If you have a private data on a recent, normal hard drive - how many passes do you need to delete the data to make it unrecoverable?
Not in the sense, that a forensic team of 20 experts with a budget of 100 million euro or dollars and 10 years of time to restore a couple of bytes from a known address with 80% accuracy, but few people with a few 1000 €/$ budget, who wouldn't spend more than two weeks on the job, and who don't know where on the drive they are searching.
Linux/GNU shred says in the manual:
-n, --iterations=N
overwrite N times instead of the default (3)
but on the one hand I heard about an NSA suggestion to overwrite 27 times, and on the other hand professional data recovery firms could not recover data from a drive that was wiped just once.
Evidence, papers, proof?
Note: What this question is not:
- It's not about bad sectors, where data might slip through
- It's not about old MFM/RLL-drives from the early 90ies
- It's not about different tools
- It's not so much about the method (random numbers 0s, 0xFF and fancy patterns).
- It's not about different techniques to wipe it securely (magnetic power, melting, filling with sand and turning).
- It's not about special problems of flash drives
Answer
Once.
Modern magnetic media are quite efficient, and leave behind very little evidence of former bit positions. What is left behind requires electron microscopes and/or high-tech magnetometric (or whatever they're called) scanners. All such devices are horrendously expensive, and even with the best equipment and most-skilled experts, it takes a monumental amount of time (think years for a single platter; all hard disks have multiple platters) and has a very high failure rate.
If you're dealing with government secrets (as the NSA is) then write-once probably isn't good enough, because China has no problem obtaining and using these devices, nor employing teams of hundreds of specialized experts to use them.
If, on the other hand, you're merely dealing with personal banking passwords and your secret pr0n stash, a single pass is plenty sufficient to render the data completely unrecoverable from any practical means.
That said, modern disks are quite fast, and unless you're wiping the entirety of a hard drive multiple passes take so little time that there's really no reason not to do them. Thus, while the fallacy that you have to overwrite multiple times with complex patterns of passes is widespread enough that all "secure deletion" software defaults to multiple passes, there's really very little point to overriding those defaults. When I used shred (default number of passes: 3) I let it do its 3 passes; when I use Eraser on Windows (default number of passes on a file: 35), I let it do its 35 passes. (Eraser defaults to only a single pass when deleting free space on a hard drive; this, too, I let run at the default.)
So the answer to your question (How many passes are needed?) is: "One." The answer to your implied question (Should I override shred's default 3 passes?) is: "Nah."
On the other hand, if you are a secret government agent, well, one pass really isn't enough because you do have China after your data. If this is the case, though, you should be asking your superior/handler what your agency's regulations are regarding secure deletion of sensitive data, not SU. ;-)
Caveat: Flash-based media employ a system called "wear leveling" to extend the life of the device. Without going into the details of what the term means or the reasons behind it, it means that you really can't securely delete files on flash-based media unless you securely wipe the entire media, and even that can't always guarantee that the wear-leveling algorithms didn't leave behind un-wiped data that you couldn't write to. In the case of flash-based media, your best bet is to simply encrypt any and all sensitive data that goes onto it, using a strong password.
TrueCrypt's documentation includes an excellent discussion of this problem, and ways to solve it.
No comments:
Post a Comment