
Paranoia and deletion: the wipe man page - julian37
http://www.boingboing.net/2011/01/14/paranoia-and-deletio.html
======
sp332
I'm sorry, but this info is nearly ten years out-of-date. First, the Gutmann
method was designed for encodings back in the days of RLL/MFM encoded drives.
For newer drives which really push the physics quite a lot further, two passes
of random data are enough to throw the magnetic domains into a statistical
dead heat. There just isn't any physical room on the drive to hold old data.

Secondly, new drives reserve a percentage of the room (invisible to the user),
in case some of the sectors go bad the controller will re-map them
transparently to new sectors. This might leave old data in the old sectors,
where you can't normally see it but an investigator armed with the proper ATA
commands can. (This isn't a conspiracy of the government and drive
manufacturers, it's all there in the ATA spec.) The correct way to securely
erase a drive is to send the drive the SECURITY-ERASE command. The drive
controller will securely erase every part of the drive.
<https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase> The NSA actually
recommends this to other government agencies, so it's probably OK.

~~~
jwr
But how do you know if the data actually gets erased by the drive?

~~~
jerf
If that possibility seriously concerns you, follow it up by physical
destruction of the drive. Magnets strong enough to actually damage the data
aren't a good cost/benefit from what I gather (too strong, too dangerous, too
much hassle), so either shred or melt the drive platters.

I'm generally satisfied with df if=/dev/zero of=/dev/sda because I'm not
actually dealing with anything that sensitive, but if you are, just take
appropriate steps. Defense in depth.

~~~
jwr
It doesn't concern me _that_ much, but I'd rather fill the drive with random
data myself first. I can do the ATA-erase thing afterwards.

On a related note, I also have zero trust in manufacturer-supplied encryption
that sits in the drives. There is no way for me to verify whether it actually
does anything.

------
Confusion
Silly conspiracy theory.

1) The scope is too large. Too many engineers at hard drive manufacturing
companies would have to know about it.

2) Too America-centric. Engineers in foreign countries, that actually build
most of the stuff, would know about it. It would be an enormous security gap
that they could use as well.

The sad thing is that such paranoid fantasies, that are easy to debunk, blind
you to the _actual_ conspiracies, that are less comprehensive, more subtle and
therefore much more threatening. I bet the TLA government agencies love these
stories.

~~~
SoftwareMaven
The invisible yellow dots identifying printers went a long time before
becoming common knowledge. I don't believe TFA for an instance, but it doesn't
seem an impossibility.

~~~
SoftwareMaven
Ugh, sometimes I wish I could edit later. Make that "I don't believe for an
instant". I hate responding on my phone.

------
ck2
I always dissemble my old hard drives, it's therapeutic somehow.

I am not sure how they broke that disc into so many pieces though, in my
experience they are incredibly strong and rigid.

The discs make great wind chimes too.

Harbor Freight has a $3 security bit set if you have drives with special
screws.

~~~
hnhg
Sorry to be a pedant, but I think you mean "disassemble" - I always get the
two mixed up too.

~~~
ronnoch
Currently your comment, which adds nothing to the discussion except a simple
spelling correction, has more upvotes than the parent. Sign of the times for
HN?

Not to say spelling corrections are never useful, I think they often are, but
I don't understand the mindset that upvotes them _over_ comments that actually
participate in the discussion.

~~~
techiferous
I learned a new word today: dissemble. I come to HN to learn; therefore, it
got my upvote.

------
Mithrandir
The man page is correct about quite a few things, but it's also a bit
sarcastic:

    
    
           The  best way to sanitize a storage medium is to subject it to tempera-
           tures exceeding 1500K.  As a cheap alternative, you might use  wipe  at
           your  own  risk.  Be  aware that it is very difficult to assess whether
           running wipe on a given file will actually wipe it -- it depends on  an
           awful  lot  of  factors,  such  as  :  the type of file system the file
           resides on (in particular, whether the file system is a journaling  one
           or not), the type of storage medium used, and the least significant bit
           of the phase of the moon.
    

But no matter what, wipe is a really great program.

------
mmaunder
I sleep at night knowing that the teams of highly effective government data
recovery personnel that Hollywood portrays will never exist.

------
troels

        Of course this shifts the trust to the computing system,
        the CPU, and so on. I guess there are also "traps" in the
        CPU and, in fact, in every sufficiently advanced mass-
        marketed chip. Wealthy nations can find those. Therefore
        these are mainly used for criminal investigation and
        "control of public dissent".
    

I'm unsure in which way a government agency could benefit from having
backdoors in the CPU? Even if they did, and even if it could detect that some
sort of encryption was going on, where would it _store_ the interesting data?

~~~
sesqu
Well, there was/is that trusted computing thing, i.e. putting DRM on the PC in
hardware. The benefit would be denying encryption from
terrorists/pirates/dissenters, like he just said. Interesting data can be
stored just about anywhere, from phoning home to hidden partitions to having a
small flash on the BIOS, depending on what's deemed interesting (logs, sector
addresses, cryptographic keys, painted files).

------
Jach
Funny, I was just having a conversation today with a friend who works for the
company selling <http://www.whitecanyon.com/wipedrive-erase-hard-drive.php>
and remarking that it may keep your data safe from identity thieves, it
wouldn't protect you from the FBI.

~~~
MikeCapone
Did he explain more specifically why he thinks it would "protect you from the
FBI"?

~~~
DanI-S
The idea that they need actual evidence to lock you up is _so_ 20th century...

------
Entlin
To everybody spending thought on this: Relax, nobody is interested in your
porn collection.

~~~
haribilalic
I've used such tools to wipe my hard drives before selling or donating used
computers (although I would use them before disposing of a hard drive in any
way, really). I have heard of people buying up used computers and hard drives
and extracting saved passwords from them.

A lot of people are smart enough to format it quickly, but not everyone will
let (or know to) a computer sit for dozens of hours so that things might be
wiped more securely.

~~~
jws
I've had the experience where people agree to buy my broken computers for
parts and the deal is done, until I mention that the "drives are wiped and
ready to go". Then I never hear from them again.

Granted, somehow visiting the craigslist site turns ordinary people into
flakes, but the "wiped" statement correlates a bit too well with the vanishing
interest.

~~~
evgeny0
+1, but I'd stop mentioning it after the first time (unless of course you're
just doing this as an experiment and aren't really interested in selling the
stuff)

------
chanux
Any idea what's the difference between _wipe_ and _shred_?

~~~
naner
The _shred_ man page warns you that the tool is not fully effective on
journaled filesystems. I doubt wipe is, either.

------
endian
Does anyone know if any such FOSS works with SSDs and their wear-levelling of
their writes?

~~~
tedunangst
wipe is rather unlikely to overwrite the bits on an SSD. Even with TRIM (which
wipe won't use, btw), the disk will prefer using a blank sector to one it has
to erase. Reading the currently unmapped spare sectors is probably something
anyone with a solder gun can do.

------
srean
An alternative could be to overwrite the disk with null bytes.

    
    
      dd if=/dev/zero of=/dev/hda bs=1M
    

Wonder if it is going to be slower than wipe.

~~~
ComputerGuru
....multiple times.

Overwriting it once prevents software reconstruction of the data, but magnetic
analysis of the underlying disk itself can reveal (depending on the voltage
returned by the resulting 0 or 1) whether the previous value was (within a
degree of certainty) a 0 or 1.

~~~
nodata
Wait - how automated is magnetic analysis? How much would it cost to recover a
gigabyte disk, for example? What about non-spinning disks, are they cheaper or
more expensive?

~~~
ComputerGuru
It's expensive as hell :)

The companies that do it charge several thousand an hour, IIRC. (this was back
in the 90s?)

Depending on the non-spinning disk type in question, it can be either more or
less secure than the usual magnetic HDD. You've got "flash" but that's just a
nice word for any number of highly-differing technologies such as MLC and SLC
on the inside. And you have NAND vs NOR techs to consider as well.

Perhaps the security in non-magnetic-HDDs comes from the fact that they're so
new to the table, not many specialize in restoring data from them.

~~~
Herald_MJ
Could you give the name of one of these companies?

~~~
andreaja
Here's one: <http://www.krollontrack.com/>

------
hexley
For those on Mac OS X (and perhaps *BSD?), we have srm.

The Secure Empty Trash function is a frontend for this IIRC.

~~~
stcredzero
I wish there was a version that only overwrite once with 1's. That would be
best for my SSD. (Which has wear leveling and is formatted with a journalling
filesystem anyhow, so perhaps it's moot.)

------
coffeeaddicted
But what to do against those brain-wave readers? I better start thinking
encrypted!

------
deutronium
I love this section:

"I strongly recommend to call wipe directly on the corresponding block device
with the appropriate options. However THIS IS AN EXTREMELY DANGEROUS THING TO
DO. Be sure to be sober."

------
suraj
How would a hard disk controller detect encrypted data? It is essentially a
(psudo-) random stream of bytes. Even if the controller is programmed to
recognize such streams, it would be easy to first wipe disk by writing small
random files all over and then wiping with 0/1 pattern. So any cached data is
essentially worthless.

------
cloudwalking
When I was younger, I erased a harddrive by covering it with burning thermite.
It was pretty impressive, melting the drive, turning the sand underneath to
glass, and burning through the asbestos pad into the cement.

------
ams6110
I use DBAN to wipe hard drives before disposal. If you are replacing a failed
drive, the only reasonable thing you can do is physically destroy the
platters.

