[Cialug] Semi-OT: wiping a hard drive once is enough?

Josh More morej at alliancetechnologies.net
Wed Mar 11 13:22:38 CDT 2009 

This was confirmed at my most recent security conference.

Really, it's a balance between practicality and ideal security.  In the
olden days, the drives were also smaller capacity, which resulted in
larger "bins" representing the ones and zeros.  The logic to do
multi-passes to overwrite the data was based on the following facts:

1)  We don't want to buy new drives, because drives are expensive.
2) Our data is highly valuable, and we have to securely remove it
before we reuse the drives.
3) The "slip" factor with the heads in the relative large bins are such
that if we overwrite the data, you can check the "edges" and still see
what was there.

Point 3 was real, but MUCH less of a concern for drives than it was for
tapes.  Since they dealt with the problem of tapes with multiple passes,
they figured that the same would work for drives.  It did... but then
things changed.

These days, storage is cheap and the bins are very small. 
Additionally, as part of the drives being cheap, the heads are cheap, so
you can't easily position the head to another location at the edge of
each bin.  Thus, one overwrite effectively wipes out the data.

>From a practicality standpoint, you basically have two classifications
of data:

1) OMG TOP SECRET!!!eleven!!!!!
2) Everything Else

For level 1, the sort of data that, if leaked, would topple
governments, kill businesses or produce a sequel to Stan Lee's
"Lightspeed", the best option is to wipe the drive, shred it and burn
the remainder.  (In small business, put two holes through the platters
and power the drives on.)  After all, storage is cheap.

For level 2, one pass is sufficient.



 

-Josh More, RHCE, CISSP, NCLP, GIAC 
 morej at alliancetechnologies.net 
 515-245-7701



>>> Nathan Stien <nathanism at gmail.com> 03/11/09 1:12 PM >>> 
Howdy Luggers,

http://www.h-online.com/news/Secure-deletion-a-single-overwrite-will-do-it--/112432

In the above link, the author says that multi-pass hard drive wiping
programs are silly, because overwriting data once with zeroes is enough
to
make it unrecoverable to forensics experts.  This is definitely counter
to
what I have been taught, and I'm curious what y'all think about it.

- Nathan

More information about the Cialug mailing list