you are suspected of something. Whether or not it's true.

Re:If it 'snot good enough for the feds... (1)

Talderas (1212466) | more than 5 years ago | (#26515987)

1. You get a new hard drive, so you transfer all your data to the new hard drive, and data wipe the old one.
2. Feds suspect you of something.
3. Feds monitor your behavior.
4. Feds get warrant to raid your house and seize computer with new hard drive.
5. Feds perform forensic investigate on clone of new encrypted hard drive.
6. Old hard drive sits in trash wiped.
7. ???
8. Profit!

Re:If it 'snot good enough for the feds... (1)

SanityInAnarchy (655584) | more than 5 years ago | (#26515871)

2) if the feds require multi-pass wipes for non-classified data and media destruction for classified data, why should I settle for anything less?

Because the feds are not entirely functional -- even if they knew a single pass was good enough, they might require mulit-pass for CYA reasons, or because it sounds like a good idea.

I'd like to see multiple independent studies come out and say this before I'm getting rid of my drive sanitizers.

A wise precaution anyway. Better yet, encrypt everything before it hits the disk in the first place.

Re:If it 'snot good enough for the feds... (2, Insightful)

Gorshkov (932507) | more than 5 years ago | (#26515931)

if the feds require multi-pass wipes for non-classified data and media destruction for classified data, why should I settle for anything less?

Yes, because we are all so fully aware that the US government only ever worries about REAL security, and not security theatre.

Re:If it 'snot good enough for the feds... (4, Insightful)

holychicken (1307483) | more than 5 years ago | (#26516025)

The government overdoing something based on a popular misconception? I am shocked and appalled!

Re:If it 'snot good enough for the feds... (2, Insightful)

arminw (717974) | more than 5 years ago | (#26516029)

.....why should I settle for anything less......

because as a /. member it is highly unlikely that your deep dark secret data is worth the effort it takes to recover it after a single pass wipe. Anyone who posts on /. has, by definition, no data the NSA, KGB, Gestapo or any other such entity could possibly be interested in.

Data destruction advice of the week (5, Funny)

sakdoctor (1087155) | more than 5 years ago | (#26515529)

I thought a few weeks ago we were supposed to drill holes in the drive platters and fill the case with thermite, then drop the whole computer into the fires of mount doom.

This week, a one pass wipe is enough.

Re:Data destruction advice of the week (4, Funny)

Anonymous Coward | more than 5 years ago | (#26515587)

Next week they'll discover a new alien technology and the security experts will be advising us to nuke the drive from orbit. It's the only way to be sure...

Re:Data destruction advice of the week (5, Insightful)

tuffy (10202) | more than 5 years ago | (#26515599)

It's the difference between what slashdotters enjoy doing to old hard drives and what's actually required to securely destroy the data on them.

Re:Data destruction advice of the week (1)

eth1 (94901) | more than 5 years ago | (#26515857)

Secure given *today's* recovery technology. But can you say how long that disk might sit around after it leaves your control before someone uses the new Quantum Disk Snarfing tool on it?

Re:Data destruction advice of the week (1)

tuffy (10202) | more than 5 years ago | (#26516031)

If it sits around long enough, who's going to care? Historians and archaeologists, perhaps. So long as a drive wipe keeps sensitive data like site passwords and bank accounts secure for their lifespan (and/or my own), there's no sense worrying about any theoretical future threat.

Re:Data destruction advice of the week (1)

rolfwind (528248) | more than 5 years ago | (#26515635)

Setting a drive up on its side and whacking it is usually enough to bust it and get the platters out. 8-9 years ago, the platters melted easily enough under flame of a plumber's propane torch, it was some type of pot/white metal I suppose. Last time, they didn't melt so I put them on against a sand belt grinder.

A little paranoid I suppose.

Re:Data destruction advice of the week (1)

mevets (322601) | more than 5 years ago | (#26515673)

The pace of technology is astounding. I wonder what next week will bring.

Re:Data destruction advice of the week (1)

Saint Gerbil (1155665) | more than 5 years ago | (#26515759)

Mount doom is getting full maybe it will start spitting them back out again.

Re:Data destruction advice of the week (5, Funny)

necro81 (917438) | more than 5 years ago | (#26515707)

The thermite isn't necessary for wiping out your data, it's just there because it's freakin' AWESOME!

Having fun with thermite and a hard drive (2, Informative)

Anonymous Coward | more than 5 years ago | (#26515715)

Re:Data destruction advice of the week (1)

JoeMerchant (803320) | more than 5 years ago | (#26515783)

I thought a few weeks ago we were supposed to drill holes in the drive platters and fill the case with thermite, then drop the whole computer into the fires of mount doom.

This week, a one pass wipe is enough.

Depends on who you've pissed off.

Re:Data destruction advice of the week (0)

Anonymous Coward | more than 5 years ago | (#26515821)

The question is really one of, whom are you protecting against. If you want your data safe from the NSA, only fire, and the big magnet at the Naval Observatory with the field strength that will permanently bend the platters, will do the trick. The problem with magnetic impressions is that they layer and align differently in different write passes, and the previous pass will very slightly change the 1ness and 0ness of the most recent layer. Scanning magnetic devices can pick up these variations, but doing so requires a device capable of distinguishing incredibly weak magnetic impressions that will overlap differently at each track (no, not cylinder).

The devices that do this are prohibitively expensive for all be the largest of government agencies. If you want to stop even dedicated criminals from getting you data, you need only one simple friendly Linux command:

while true; do openssl aes-256-cbc -in /raid_array/my_pr0n.tgz -out /dev/sde1; done

When it comes back with an error, it's done. If anyone decrypts what you've written, there will even be plausible deny-ability as to why you encrypted it.

Re:Data destruction advice of the week (1)

Zebra_X (13249) | more than 5 years ago | (#26515891)

If nothing else this is far more fun than watching a multi wipe progress bar.

Re:Data destruction advice of the week (0)

Anonymous Coward | more than 5 years ago | (#26515907)

I thought a few weeks ago we were supposed to drill holes in the drive platters and fill the case with thermite, then drop the whole computer into the fires of mount doom.

This week, a one pass wipe is enough.

It's called 'progress'.

Not surprising (2)

m0i (192134) | more than 5 years ago | (#26515533)

it is not like you can have 2 values for a single bit at the same time.. and density is so high these days that it makes sense to have a single write wipe the previous data forever.

Re:Not surprising (2, Informative)

Bardez (915334) | more than 5 years ago | (#26515747)

Actually you can...

If each bit is stored with multiple pins and the majority of the collection are in the 1 position but a few of them are in the 0, you would just take the dominant state.

That is assuming that the dominant majority should be correct. Perhaps the average of the bits should be used? This example is hardly fair and all... damned computer science is pushing it's winner-takes-all political views into my hardware!

When in doubt... (0)

Anonymous Coward | more than 5 years ago | (#26515535)

microwave your hard drive. Be forewarned, the ensuing fire may not be worth it.

Sure... (5, Interesting)

MyLongNickName (822545) | more than 5 years ago | (#26515557)

That's what they WANT you to think.

In all seriousness. If the government wants to get information, they are not going to the trouble of an electron microscope to look at your hard drive. I'm sure they have other methods of extracting the information they want. While this information (about how many wipes you need) is interesting from a theoretical point of view, it is useless from a practical one.

Re:Sure... (1)

JoeMerchant (803320) | more than 5 years ago | (#26515825)

That's what they WANT you to think.

In all seriousness. If the government wants to get information, they are not going to the trouble of an electron microscope to look at your hard drive. I'm sure they have other methods of extracting the information they want. While this information (about how many wipes you need) is interesting from a theoretical point of view, it is useless from a practical one.

A few years in Gitmo and you'll tell them whatever they want to hear... doesn't matter what was or wasn't stored on that drive anyway.

Re:Sure... (1)

sigxcpu (456479) | more than 5 years ago | (#26515845)

...
  I'm sure they have other methods of extracting the information they want ...

That is why some of us wear tinfoil hats, you know.

Re:Sure... (1)

SoundGuyNoise (864550) | more than 5 years ago | (#26515849)

I'm sure they have other methods of extracting the information they want.

Ve have vays of extracting zee information!

Re:Sure... (1)

LWATCDR (28044) | more than 5 years ago | (#26515971)

Okay... I just wondering what people have on their drive that they are so worried about the government recovering?
I think part of it has to do with an over inflated sense of importance. Just what makes you think that your important enough for the FBI to break out the super secret ninja hard drive data recovery team?
On overwrite is good enough to protect you from people trying to get your credit card numbers and those pictures of spouse that you really don't want published on the net.
If you have DOD data then you need to follow the DOD rules for cleaning mass media.
Besides Hard driver are the least of your worries to be honest. Flash drives are much harder to wipe and really should be physically destroyed.

some subject (4, Interesting)

Zironic (1112127) | more than 5 years ago | (#26515559)

I thought this would be fairly obvious from the fact there doesn't exist any recovery services that will recover zerod out data for you, at most they can usually try to recover data that has been deleted(forgotten) by the operating system.

Re:some subject (2, Interesting)

rolfwind (528248) | more than 5 years ago | (#26515679)

It relies on the fact that the delete portion of the trash doesn't actually touch the disk so much as it tells the computer those areas of disk are free to be used. I heard that Windows tends not to touch those regions for a while while Linux usually makes use of those first. But I don't remember if the issue was FAT/NTFS vs ext2/3 specific.

Re:some subject (1)

JoeMerchant (803320) | more than 5 years ago | (#26515897)

I thought this would be fairly obvious from the fact there doesn't exist any recovery services that will recover zerod out data for you, at most they can usually try to recover data that has been deleted(forgotten) by the operating system.

We provided hardware for a NIH funded study once, they would occasionally mung up a removable hard drive by pulling it out while running. They were aghast at how easily they had lost their "valuable" data and insisted that we recover it for them, which we offered to do for a reasonable (like $20/hr) rate. After a few estimates of what it would cost to attempt to reconstruct the drive beyond a standard Norton disk repair, they opted to just write it off rather than deal with potential data integrity issues.

If the data had been GPS coordinates of Iraqui WMD, I suspect they would have wanted to try harder, but after a single wipe it becomes REALLY expensive to reconstruct the data.

Re:some subject (1)

gad_zuki! (70830) | more than 5 years ago | (#26515921)

Yeah, I think there was some famous challenge a little while ago. Someone offered a bounty to any data recovery place that could retrieve data from a zero'd once drive. They all said no.

Re:some subject (2, Insightful)

txoof (553270) | more than 5 years ago | (#26515973)

DD is probably the best bet for discarded/ebay'ed drives. I can't think of anyone who has the time or resources to dig up my data. If you're a fortune 500 company, or an international drug/arms/people/whatever smuggler, then you probably want to just go ahead and shred the drive [flixxy.com] . That way you don't have to worry about Joe skipping out early on Friday and forgetting to wipe the out-going CEO's drive.

For the rest of us, just think about the economics of it; what criminal organization has access to a lab full of electron microscopes and has the time and money to search discarded drives for credit card information? Perhaps a large government has access to these resources, but once again, unless you're really up to no good or have a large company, why would anybody bother?

Thank goodness for a suddenoutbreakofcommonsense here.

dd if=/dev/zero of=/dev/hda1 is enough for everyon (1)

Juggz (1181257) | more than 5 years ago | (#26515573)

Seriously, i'd like to see anyone recovering anything after that. Either do that, or smash a nail through the disk

Re:dd if=/dev/zero of=/dev/hda1 is enough for ever (2, Informative)

DaveAtFraud (460127) | more than 5 years ago | (#26515881)

Why not:

dd if=/dev/random of=/dev/hda

instead?

That way you get random data, not just all zeros. Also you probably want /dev/hda so you blank the entire drive; not /dev/hda1 which only blanks the first partition.

Cheers,
Dave

Re:dd if=/dev/zero of=/dev/hda1 is enough for ever (4, Informative)

Gothmolly (148874) | more than 5 years ago | (#26515941)

That would take too long - you can't depend on the blocking kernel random generator, as it needs a source of data to keep feeding the entropy pool.

We need mythbusters! (5, Funny)

dbIII (701233) | more than 5 years ago | (#26515579)

Myhtbusters need to look at this. Then they should do a wipe that would really suit their style - a shock wave through the drive will raise the temperature at the wave front above that where the material is magenetic (curie temperature). In other words - explosives!

Re:We need mythbusters! (5, Funny)

Drakkenmensch (1255800) | more than 5 years ago | (#26515655)

*cue the super slow-motion shot of Buster holding a hard drive being blown up with a hundred pounds of C4, followed by Jamie picking up a blackened twisted shred of metal casing*

"Well there's your problem!"

Re:We need mythbusters! (1)

Twillerror (536681) | more than 5 years ago | (#26515807)

Yes!! And they should do magnets next to hard drives. I feel an Ask Slashdot coming on...

What other Myths can we think of to test?

Re:We need mythbusters! (1)

margam_rhino (778498) | more than 5 years ago | (#26515893)

I can remember a method that works. My sister set up her HIFI speakers on either side of her desktop PC. Needless to say after a couple of weeks she rang me up to ask why her files kept getting randomly renamed (and some deleted) and her PC was having trouble booting. I think the speakers were 100W middle of the price range, so they were fairly powerful.

Also (3, Funny)

DetpackJump (1219130) | more than 5 years ago | (#26515601)

I found that taking the disk platter out and using it as a coaster helps too.

Re:Also (1)

zeldorf (1448633) | more than 5 years ago | (#26515727)

Just don't invite the feds round for coffee...

They have cups specially designed for reading platter-mats!!!

Just one layer of paint (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26515623)

Writing random numbers would be more sufficient than just zeros.
For example painting a wall with one layer of white paint could still show the outlines of a gratify underneath that layer.
But if you would use various colors all over the place it would become very hard to identify any shape beneath it even if you where using just one layer.

Re:Just one layer of paint (1)

txoof (553270) | more than 5 years ago | (#26516015)

From what I understand from TFA, it doesn't matter what you overwrite with. The researcher's ability to read a bit using really advanced tech was rarely better than %50 correct. I think this has something to do with how tiny the domains are and how little material actually stores the information. If they were larger, perhaps it would be easier to find out what the previous orientation was. Maybe random data was more useful when drives were older and had less dense data storage.

It makes sense, BUT... (1)

LiSrt (742904) | more than 5 years ago | (#26515641)

Intuitively, this makes sense - being able to recover data from an overwritten part of the hard drive effectively means the capacity has been multiplied (if you can recover from 1 overwrite, while still being able to get the new data, the capacity has just doubled.)

If this was easy enough to do, Seagate, Hitachi, WD etc. would all be doing it (or are already).

That said, taking the word of someone whose job is actually recovering data - well, that might not be a good idea.

Re:It makes sense, BUT... (1)

JoeMerchant (803320) | more than 5 years ago | (#26515933)

Hey, isn't this how "vertical" recording works? Not really, but your point is good for modern drives. Old floppies might have been inefficient enough that you could do this kind of recovery, but a modern Terabyte drive is so dense, you'd have to have next decade's technology to attempt a recovery.

Looking at the wrong problem (0)

Anonymous Coward | more than 5 years ago | (#26515649)

If you're storing unencrypted data which must not fall into other people's hands, then you're approaching the problem in the wrong way. Wiping the drive should at most be an additional measure. Never store unencrypted data on any drive that you intend to sell/give to someone else.

Or Not (1)

vithos (696903) | more than 5 years ago | (#26515651)

From TFA:

Wright did find that multiple passes do make it harder to recover data...

In other news, leaving out important details found to increase click-through.

Lies (5, Funny)

Renderer of Evil (604742) | more than 5 years ago | (#26515667)

Last month my grandma asked for a new laptop and prior to putting her old HP on ebay I wiped it via Gutmann 35-Pass method, way above DoD and NATO standards, so her ultra-secret vanilla cake recipe could remain a household secret.

Re:Lies (4, Funny)

paeanblack (191171) | more than 5 years ago | (#26516007)

Using a Gutmann 35-pass wipe is like cleaning your sink with bleach, shampoo, baby wipes, ammonia, laundry detergent, insecticide, paint remover, furniture polish, glass cleaner, body wash, whiteboard cleaner, and gasoline.

Using full Gutmann suite is a waste of time. You only ever need the 1 or 2 runs that were designed for your drive.

Essentially, you did the computing equivalent of trying to clean a barbecue grill with saline solution.

Pre-scrambling drive (4, Interesting)

davidwr (791652) | more than 5 years ago | (#26515669)

It says data written to a pristine drive is much easier to access.

If drive-manufacturers wrote random data to their drives 2 or 3 times before shipping, I wonder if this would help?

Combine this with OS-level "overwrite with random after delete" or, to allow for "oopsies," delayed-overwrite after delete but before next use, the problem of "ghost data" in unallocated drive space could mostly disappear.

Of course, there are other issues, like data internal to a file that is no longer current, data in paged-memory files, and data on backup media, but that's outside the scope of the "I deleted the file, it should be gone but it's not" problem.

One Wipe...pppphfhtpt! (4, Insightful)

necro81 (917438) | more than 5 years ago | (#26515693)

A forensics expert claims that wiping your hard drives with just one pass already makes it next to impossible to recover the data with an electron microscope.

[pulls tinfoil hat tighter over head]

Sure, that's just what they want you to think.

If you are able to do it (5, Interesting)

JeanBaptiste (537955) | more than 5 years ago | (#26515729)

These guys will give you 500 bucks [16systems.com]

which is surely worth the time and effort involved in something like this.

Re:If you are able to do it (3, Informative)

Lachlan Hunt (1021263) | more than 5 years ago | (#26515859)

Wow, they put the prize money up! Last time we discussed that here [slashdot.org] , the prize was a whopping $40.

Re:If you are able to do it (1)

gad_zuki! (70830) | more than 5 years ago | (#26515961)

The 500 is nothing compared to all the free advertising the winner would get. Its very telling that these companies cant do this. This kind of thing has more to do with "big evil government full of phds and electron microscopes" than "guys who mount platters and read deleted data with new motor and head." I'm also skeptical the former group can have much luck with a drive thats been zero'd once. I'll accept that there's some data leakage from between head writes, but a full retrieval of documents? Doubtful.

What's it worth? (2, Interesting)

egcagrac0 (1410377) | more than 5 years ago | (#26515741)

What's it worth to you to have the data not be recovered? That's the real question here.

If a static pattern wipe will take about an hour and a half, and that's "good enough", great. If you're willing to invest a few days in running dban on the thing, that's better.

If you're willing to pull out a welding torch and reduce the drive to a smoking ingot, well, you're just about paranoid enough.

It's two parallel questions, really:
-what is the data worth to you?
-what is it worth to you to keep anyone else from getting the data?

Re:What's it worth? (1)

cmdahler (1428601) | more than 5 years ago | (#26515975)

It's amazingly stupid to think that anyone perusing /. on a regular basis (read: basement computer nerds who haven't been blown in years) would actually have something on their hard drive that would truly be worth even doing anything more than a static pattern wipe. "But, but, the NSA can read my drive!!" Right. Because you really are SO IMPORTANT that the government is going to care enough to try to recover your drive. These paranoid security related threads always are good for a laugh.

Define next to impossible (2, Insightful)

chord.wav (599850) | more than 5 years ago | (#26515745)

Even if it isn't deleted, try to recover a simple 10Mb jpg using an electron microscope... I guess it is as close to the "next to impossible" as if the file was deleted.

That's what they want us to believe! (0)

Anonymous Coward | more than 5 years ago | (#26515755)

Big Brother: "One pass is enough! Please don't overwrite multiple times. Trust me, I'm an expert and so is my microscope."

Explanation needed (1)

Rik Sweeney (471717) | more than 5 years ago | (#26515775)

Can't I just fill the HDD up with random data? Doesn't that make it unrecoverable?

Re:Explanation needed (1)

spectrokid (660550) | more than 5 years ago | (#26515847)

Can't I just fill the HDD up with random data? Doesn't that make it unrecoverable?

That is exactly what a good wiping program will do.

Makes perfect sense (2, Insightful)

jspenguin1 (883588) | more than 5 years ago | (#26515817)

If there were a reliable way to read the previous value of a bit written to a drive, the drive manufacturers would already be using it to increase density -- effectively storing two bits in the space of one. This is similar to the basic principle of MLC [wikipedia.org] flash drives.

Which, of course, would still make it impossible to recover data that has been overwritten, since each "bit" would be overwritten twice.

Simpler approach (3, Funny)

bunratty (545641) | more than 5 years ago | (#26515839)

I've found one pass of a sledgehammer makes it next to impossible to recover data from a disk. Even read-only media!

bullshit (1)

smash (1351) | more than 5 years ago | (#26515863)

I've sent a drive in for data recovery before and was asked which operating system to recover: solaris or Windows NT....

It depends on the wiping! (1)

VincenzoRomano (881055) | more than 5 years ago | (#26515917)

I use a blowlamp! One is enough.

Depends on your crime (4, Insightful)

mlwmohawk (801821) | more than 5 years ago | (#26515943)

It seriously depends on your crime as to how far police will go to obtain data from a hard disk.

If, for instance, to kill no more than three people in cold blood. They won't even look.

If, you have a few ounces of pot, the DEA will use the FBI forensics labs.

If you have a history of violence and have beaten countless women, they won't even look.

If you've given more than a few hundred bucks to an Islamic charity, the NSA will step in.

If you bilk hundreds or thousands of people out of millions of dollars, they won't even look.

if you are accused of fighting on the train in San Fransisco, they'll just hold you down and shoot you in the back. Fuck the computer.

Why bother... (1, Funny)

Anonymous Coward | more than 5 years ago | (#26515985)

Just let someone's 13-year-old daughter have it for a few hours. They'll surely destroy your entire computer that will become irretrievable.

If you make onto the gubmint's RADAR... (1)

Ritz_Just_Ritz (883997) | more than 5 years ago | (#26516003)

then I'm sure anything is possible if enough resources are thrown at the problem. For everyone else, I'm sure a single wipe is just fine.

Besides, if the man (Tm) really wants to know what you're up to, there are MANY other ways of getting at your secrets than trying to analyze your hard drive.

Cheers,

.. but still slower than smashing it with a hammer (1)

petes_PoV (912422) | more than 5 years ago | (#26516011)

... and not half as satisfying.

Remember all the problems you had with the O/S on that disk? all the time you wasted trying to debug it?

What better end for it than to finally get your own back in a way that it can't possibly throw up any more problems with - unless of course a splinter flies up and catches you in the eye.

In business, where time is monkey, the time needed to reformat a drive - and then verify that it *has* actually been wiped is far too long, especially for big drives. far better to just crush them and be sure none of your secrets could escape.

origin of urban myth (5, Informative)

e**(i pi)-1 (462311) | more than 5 years ago | (#26516021)

The source of the claim seems Gutmann's 1996 article: http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/index.html [usenix.org] where he says: "Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read. Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM)." It was challenged already in 2003 http://www.nber.org/sys-admin/overwritten-data-guttman.html [nber.org] where Feenberg writes: "Surveying all the references, I conclude that Gutmann's claim belongs in the category of urban legend." As usual, this story shows that individual claims have to be checked by independent parties. Even the claim that it can not be done.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?