Gutmann’s 35-Pass Overwrite Technique

Discussion in 'privacy technology' started by Pleonasm, Apr 27, 2008.

Thread Status:
Not open for further replies.
  1. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    I was recently looking at Peter Gutmann’s famous 1996 paper Secure Deletion of Data from Magnetic and Solid-State Memory again, and noticed that it now contains an epilogue:

    This practical advice from the “guru” of file erasing may be of interest to readers of this forum.
     
  2. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
  3. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Re: Gutmann’s 35-Pass Overwrite Technique

    I now use the 7 pass Schneier method
     
  4. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    That has actually been in more threads than we could probably count in one night. It's still good reading though.
     
  5. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    While the shredders in the context menu of my 2 linux partitions use the 7 pass method, I only use 2 or 3 passes for free space wiping. I have yet to see a specific example of a file being recovered, even marginally intact, after a 3 pass wipe.
     
  6. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    Re: Gutmann’s 35-Pass Overwrite Technique

    Can I ask what the advantages are to using as opposed to say a 5-6 pass of psuedo data? I have read that psuedo data is better because the wiping wouldn't be obvious.

    How does the Schneier method differ from DoD?
     
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Well if there is nothing recognizable there, wouldn't it be obvious that it was overwritten?
     
  8. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Bruce Schneier (7 passes): The Bruce Schneier method offers a seven pass overwriting algorithm. The first with all ones, the second all with zeroes and then five times with a cryptographically secure pseudo-random sequence.
     
  9. HyperFlow

    HyperFlow Registered Member

    Joined:
    Mar 21, 2008
    Posts:
    115
    i tried a 35 pass a few times wOw the time it takes o_O i just do 3 passes now :D
     
  10. Dogbiscuit

    Dogbiscuit Guest

  11. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Dogbiscuit, the article you referenced (“Can Intelligence Agencies Read Overwritten Data? A response to Gutmann.”) is fascinating, and I recommend that all who visit this thread read it.

    The article raises the following challenge: is there any empirical evidence that a governmental agency or data recovery company has ever been able to successfully retrieve the contents of a file from a modern hard disk drive that has been overwritten – even if only with a single pass?

    I ask that forum members comment upon this challenge.

    Thank you.
     
  12. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    As a matter of curiosity, I conducted a “live chat” with Ontrack Data Recovery, a leading and highly respected commercial service for the recovery of data from hard disk drives. They indicated that if a disk sector has been overwritten (even once), then they are not able to retrieve the prior contents of that sector. This information supports the thesis of the article “Can Intelligence Agencies Read Overwritten Data?” cited previously.

    I encourage forum members to contact other competitive data recovery companies to see what they have to say on the issue, and post the insights in this thread.
     
  13. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I think you are right. The only caveat being that certain intelligence agencies may (emphasis there on 'may') have highly classified methods of advanced data recovery. But this business of adding 35-wipes on erasing software is just ridiculous. One wipe and it's gone. Period. Unless you're wanted by the heaviest of agencies for purposes of national security. They wouldn't waste their time, money and information leakage on 'typical' crimes, no matter how heinous.
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I zero my WD HDD with a tool provided by WD one time. After that my HDD looks like a new one, according WD. It takes 20m for a full zero (80gb), which I consider as very reasonable. I have also a very quick zero, which zeroes the first and last part of the HDD, probably 1m or so, don't remember.
    The Gutmann's 35-pass overwrite is good for Nutmann or is it Nutmen ?

    I don't use my zero tool for privacy reasons. I use it to get rid of all the malware like low level harddisk changes, corrupted partitions, Kid Of The Roots, ... ;)
     
    Last edited: May 2, 2008
  15. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    There's really not much to comment upon - a legacy possibility existed in the past, but technology changed and the concern is paranoia run amok when discussing current HDD's. One overwrite is enough. There are plenty of real issues out there is one needs a topic to be concerned about.

    Blue
     
  16. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    These statements are consistent with my own conversation with Ontrack Data Recovery, described in a prior post. However, it is nonetheless reasonable to ask: what sources can be cited as supporting evidence for the assertion?

    Thank you.
     
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Well, if any of us could actually lay hold to an affordable micro magnetic-scope we might see other things but all things being equal we're all mostly constrained to use what's deemed reasonably effective in determining how well our HD Disk is been wiped.

    Personally, i used to use D-Ban, and like EricAlbert sometimes i used the HD manufacturer's zero tool, but anymore i use White Canyon's Wipe Drive Pro with no more than a single pass of different methods, several to choose from algorithms.

    Where before on a new install the yellow line on XP installer used to move across at seemingly timed intervals, after a wipe that same yellow line goes all the way to 100% on each XP new install i do now, and the full install time has really dropped off for me.

    IMHO the Gutmann's 35 pass overwrite technique may be at least of some Psychological usefullness on individual files and folders although i use single pass pseudo and files/folders are changed dramatically.

    The only real noticable difference i seem to gain on a daily basis is from using RESTORATION to Delete Completely as it says already deleted files, and i'm no expert so i can't explain in so much detail the WHY it works, only that it does enough that it's a basic part of my own daily routine to squeeze out every fraction of speed possible.
     
  18. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Sure:These tend to be referenced in the various other discussions/summaries out there, so these are not new references. The thing is to read them, then understand the technology behind some of the approaches discussed to recover the overwritten data.

    Blue
     
  19. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Performing regular 35 pass erasing on SSD devices is not really advised as it will wear memory extremelly fast. Regular HDD's are not affected as they have virtually unlimited reads/writes.
     
  20. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Not anymore. For all practical purposes, SSD is also unlimited read/writes. The confusion came with two different standards in determining the life of these drives. The standard for traditional hard drives was based on MTBF (mean time between failures) while SSD was measured in number of read/write cycles. When the equivalent testing is done it shows superior lifetimes for SSD. Time and time again. In one DELL study, they found the following:

    "Mean Time Between Failure (MTBF) calculations of 1.9M hours for SSD vs. 550K hours for standard HDD by Dell Labs using Telcordia methodology."

    Google this and you'll find that we now know that the read/write cycles are even fewer over the life of the traditional magnetic hard drives versus SSD. The confusion came about by using two differing methodologies for determining the life cycle of these drives. Using the same standards - SSD blows away the magnetic drive in MTBF and read/write life cycles.
     
    Last edited: May 4, 2008
  21. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Is this product more effective than Eraser or R-Wipe? I looked at the website and the only difference that I see between the Wipedrive and Wipedrive Pro is the ability to use it on multiple computers. Do you think that there is any other benefit to using Pro? Or is Wipedrive just as good for a single user?
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I really can't say in all honesty, only that i gave it a try and was satisfied with the results so much i went ahead and took the dive.

    So far i haven't been disappointed, my installs are for me more swifter now after running it's wipe which is been my purpose for trying to find something, anything to fully wipe soundly enough to squeeze out some additional speed and White Canyon's disk seems to do what i been looking for.

    With me it's not so much a matter of privacy as performance, and although that floppy disk eraser HDDErase also seems pretty potent, it locked me out of my drive once and i been a little leary of going that route again ever since, although who knows, maybe it does an even better job.

    I'd like to read Blue's opinions of it as well as anyone else who is gone that route a few times with it if it's wipe is proportionally a bit better than some others or not.

    EASTER
     
  23. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    BlueZannetti, thank you for providing links to references on the subject of data recovery (see post #18 ). I have had an opportunity to read these documents, and – indeed – they paint a picture in which overwriting data (even once) seems highly effective.
     
  24. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Also of interest to readers of this thread...

    Source: Remembrance of Data Passed: A Study of Disk Sanitization Practices
     
  25. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Just a note:

    Besides being one of the fastest wiping tools around, Secure Erase has a brother called Enhanced Secure Erase which is faster. The drive must support the feature.
    But what does this mean? Where it may take an hour or so to wipe with Secure Erase, it will take, in some cases, "milliseconds" when using Enhanced Secure Erase.
    So what drives out there support E.S.E.?
    Hitachi for one.
    http://www.hitachigst.com/hdd/support/bulk_faqs.htm
    Q: I'm using a utility called HDDErase (version 3.2) (http://cmrr.ucsd.edu/people/Hughes/
    SecureErase.shtml). Why doesn't your hard drive work with the enhanced security erase function?
    A: The current version (v3.3) of HDDErase now works properly with the enhanced security erase feature. Please download and use this version.

    Have fun

    Fujitsu is another:
    http://www.fujitsu.com/global/news/pr/archives/month/2008/20080421-01.html
    Fujitsu to Launch World's First 320 GB 2.5" Hard Drive with AES 256-bit Encryption

    This series is the first hard disk drive in the world to support the 256-bit Advanced Encryption Standard (AES)(3). The drive implements the AES hardware encryption directly into the processor chip of the hard disk drive, resulting in more robust security and faster system performance than software-based encryption.

    All data stored on the hard disk drive can be erased instantly, in less than a second, using the advanced secure erase feature.

    Built in encryption, wipe in less than a second. Yeah Boy! That's what I'm Talkin Bout!
     
    Last edited: May 12, 2008
Thread Status:
Not open for further replies.