Gutmann’s 35-Pass Overwrite Technique

I was recently looking at Peter Gutmann’s famous 1996 paper Secure Deletion of Data from Magnetic and Solid-State Memory again, and noticed that it now contains an epilogue:

This practical advice from the “guru” of file erasing may be of interest to readers of this forum.

 

Yeah, that was discused some time ago in a tread i'm too lazy to look for right now.

If I remember well, in modern disks, 35 passes are overkill.


EDIT: I looked for it after all : https://www.wilderssecurity.com/showthread.php?t=194601

 

Re: Gutmann’s 35-Pass Overwrite Technique

I now use the 7 pass Schneier method

 

That has actually been in more threads than we could probably count in one night. It's still good reading though.

 

While the shredders in the context menu of my 2 linux partitions use the 7 pass method, I only use 2 or 3 passes for free space wiping. I have yet to see a specific example of a file being recovered, even marginally intact, after a 3 pass wipe.

 

Re: Gutmann’s 35-Pass Overwrite Technique

Can I ask what the advantages are to using as opposed to say a 5-6 pass of psuedo data? I have read that psuedo data is better because the wiping wouldn't be obvious.

How does the Schneier method differ from DoD?

 

Well if there is nothing recognizable there, wouldn't it be obvious that it was overwritten?

 

Bruce Schneier (7 passes): The Bruce Schneier method offers a seven pass overwriting algorithm. The first with all ones, the second all with zeroes and then five times with a cryptographically secure pseudo-random sequence.

 

i tried a 35 pass a few times wOw the time it takes i just do 3 passes now

 

Can Intelligence Agencies Read Overwritten Data?

 

Dogbiscuit, the article you referenced (“Can Intelligence Agencies Read Overwritten Data? A response to Gutmann.”) is fascinating, and I recommend that all who visit this thread read it.

The article raises the following challenge: is there any empirical evidence that a governmental agency or data recovery company has ever been able to successfully retrieve the contents of a file from a modern hard disk drive that has been overwritten – even if only with a single pass?

I ask that forum members comment upon this challenge.

Thank you.

 

As a matter of curiosity, I conducted a “live chat” with Ontrack Data Recovery, a leading and highly respected commercial service for the recovery of data from hard disk drives. They indicated that if a disk sector has been overwritten (even once), then they are not able to retrieve the prior contents of that sector. This information supports the thesis of the article “Can Intelligence Agencies Read Overwritten Data?” cited previously.

I encourage forum members to contact other competitive data recovery companies to see what they have to say on the issue, and post the insights in this thread.

 

I think you are right. The only caveat being that certain intelligence agencies may (emphasis there on 'may') have highly classified methods of advanced data recovery. But this business of adding 35-wipes on erasing software is just ridiculous. One wipe and it's gone. Period. Unless you're wanted by the heaviest of agencies for purposes of national security. They wouldn't waste their time, money and information leakage on 'typical' crimes, no matter how heinous.

 

I zero my WD HDD with a tool provided by WD one time. After that my HDD looks like a new one, according WD. It takes 20m for a full zero (80gb), which I consider as very reasonable. I have also a very quick zero, which zeroes the first and last part of the HDD, probably 1m or so, don't remember.
The Gutmann's 35-pass overwrite is good for Nutmann or is it Nutmen ?

I don't use my zero tool for privacy reasons. I use it to get rid of all the malware like low level harddisk changes, corrupted partitions, Kid Of The Roots, ...

 

There's really not much to comment upon - a legacy possibility existed in the past, but technology changed and the concern is paranoia run amok when discussing current HDD's. One overwrite is enough. There are plenty of real issues out there is one needs a topic to be concerned about.

Blue

 

These statements are consistent with my own conversation with Ontrack Data Recovery, described in a prior post. However, it is nonetheless reasonable to ask: what sources can be cited as supporting evidence for the assertion?

Thank you.

 

Well, if any of us could actually lay hold to an affordable micro magnetic-scope we might see other things but all things being equal we're all mostly constrained to use what's deemed reasonably effective in determining how well our HD Disk is been wiped.

Personally, i used to use D-Ban, and like EricAlbert sometimes i used the HD manufacturer's zero tool, but anymore i use White Canyon's Wipe Drive Pro with no more than a single pass of different methods, several to choose from algorithms.

Where before on a new install the yellow line on XP installer used to move across at seemingly timed intervals, after a wipe that same yellow line goes all the way to 100% on each XP new install i do now, and the full install time has really dropped off for me.

IMHO the Gutmann's 35 pass overwrite technique may be at least of some Psychological usefullness on individual files and folders although i use single pass pseudo and files/folders are changed dramatically.

The only real noticable difference i seem to gain on a daily basis is from using RESTORATION to Delete Completely as it says already deleted files, and i'm no expert so i can't explain in so much detail the WHY it works, only that it does enough that it's a basic part of my own daily routine to squeeze out every fraction of speed possible.

 

Sure:

• My own technical assessment of the current physical and logisitical capabilities of the various atomic scale imaging microscopies that would need to be used - I'm a techie in my day job and this specific technical area does fall under the scope of the R&D section that I head.
• Recovering Unrecoverable Data: The Need for Drive-Independent Data Recovery - note : direct link to pdf file
• Data Removal and Erasure from Hard Disk Drives

These tend to be referenced in the various other discussions/summaries out there, so these are not new references. The thing is to read them, then understand the technology behind some of the approaches discussed to recover the overwritten data.

Blue

 

Performing regular 35 pass erasing on SSD devices is not really advised as it will wear memory extremelly fast. Regular HDD's are not affected as they have virtually unlimited reads/writes.

 

Not anymore. For all practical purposes, SSD is also unlimited read/writes. The confusion came with two different standards in determining the life of these drives. The standard for traditional hard drives was based on MTBF (mean time between failures) while SSD was measured in number of read/write cycles. When the equivalent testing is done it shows superior lifetimes for SSD. Time and time again. In one DELL study, they found the following:

"Mean Time Between Failure (MTBF) calculations of 1.9M hours for SSD vs. 550K hours for standard HDD by Dell Labs using Telcordia methodology."

Google this and you'll find that we now know that the read/write cycles are even fewer over the life of the traditional magnetic hard drives versus SSD. The confusion came about by using two differing methodologies for determining the life cycle of these drives. Using the same standards - SSD blows away the magnetic drive in MTBF and read/write life cycles.

 

Is this product more effective than Eraser or R-Wipe? I looked at the website and the only difference that I see between the Wipedrive and Wipedrive Pro is the ability to use it on multiple computers. Do you think that there is any other benefit to using Pro? Or is Wipedrive just as good for a single user?

 

I really can't say in all honesty, only that i gave it a try and was satisfied with the results so much i went ahead and took the dive.

So far i haven't been disappointed, my installs are for me more swifter now after running it's wipe which is been my purpose for trying to find something, anything to fully wipe soundly enough to squeeze out some additional speed and White Canyon's disk seems to do what i been looking for.

With me it's not so much a matter of privacy as performance, and although that floppy disk eraser HDDErase also seems pretty potent, it locked me out of my drive once and i been a little leary of going that route again ever since, although who knows, maybe it does an even better job.

I'd like to read Blue's opinions of it as well as anyone else who is gone that route a few times with it if it's wipe is proportionally a bit better than some others or not.

EASTER

 

BlueZannetti, thank you for providing links to references on the subject of data recovery (see post #18 ). I have had an opportunity to read these documents, and – indeed – they paint a picture in which overwriting data (even once) seems highly effective.

 

Also of interest to readers of this thread...

Source: Remembrance of Data Passed: A Study of Disk Sanitization Practices

 

Just a note:

Besides being one of the fastest wiping tools around, Secure Erase has a brother called Enhanced Secure Erase which is faster. The drive must support the feature.
But what does this mean? Where it may take an hour or so to wipe with Secure Erase, it will take, in some cases, "milliseconds" when using Enhanced Secure Erase.
So what drives out there support E.S.E.?
Hitachi for one.
http://www.hitachigst.com/hdd/support/bulk_faqs.htm
Q: I'm using a utility called HDDErase (version 3.2) (http://cmrr.ucsd.edu/people/Hughes/
SecureErase.shtml). Why doesn't your hard drive work with the enhanced security erase function?
A: The current version (v3.3) of HDDErase now works properly with the enhanced security erase feature. Please download and use this version.

Have fun

Fujitsu is another:
http://www.fujitsu.com/global/news/pr/archives/month/2008/20080421-01.html
Fujitsu to Launch World's First 320 GB 2.5" Hard Drive with AES 256-bit Encryption

This series is the first hard disk drive in the world to support the 256-bit Advanced Encryption Standard (AES)(3). The drive implements the AES hardware encryption directly into the processor chip of the hard disk drive, resulting in more robust security and faster system performance than software-based encryption.

All data stored on the hard disk drive can be erased instantly, in less than a second, using the advanced secure erase feature.

Built in encryption, wipe in less than a second. Yeah Boy! That's what I'm Talkin Bout!