
Overwriting Hard Drive Data: The Great Wiping Controversy (2008) [pdf] - Tomte
http://www.vidarholen.net/~vidar/overwriting_hard_drive_data.pdf
======
wyldfire
TL;DR

    
    
        dd if=/dev/zero of=/dev/sdX
    

See also [1] for the non-scientific claim backed-by-bounty.

> It is unlikely that an individual write will be a digital +1.00000 (1).
> Rather - there is a set range, a normative confidence interval that the bit
> will be in [15]. What this means is that there is generally a 95% likelihood
> that the +1 will exist in the range of (0.95, 1.05) there is then a 99%
> likelihood that it will exist in the range (0.90, 1.10) for instance. This
> leaves a negligible probability (1 bit in every 100,000 billion or so) that
> the actual potential will be less than 60% of the full +1 value. This error
> is the non-recoverable error rating for a drive using a single pass wipe

It all comes down to -- what is your threat model? Dishonest craigslist
scroungers or a well-armed state? The latter just may be able to recover
things you'd be astounded of, but if it's easier for them to do it with Van
Eck phreaking or a subpoena to the sites you mirror with, they'll just do
that.

Note that AFAICT this paper does not discuss NAND or phase-change memory or
anything else. Today in 2017 the levels of indirection between you and your
actual real NAND cell that you erased and programmed six months ago are
significant. You might actually want to take a hammer to your SSD.

[1] [http://www.hostjury.com/blog/view/195/the-great-zero-
challen...](http://www.hostjury.com/blog/view/195/the-great-zero-challenge-
remains-unaccepted)

~~~
rndmio
Hard drives (magnetic) don't record binary ones and zeros in literal analogue
representations, and especially with PRML as used in high capacity drives it's
easy to see why recovering anything from even a single pass 0 overwrite is
technically impossible.

~~~
Simon_says
Do you have a reference for this? I'd enjoy reading further.

------
teddyh
If you have data that need to be wiped, it’s already too late. Somebody could
get to that hard drive before you wiped it, and then it’s all over; despite
the overwhelming probability that your laptop (or server) will just be
reinstalled and resold, or maybe stripped for parts, you could never be _sure_
that the data is not being read, and so you would have to consider the data as
potentially leaked, and change all your passwords regardless.

The solution is to use full-disk encryption with the passphrase not present
anywhere on that hardware. In that case, if someone gets to the hardware _but
powers it off_ when they do it, you can be _sure_ that the data is safe.

~~~
AstralStorm
After wiping memory and CPU caches. Otherwise you might get to wait hours to
be sure.

------
DenisM
When I need to erase data from an d drive I drive a nail through the drive a
few times. Glass plates shatter really well. The data is still recoverable I'm
sure, but the amount of resources it takes would be prohibitive to pretty much
anyone unless the fate of the world hangs in the balance.

For new drives I started using full-disk encryption. And the hammer.

------
montzark
Just wondering, why zeroes not /dev/urandom for example?

~~~
w8rbt
Zeros are far more efficient and much faster to generate.

Not sure why some have downvoted me. It's easy to verify.

    
    
        time dd if=/dev/zero of=file1.bin bs=1M count=600
    
        600+0 records in
        600+0 records out
        629145600 bytes (629 MB) copied, 1.57948 s, 398 MB/s
    
        real	0m1.651s
        user	0m0.004s
        sys	0m0.688s
    
        time dd if=/dev/urandom of=file2.bin bs=1M count=600
    
        600+0 records in
        600+0 records out
        629145600 bytes (629 MB) copied, 37.7828 s, 16.7 MB/s
    
        real	0m37.786s
        user	0m0.004s
        sys	0m37.784s

~~~
rini17
I had similar problem with urandom, instead used openssl like this and it's
fast enough:

openssl enc -aes-256-cbc -in /dev/zero -out /dev/sdX

~~~
sliken
Interesting. Looks like for newer kernels (newer than 4.8) that's about twice
as fast. But for older kernels it's around 20 times as fast.

------
daine
TL;DR The authors egregiously diminish legitimate attack vectors that require
only the recovery of a priori known data.

The authors dismiss the security value of wiping a hard disk, based on their
thesis that weakly-deleted data cannot be recovered without a priori knowledge
of that data's content.

They argue the requirement of a priori knowledge of the data to recover
negates the security risk of said recovery; this--they argue--reduces the
threat model to more of an academic exercise.

What the authors totally neglect, however, is the security risk of
confirmation: the risk that an attacker might confirm that the target hard
disk did, indeed, store certain data, where the content of that data is known
a priori.

Example: Say I have obtained a trove of private incriminating documents
associated with some anonymous person, X. I suspect, but don't know, that X is
my target, Bob. I would like to prove that Bob is X, and X is Bob, so that I
can definitively pin X's crimes on Bob. Say X uses some electronic signature
to authenticate his original work as his own. If Bob is X, I should expect
Bob's hard disks contain a statistically aberrant abundance of copies of X's
signature.

Thus, to pin X's crimes on Bob, if Bob is indeed X, it is sufficient to
recover data from Bob's hard disk--data of which I have complete knowledge a
priori--namely, X's digital signature.

While I take no issue with the facts, I find the author's conclusions
reckless. It seems in their haste to "bust the myth," they extend their result
beyond its valid range of application. What could have been a useful
clarification on the low risk of _unknown_ data recovery has become a wild and
dangerous generalization, 'debunking' best practices.

