Comments on How to Securely Destroy/Wipe Data on Hard Drives with shred on Linux

I can't believe people are still believing this "multiple-overwrite" crap. It is totally unnecessary! No one in the world will be able to recover a single byte of data from a harddrive that has been zero'd out like this:

dd if=/dev/zero of=/dev/sda bs=16M

Here's some background:

You can restore stuff from magnetic tapes that has been recorded over (like VHS or MC) because the original signal is not replaced but just dampened. So basically you can filter out the current signal and increase what is left to get a bad quality version of the previous signal. You can actually restore audio and video to some extend using this method.

Now a guy called Peter Gutmann theorized that the same should hold true for data on magnetic drives (i.e. harddisks). He has never proven that this could work nor has anyone ever done it. To the contrary. In a paper from a couple of years ago it has been (mathematically sound) proven to be impossible to restore any data from a drive that has been zero'd out.

Actually that is not quite true. You CAN restore data to some extend. With perfect conditions (i.e. knowing the exact physical position on the drive) you can restore a single bit with a chance of less than 20%. If you want to recover two consecutive bits, the probabilities multiply. So it is 0.2 x 0.2 = 0.04. A chance of 4% to rescue two consecutive bits. No lets go for a full byte: 0.2^8 = 0.00000256 = 0.000256%.

Don't waste your time and health of your drive doing this. And NEVER NEVER ever overwrite, zero-out or whatever an SSD drive. Everything I wrote above goes for magnetical HDDs and not for SSDs. SSDs are encrypted by default. If you want to secure-delete them, use the functions provided by the firmware of the SSD.

Agreed!  NIST revoked that recommendation something like 12 years ago so the government recommendation is long gone and I don't even believe the DoD is doing this any more.  They decided that, particularly with high capacity drives, there is simply no need. 

http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf

Specifically on Pg 14 it says:

Advancing technology has created a situation that has altered previously held best practices regarding magnetic disk
type storage media. Basically the change in track density and the related changes in the storage medium have created
a situation where the acts of clearing and purging the media have converged. That is, for ATA disk drives manufactured
after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and
laboratory attack.

New location for the document.

http://csrc.nist.gov/publications/drafts/800-88-rev1/sp800_88_r1_draft.pdf

Interestingly,  I could not find the quoted paragraph in the new document.  Moreover,  page 29-31 now suggest an optional multipass erase.

It's at the end of page 29, but it is in a different format.

There is no guarantee that your hard drive electronics aren't relocating writes on the actual disk platter also, so good luck with thinking that your data is all wiped.

There is a small chance that zero-ing out a drive will miss sectors that the drive hardware has reallocated.

That's why "Secure Erase" (Google it) will overwrite everything, even sectors marked as bad. The drive's own electronics do the overwrite, you just tell it to start, and it reports when it's finished. It's the fastest method, as well. The Parted Magic live linux CD has a GUI interface to run Secure Erase.

you can restore a single bit with a chance of less than 20%

I get your gist, but your numbers don't make much sense. If my chances of restoring a single bit correctly are only 20%, then for each bit I attempt to recover, I should really go with its logical opposite and be 80% right every time. Maybe you mean a 20% higher chance than the 50:50 chance I have by guessing? If so, you need to adjust your math at the chances of correctly guessing a byte.

Okay, I have worked in computer remarketing for a decade, basically what happens to computer systems after large businesses no longer require them. So, whilst I would never care enough to 3 pass my own hard drive, businesses want this performed to their equipment, and I derive employment out of this perception. So whether it is true or false means little to me at all, who am I to argue with those who want to put money in my wallet for leaving a desk of 100+ computers wiping for a couple of hours? Honestly, any data that is confidential, should really never leave the servers, or if it does, encrypted, and then if you really were that badly paranoid, crush the hard drive, do a Dexter and just drop it in the sea.

SSDs are not "encrypted by default"  If you take an SSD out of one computer and put it in another you can read ALL of the data.  Wear leveling is not encryption.  The storage on hard disks is a "signal", and it does remain  Just because it is a "digital" signal does not mean it isn't a signal.  The read-write head has a specific size, and generates a magnetic field with an area of effect, which falls of by the inverse square of the distance from the head.   This means reading and writing affect nearby bits as well.

If the probability of recovering a single bit is 20% (1 in 5) then it is possible to recover 20% of the disk (even if it is in non-sequential bits).  With that much recovered, and knowledge of a significant part of the drive, such as file descriptors,  headers, OS files, the file allocation table, NTFS alternate data streams, etc; it is possible to recover a large portion of the disk (granted it will be very time intensive).

So if you do some complex math you can figure out what the neighboring bits were and fill in the holes.

Other comments here are correct - "shredding" or using other multi-pass overwrites on disks is a useless waste of time.  The "dd" command to zero out the whole disk is all you ever need to clear the disk.

If it were at all possible to read deleted data, there would be commercial companies offering the service.

 If you have good reason to be seriously paranoid (maybe you make nuclear missiles as a hobby), then no amount of overwriting will remove things like re-mapped disk sectors.  So you simply destroy the disk physically, such as by feeding the platters into a real shredder.

 For SSD's, as mentioned in another comment, it's a different matter (though it is incorrect to assume the data is encrypted).  The only way to wipe everything from the chips is to use low-level SATA secure wipe commands.  But the "dd" command is still good enough in most cases - you need soldering and electronic equipment to read the raw data off the memory chips.

Hey,

 I think the best way to "destroy" your data is just user full disk encryption and if you want to destroy your data change the all the passphrases into 64 Byte of randomness.

echo $(cat /dev/urandom | head -c 256) > /tmp/luksslot0

cryptsetup luksAddKey /dev/disk/by-uuid/$uuid /tmp/luksslot2 --key-file /tmp/luksslot0

After this it will not matter if you use dd or shred to overwrite the partition

ErAce will over write hard disk 1-100 times. It is stand alone ISO image. ISO can be burned to cd/dvd or to usb-stick. So it is possible to erase all hard drives in system. It can be downloade from erace.it or from sourceforge.

Lame link to pay to download Linux ISO site. Let's take out most the features of something free like knoppix or ubcd and make people pay to download it. Hate that kind of free software exploitation. Then we can spam useful cool articles and try to sell something they don't need if they read the article. As always, great article Falco.

The author says "Even zero'ing out your hard drive might not be enough" - may anybody say WHY?

I used HDShredder on a hard drive and now I can't even install Windows on it as the drive is not recognized, despite formatting and setting an active partition.

This was very helpful. Thank You :)

> Please note that shred can take a long time, depending on the size of your partitions/hard drives and the number of runs (-n).

Fair enough, but there is no feedback on how far it has got.  Most things either fail in the first second, or work OK, so some simple "Started OK ..." is better than nothing.

gah reading this now on 11% of my first pass of 3 of shred :(

I'm trying to locate an iso image that will simply boot up, so I can wipe/zero out my four hard drives without having to install anything on them. ErAce.it is no longer available on sourceforge.net - darn!