Crazy erasing on new drives worth it?

Discussion in 'privacy general' started by Pfipps, Dec 14, 2007.

Thread Status:
Not open for further replies.
  1. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    I was reading the DBAN website and it said that the Gutmann method is basically useless on modern harddrives.

    Quote from the webpage: http://dban.sourceforge.net/faq/index.html

    In particular, Gutmann says that "in the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data... For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do".

    Does this mean that even the 7 pass method might be useless?
     
  2. firefox2008

    firefox2008 Registered Member

    Joined:
    May 17, 2007
    Posts:
    125
    Useless or over excessive?
     
  3. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    Gutmann says that only a couple random passes is all you can do. If that's true, it means that more erasures give no benefit at all. However, I know experts can disagree, which is why I posted.
     
  4. firefox2008

    firefox2008 Registered Member

    Joined:
    May 17, 2007
    Posts:
    125
    Then there is quite of bit of fraudulent software that markets itself with 35 or 7 eraser pass capability as though that is better. Maybe the more passes the better applies to single files not so much entire drives.
    I hope it doesn't matter as much because it would certainly save time if it made no difference.
     
  5. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I am all for saving time by cutting down on the number of passes, if guttman himself puts boubt on the 35 pass method. Doesn't Todays denser HD disks suggest a different erasing patern or even more passes or a different erasing method entirely....like sand basting :D
     
  6. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    What would be the effect of formatting the NTFS partition or drive with FAT32 then reformat again back to NTFS?
     
  7. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I have tried to use this without any ability to use. I have bios restrictions and think the only way I can use this is to remove HD to another comp.
    It is called secure erase and is built into your HD. A samll prog to access it.

    The Center for Magnetic Recording Research @ University of California San Diego
    http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml

    Many of the links are pdf, but one is txt of readme.

    http://cmrr.ucsd.edu/people/Hughes/CmrrSecureEraseProtocols.pdf
    In this they describe the short comings of the other methods.

    http://cmrr.ucsd.edu/people/Hughes/HDDEraseReadMe.txt

    The prog is also included on Ultimate Boot CD.

    I would like to find a method that would bypass the bios freeze lock and allow to wipe HPA/DCO.
    I have already tried:
    Hdderase.exe
    Feature Tool
    Sector Editor
    It is a Tos sat laptop A215. I was unable to find anything at the Tos website.
     
  8. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Excessive.

    Blue
     
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,102
    The Gutmann approach only works effectively on drives older than 2001 as discussed by the Secure Erase folks at CMRR.UCSD.EDU . Modern drives (after 2001) no longer use the MFM/RLL encoding, thus, three random passes are all that is required and sufficient and for newer drives.

    -- Tom
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Very useful and thorough from my own local studies of it, HDDerase i'm refering to.

    Seems more users are reporting in about their BIOS being password blocked or blocked altogether preventing needed erasing of their HD for a fresh clean reinstall, and frankly i'm not at liberty to offer any useful suggestions in this particular area short of removing the BIOS chipe itself and having it replaced with one that is not constrained as such.

    The more i read into these type issue ever increasing, the more i feel a customized home built system is the best choice overall compared to shelf-sales retail boxes.

    Microsoft really leaves users in the dark and i suppose they are not in reality obligated to offer much help concerning HARDWARE.
     
  11. reparsed

    reparsed Registered Member

    Joined:
    Dec 20, 2005
    Posts:
    40
    Location:
    Ohio, USA
    Is “old data” more susceptible to recovery after secure deletion than a file that only spent a couple minutes on the drive before being securely deleted? With this in mind, would 3 passes over the course of 3 days be any more effective than 3 passes in a few seconds?
     
  12. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Update:

    suggestions for reformatting:

    use Ultimate Boot CD
    in Harddrive tools/wiping utilities/HDDErase.exe
    prerequisites for using the program-
    1. HD must be in primary or secondary channel, does not work on usb-sorry external peeps
    2. Only works with Intel Architecture
    HD must be wiped with this prog in an Intel Machine, sorry AMD only peeps.

    What are the advantages of wiping with HDDErase.exe?
    1. It is equivelent to physical destruction or degausing as security goes, with the advantage of still being able to use the drive.
    2. It will also erase HPA/DCO's that may harbour problems.
    3. Most of the other wiping progs are Block Writers. HD's from '02 till now, contain different sector and sector header methods. The newer HD's maybe damaged by the old block wiping programs (like boot n nuke, heidi or killdisk) or may not wipe the drive properly if no damage.
    More info can be found here:http://cmrr.ucsd.edu/
    and here, http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml
    If your going to reformat, may as well do it properly.

    It's not some bios freeze lock I have to worry about. It's the fact that HDDerase doesn't work on AMD chips. I guess I know who is funding the research @ CMRR.
     
  13. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
  14. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    We are now officially in an infinite loop :D :blink:
     
  15. ragnarok2012

    ragnarok2012 Registered Member

    Joined:
    Jun 20, 2007
    Posts:
    45
    If you are a true clinical paranoid or a criminal, 35 passes may make you sleep better ( in which case it would be worth the time/effort/wear and tear ect).

    I believe that only a few passes (3-5 [depending one's peccadilloes]) is good enough for the rest of us.
     
  16. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    @Pleonasm
    &4 every1 else:

    1. Normal Secure Erase takes 30-60 minutes to complete. Some ATA drives also implement the standard Enhanced Secure Erase command that takes only milliseconds to complete.

    2. Normal File Deletion
    -Minutes
    -Very Poor
    -Deletes only file pointers, not actual data

    DoD 5220 Block Erase
    -Up to several days
    -Medium
    -Need 3 writes + verify, cannot erase reassigned blocks

    Secure Erase
    -1-2 hours
    -High
    -In-drive overwrite of all user accessible records

    NIST 800-88 Enhanced Secure Erase
    -Seconds
    -Very high
    -Change in-drive encryption key

    3. According to newly released data sanitization document NIST 800-884, acceptable methods include executing the in-drive Secure Erase command, and degaussing. These data sanitization methods erase data even against recovery even using exotic laboratory techniques.

    4. Legal Penalties for Failure to Sanitize Data

    5. Block erase is most commonly used. While it significantly better than no erase, or file deletion, or drive formatting, it is vulnerable to malware and incomplete erasure of all data blocks. Examples are data blocks reassigned by drives, multiple drive partitions, host protected areas, device configuration overlays, and drive faults.

    6. Normal secure erase is approved by NIST 800-88 for legal sanitization of user data up to Confidential, and enhanced secure erase for higher levels. Enhanced level has only recently been implemented, initially in Seagate drives, and these drives are under evaluation by the CMRR.

    7. Even such physical destruction is not absolute if any remaining disk pieces are larger than a single 512-byte record block in size, about 1/125” in today’s drives.

    8. Degausing erases all magnetic recordings in a hard disk drive, including the sector header information on drive data tracks (information necessary for drive head positioning and data error recovery).Track and disk motor magnets are often also erased by degausser magnetic fields. Like physical destruction, when a disk drive has been successfully degaussed it is no longer useable.

    “Hybrid drives” are now being introduced for notebook or laptop computers that have flash memory write cache on hard disk drive circuit boards. (Relevent only in the sense that malware might hide here, not sure though. Must've missed this on the last read through.)

    9. It is difficult for external software to reliably sanitize user data stored on a hard disk drive. Many commercial software packages are available using variations of DoD 5220, making as many as 35 overwrite passes. But in today’s drives, multiple overwrites are no more effective than a single overwrite.

    10. DoD 5220 overwriting has other vulnerabilities (i.e. Block Wiping<comment by Searching_ _ _), such as erasing only to a drive’s Maximum Address, which can be set lower than its native capacity; not erasing reallocated (error) blocks; or miss extra partitions. External overwrites cannot access the reallocated sectors on most drives, and any data once recorded is left on these sectors. These sectors could conceivably be recovered and decoded by exotic forensics. While enterprise-class drives and drive systems (SCSI/FC/SAS/iSCSI) allow software commands to test all the user blocks for write and read ability, mass market drives (PATA/SATA) cannot read, write, or detect reassigned blocks since they have no logical block address for a user to access.

    11. Secure erase is built into the hard disk drive itself and thus is far less susceptible to malicious software attack than external software utilities. (Anyone who makes their living by writing malicious malware for personal profit, not to improve community understanding of such things, would see Secure Erase as a THREAT.

    12. Secure erase is a positive easy-to-use data destroy command, amounting to “electronic data shredding.” Executing the command causes a drive to internally completely erase all possible user data record areas by overwriting, including g-list records that could contain readable data in reallocated disk sectors (sectors that the drive no longer uses because they have hard errors).

    For more indepth than this, the document goes into greater detail than I should post here. It is very deeply researched. http://cmrr.ucsd.edu/people/Hughes/DataSanitizationTutorial.pdf

    Secure Erase is a Threat to nefarious malware writers who profit on the lack of complete and accurate information that the majority of users have. Disinformation is their only weapon to counter this tool.

    Technology has changed since 1996. Hopefully, this will enlighten people about new security methods and improving technologies that make personal as well as commercial interests less vulnurable, while older techniques and technologies increases their vulnurablility.

    Sincerely,
    Searching_ _ _
     
    Last edited: May 11, 2008
  17. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Searching, for me, HDDerase has one fatal flaw: it does not support SCSI/SAS hard disk drives. For users with PATA/SATA drives that do support the Secure Erase command, it makes sense to employ HDDerase.
     
  18. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    A standardized internal secure erase command also exists for SCSI drives, but it is optional and not currently implemented in SCSI drives tested by CMRR. SCSI drives are a small percentage of the world’s hard disk
    drives, and the command will be implemented when users demand it.

    So get on the phone, write letters to your congressmen. Get involved. Don't be a bystander while others are enjoying what you should have, what every american has a right to, a God given right! Don't allow others to get in the way of your dreams and trample them as if they were meaningless. Fight back with your words and your ideas that truth, justice and the common american ideal is reality for all.

    Searching_ _ _
    P.S.
    Don't let the poptarts burn!

    It should read- Hard Drive Manufacturer instead of congressmen---^ Are we having fun yet :D
     
Loading...
Thread Status:
Not open for further replies.