paulkoning at comcast.net
Thu Jan 7 14:17:10 CST 2016
> On Jan 7, 2016, at 1:13 PM, Chuck Guzis <cclist at sydex.com> wrote:
> On 01/07/2016 09:36 AM, Fred Cisin wrote:
>> I've heard that there are "standards" for a number of overwrites, and
>> what patterns to use, . . .
> The paper that got the most notice was from Peter Gutmann from the early 90s.
Oh yes, one of my favorite topics. I get a lot of questions where people refer to "the DoD wiping standard". Unfortunately, there isn't one. There are some very old documents that give suggestions, but those seem to have expired long ago. Gutmann's document is similarly old. Any decade-old rule suffers from the fact that drive technology has changed drastically, and considerations that were valid then are no longer valid. Gutmann did great work at the time, and his contribution deserves to be honored, but it has very much been superseded by technology change. Tracks are so much smaller and margins so tiny that multiple erasures don't add much if anything.
On the other hand, block replacement, and especially the write remapping done by SSDs, can leave stuff in places you can't even see until you take the device apart. In fact, hard drives are not much of an issue, but SSDs should make you worry.
Incineration should work, but use enough heat. Shredding is questionable, unless the particles are very small. I think high end shredders are required to produce particles less than 1/32 inch in size.
Much more recent work on erase was done by Gordon Hughes at UCSD. See http://cmrr.ucsd.edu/people/Hughes/secure-erase.html for more.
If you want data security and don't like destroying your hardware, SED ("self-encrypting drives") are a solution. Those encrypt all data, and "erase" by discarding and replacing the data encryption key. So all your sectors instantly turn to random noise. SSD versions of those are starting to appear, which addresses the invisible old copies problem that regular SSDs have. The great thing of an SED is not just the security of its erase function, but in particular the speed: it takes only seconds to destroy all the data on the drive.
More information about the cctalk