Why is writing zeros (or random data) over a hard drive multiple times better than just doing it once?

  • Lots of different programs, such as Darik's Boot and Nuke, let you write over a hard drive multiple times under the guise of it being more secure than just doing it once. Why?

    I would just throw it into a campfire until the metal melts.

    Relevant: http://sansforensics.wordpress.com/2009/01/15/overwriting-hard-drive-data" target="_blank">Overwriting Hard Drive Data.

    @user27150 Does a campfire burn hot enough to melt the metal in a hard drive?

  • Summary: it was marginally better on older drives, but doesn't matter now. Multiple passes erase a tree with overkill but miss the rest of the forest. Use encryption.

    The origin lies in work by Peter Gutmann, who showed that there is some memory in a disk bit: a zero that's been overwritten with a zero can be distinguished from a one that's been overwritten with a zero, with a probability higher than 1/2. However, Gutmann's work has been somewhat overhyped, and does not extend to modern disks. “The urban legend of multipass hard disk overwrite and DoD 5220-22-M” by Brian Smithson has a good overview of the topic.

    The article that started it is “Secure Deletion of Data from Magnetic and Solid-State Memory” by Peter Gutmann, presented at USENIX in 1996. He measured data remanence after repeated wipes, and saw that after 31 passes, he was unable (with expensive equipment) to distinguish a multiply-overwritten one from a multiply-overwritten zero. Hence he proposed a 35-pass wipe as an overkill measure.

    Note that this attack assumes an attacker with physical access to the disk and somewhat expensive equipment. It is rather unrealistic to assume that an attacker with such means will choose this method of attack rather than, say, lead pipe cryptography.

    Gutmann's findings do not extend to modern disk technologies, which pack data more and more. “Overwriting Hard Drive Data: The Great Wiping Controversy” by Craig Wright, Dave Kleiman and Shyaam Sundhar is a recent article on the topic; they were unable to replicate Gutmann's recovery with recent drives. They also note that the probability of recovering successive bits does not have a strong correlation, meaning that an attacker is very unlikely to recover, say, a full secret key or even a byte. Overwriting with zeroes is slightly less destructive than overwriting with random data, but even a single pass with zeroes makes the probability of any useful recovery very low. Gutmann somewhat contests the article; however, he agrees with the conclusion that his recovery techniques are not applicable to modern disks:

    Any modern drive will most likely be a hopeless task, what with ultra-high densities and use of perpendicular recording I don't see how MFM would even get a usable image, and then the use of EPRML will mean that even if you could magically transfer some sort of image into a file, the ability to decode that to recover the original data would be quite challenging.

    Gutmann later studied flash technologies, which show more remanence.

    If you're worried about an attacker with physical possession of the disk and expensive equipment, the quality of the overwrite is not what you should worry about. Disks reallocate sectors: if a sector is detected as defective, then the disk will not make it accessible to software ever again, but the data that was stored there may be recovered by the attacker. This phenomenon is worse on SSD due to their wear leveling.

    Some storage media have a secure erase command (ATA Secure Erase). UCSD CMRR provides a DOS utility to perform this command; under Linux you can use hdparm --security-erase. Note that this command may not have gone through extensive testing, and you will not be able to perform it if the disk died because of fried electronics, a failed motor, or crashed heads (unless you repair the damage, which would cost more than a new disk).

    If you're concerned about an attacker getting hold of the disk, don't put any confidential data on it. Or if you do, encrypt it. Encryption is cheap and reliable (well, as reliable as your password choice and system integrity).

    I should point out that US Government when it wants to wipe any storage media that contains senistive documents, will destory the media itself, in the case of a hdd its placed in a furnance. In the case of disk media ( CDR, DVDR ) shredder does a wonderful job.

    Indeed, Gutmann's findings do not extend to modern disk technologies, but that's not where research ended. Also, companies like Heise Security showed it is possible with modern (read: current) discs under the correct conditions. Physically destroying the media (as @Ramhound correctly stated) is probably the safest way to do it... yet, even those media will be multi-written and then low-level formatted before they are passed on for destruction.

    It should be noted that the CMRR utility fails for modern drives too simply because it's a DOS tool; and DOS does not understand SATA or other kinds of recent HDD controller systems.

    If a drive decides that a sector seems dubious and redirects all future writes somewhere else, will most secure-erase programs *ever* overwrite the original, or will they simply keep hitting the remapped sector?

    @supercat I don't know. In principle, they should ensure that all sectors are physically unreadable, but that relies on an optimal implementation. Secure erase firmware is often very opaque. It's hard to test independently because the recovery attacks on logically-but-not-physically-erased sectors aren't cheap.

    The purpose of Gutmann's 35 passes was to provide a "universal" wiping pattern that would work on any drive in use at the time, without the user needing to know what encoding system the drive used. It consisted of five patterns each done twice to cover MFM (the low storage density of MFM drives made them particularly vulnerable to data remnance), 15 patterns to cover (2,7)RLL, 18 patterns to cover (1,7)RLL, and eight passes with random data to try to deal with PRML. Since there's some overlap between patterns, this totals up to 35 passes.

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM