How many overwrites for secure erase?

On another list, someone asked a question which piqued my
curiosity.

U.S. DoD requires 7 overwrites. The OP wanted a '*technical*
justification of "15-times" or any other number. Technical one,
not "because mama said so".'

Has anyone actually recovered data that's been overwritten
even once by random data? Twice?

We know about the theoretical techniques to get the data. We
know it would be horrendously expensive. But has anyone
*actually* done it?

And, regardless, is there some number of overwrites that
*will* make the data unrecoverable? The OP was looking for
something better than pulling a number out of the air (or
wherever) - a number with some theoretical or experimental
justification.

I figured if anyone had the answers (and was allowed to give
them), it would likely be someone in this group.

--
Arthur T. - ar23hur "at" intergate "dot" com
Looking for a z/OS (IBM mainframe) systems programmer position

Arthur T.

Arthur T. wrote:


> And, regardless, is there some number of overwrites that
> *will* make the data unrecoverable?


Current harddrives are within about 5 to 10 % of the Shannon limit, thus one
overwrite should suffice.

Sebastian G.

From: "Arthur T." <>

| On another list, someone asked a question which piqued my
| curiosity.
|
| U.S. DoD requires 7 overwrites. The OP wanted a '*technical*
| justification of "15-times" or any other number. Technical one,
| not "because mama said so".'
|
| Has anyone actually recovered data that's been overwritten
| even once by random data? Twice?
|
| We know about the theoretical techniques to get the data. We
| know it would be horrendously expensive. But has anyone
| *actually* done it?
|
| And, regardless, is there some number of overwrites that
| *will* make the data unrecoverable? The OP was looking for
| something better than pulling a number out of the air (or
| wherever) - a number with some theoretical or experimental
| justification.
|
| I figured if anyone had the answers (and was allowed to give
| them), it would likely be someone in this group.
|

The DoD requirements are...

Write a bit pattern such as; 10101010
Write its complement; 01010101
Write another pattern such as; 11110000

Perform that six times.

The disk will then be sanitized.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

David H. Lipman

Arthur T. <> writes:

> On another list, someone asked a question which piqued my
>curiosity.

> U.S. DoD requires 7 overwrites. The OP wanted a '*technical*
>justification of "15-times" or any other number. Technical one,
>not "because mama said so".'

> Has anyone actually recovered data that's been overwritten
>even once by random data? Twice?

The claim is that in the past, hard drives would tend to keep traces of the
data. But now, because the manufacturer's are trying to squeeze the last
ounce of data out of drives, any such residual memory would be a source of
extra storage, so that modern disks have essentially zero redundancy and
those old techniques do not work. Ie, overwriting once is enough.

Note if the data is really that sensitive, overwrite and then destroy the
disk by a really hot fire


> We know about the theoretical techniques to get the data. We
>know it would be horrendously expensive. But has anyone
>*actually* done it?

The current claim is that it is not actually doable on modern disks.


> And, regardless, is there some number of overwrites that
>*will* make the data unrecoverable? The OP was looking for
>something better than pulling a number out of the air (or
>wherever) - a number with some theoretical or experimental
>justification.

Destroy the disk by fire. Really hot fire.
If the data is that secret, the cost of a disk is trivial.


> I figured if anyone had the answers (and was allowed to give
>them), it would likely be someone in this group.

Unruh

"David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

>From: "Arthur T." <>

>| On another list, someone asked a question which piqued my
>| curiosity.
>|
>| U.S. DoD requires 7 overwrites. The OP wanted a '*technical*
>| justification of "15-times" or any other number. Technical one,
>| not "because mama said so".'
>|
>| Has anyone actually recovered data that's been overwritten
>| even once by random data? Twice?
>|
>| We know about the theoretical techniques to get the data. We
>| know it would be horrendously expensive. But has anyone
>| *actually* done it?
>|
>| And, regardless, is there some number of overwrites that
>| *will* make the data unrecoverable? The OP was looking for
>| something better than pulling a number out of the air (or
>| wherever) - a number with some theoretical or experimental
>| justification.
>|
>| I figured if anyone had the answers (and was allowed to give
>| them), it would likely be someone in this group.
>|

>The DoD requirements are...

>Write a bit pattern such as; 10101010
>Write its complement; 01010101
>Write another pattern such as; 11110000

>Perform that six times.

>The disk will then be sanitized.

The dod is a bureacracy. Although the recmmendation probably made sense
once, once they had been promulgated they will never again change no matter
how the technology changes. To relax them puts someone's ass on the line.
What if he aralaxes them and suddenly some data leaks. Thus they are frozen
in time even if they make no sense whatsoever.
I would not take their recommendation as indicating anything whtsoever
about what the current best proctice is. While doing what they say may not
harm except that the wipe taks 2 days rather than 20min.-- which means
noone does it.

>--
>Dave
>http://www.claymania.com/removal-trojan-adware.html
>Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Unruh

Unruh wrote:


> The claim is that in the past, hard drives would tend to keep traces of the
> data. But now, because the manufacturer's are trying to squeeze the last
> ounce of data out of drives, any such residual memory would be a source of
> extra storage,


This is a bogus argument. Knowing that you could increase the data density
doesn't make it any more feasible if its computationally and technically
expensive.

> so that modern disks have essentially zero redundancy and
> those old techniques do not work. Ie, overwriting once is enough.


Well, at least the corollary holds.

With increased read speeds, the signals got so badly deluded that they're
essentially pure sinus waves. Matching with triggers became impossible, so
currently its done by comparing the signal against a large list (256 or
more) of signals in parallel and integrating over the absolute difference,
just to get the best match.
Since such a technique doesn't allow for any specialized signal codes, they
were free to resort to the very expensive, generic Turbo(-like) codes. And
since they had to use these anyway, they could also use their generism and
efficiency to increase data density to close to the Shannon limit.


> Note if the data is really that sensitive, overwrite and then destroy the
> disk by a really hot fire


Nonsense. The burnt material could shield small pieces of the disc from the
heat for a very long time.

Either you have a really really long fire (hours till days) of constant high
heat, or you may simply resort to degaussing or acid.

> The current claim is that it is not actually doable on modern disks.


It is, just the results are not significantly better than educated guessing.

Sebastian G.

From: "Unruh" <unruh->


|
| The dod is a bureacracy. Although the recmmendation probably made sense
| once, once they had been promulgated they will never again change no matter
| how the technology changes. To relax them puts someone's ass on the line.
| What if he aralaxes them and suddenly some data leaks. Thus they are frozen
| in time even if they make no sense whatsoever.
| I would not take their recommendation as indicating anything whtsoever
| about what the current best proctice is. While doing what they say may not
| harm except that the wipe taks 2 days rather than 20min.-- which means
| noone does it.
|

The standard has changed. What I posted was the NEW standard.

Don't say "..noone does it.". I see disk sanitization done all the time.

This isn't something for just Defense organizations. Sanitization should be done by *any*
company that has company proprietary information stored on their respective hard disks.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

David H. Lipman

Arthur T. <> writes:
> On another list, someone asked a question which piqued my
> curiosity.
>
> U.S. DoD requires 7 overwrites. The OP wanted a '*technical*
> justification of "15-times" or any other number. Technical one,
> not "because mama said so".'

post in another thread
http://www.garlic.com/~lynn/2008c.html#47 Data Erasure Products
http://www.garlic.com/~lynn/2008c.html#48 Data Erasure Products

the above hast reference to NIST standard for overwriting and GAO
finding that it was adequate ... and then some vendor study finding out
that they could still recover data (at least in the case of used
magnetic tape that the gov. was selling ... after overwrites).

as to disk, some really old email about disk track spacing being reduced
from 20widths to 10widths (doubling number of tracks ... later to
2widths).
http://www.garlic.com/~lynn/2006s.html#email871122
in this post
http://www.garlic.com/~lynn/2006s.html#30 Why magnetic drums was/are worse than disks ?

above also references early work on vertical/perpendicular recording
.... which more recently is showing up in commodity products
http://www.garlic.com/~lynn/2007o.html#64 Toshiba Boosts Hard Drive Density by 50%

this old email doing a different kind of head design (working with the
person that originated risc chip architecture)
http://www.garlic.com/~lynn/2006s.html#email871230

part of the issue use to be small head jitter ... head write surface
would be wider than head read surface ... to reasonable assure that most
recent write path would cover the area that subsequent reading head
would travel. by implication a subsequent write operation might not
exactly overlap a previous write operation (residual signal from
previous writes offset to one side or another).

quicky search engine turns up reference to current issues with
signal noise from closenest of adjacent tracks

this reference could imply possibly looking at noise from previous
writes:
http://www.lecroy.com/tm/solutions/d...NA/default.asp

Anne & Lynn Wheeler

Arthur T. <> wrote in
news::

> On another list, someone asked a question which piqued my
> curiosity.
>
> U.S. DoD requires 7 overwrites. The OP wanted a '*technical*
> justification of "15-times" or any other number. Technical one,
> not "because mama said so".'
>
> Has anyone actually recovered data that's been overwritten
> even once by random data? Twice?

In ye olde days you had "blobby bits" and wobbly heads. You don't have
that anymore.

There isn't, AFAIK, anyone offering to recover data from a disc that's
been over-written even once with all 0's. (Which would be eaiser than
recovering from an over write of pseudo random data.)

>a number with some theoretical or experimental
> justification.

Here are two theories:

1) The theory is that you don't know what tech your attacker has, and you
don't know what tech your attacker will invent in the future, and so you
over-write many times with patterns and random data, then take the
platters out and physically destroy them.

2) You have sensitive information (patient medical stuff, for example)
and it's just easier to do the belt-and-braces destroy thing than a
sensible destroy, if only to keep the wing-nuts out of your hair. You've
removed any doubt.

People might prefer to do cost-benefit risk analyses - it takes time (and
thus money) to overwrite disks.

bealoid

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:9YWvj.397$xg6.104@trnddc07:

> From: "Unruh" <unruh->
>
>
>|
>| The dod is a bureacracy. Although the recmmendation probably made
>| sense once, once they had been promulgated they will never again
>| change no matter how the technology changes. To relax them puts
>| someone's ass on the line. What if he aralaxes them and suddenly some
>| data leaks. Thus they are frozen in time even if they make no sense
>| whatsoever. I would not take their recommendation as indicating
>| anything whtsoever about what the current best proctice is. While
>| doing what they say may not harm except that the wipe taks 2 days
>| rather than 20min.-- which means noone does it.
>|
>
> The standard has changed. What I posted was the NEW standard.
>
> Don't say "..noone does it.". I see disk sanitization done all the
> time.
>
> This isn't something for just Defense organizations. Sanitization
> should be done by *any* company that has company proprietary
> information stored on their respective hard disks.


Sanitizing may be acceptable (I hae me douts) for a drive that is moving
within an organization (but even then only from and to low security
uses/users). For any HD leaving the company, the HD should be
*destroyed.* Many companies that do paper shredding also have a division
that will mangle HDs (and CDs, etc.) into tiny bits - often with a logged
secure custody chain, witnessing, etc.

Wiping is slow (especially for modern very big drives), and there are
many risks that it will be overlooked or will be done incompletely (e.g.,
all too easy for one in the "to be wiped" pile accidentally being moved
to the "wiped" pile without having been wiped).

HDs are cheap, liabilities are large - too cheap and too large to take
risks with for data leaking outside the company. Destroy 'em!

Regards,

nemo_outis