What's the best algorithm to secure erase HDD?

0

1

There are a lot of secure erasing algorithms in erasing softwares. What's the best of these algorithms?

Leadri

Posted 2013-02-25T20:27:51.330

Reputation: 219

Question was closed 2013-02-25T22:08:02.023

2The ATA spec has a Secure Erase command, which will potentially erase your hard drive more thoroughly than any software that operates at the block or filesystem level. – rob – 2013-02-25T20:32:57.627

Other than a hammer? :) – Nicole Hamilton – 2013-02-25T21:00:01.263

Answers

3

Disclaimer: Most of this advice applies to spinning metal (conventional HDDs) with unencrypted data.

How paranoid do you want to be? An unsophisticated attacker is unlikely to be able to overcome even a single pass of zeroes. A three-letter-agency might have the capability to recover some data even after overwrites with patterns or random data. Or not. Who knows, they don't talk about their capabilities that I know of.

Even if you made dozens of passes with a mix of various patterns and random data, you might have some data fragments sitting on reassigned bad sectors. You probably won't be able to wipe those without being able to talk to the drive firmware and help from the manufacturer / custom tools. If sensitive data has ever been on the drive unencrypted, the only way to guarantee it's gone is total drive destruction (mechanical shredding, etc). Outfits that deal with classified data usually have special warranty arrangements with drive manufacturers such that they only have to return the top cover of the drive.

IMHO, the best you can do nowadays for spinning metal is to overwrite with at least one pass of random bits. If full drive encryption has been used, that's probably more than good enough. If sensitive data was on the drive unencrypted and you're worried about a sophisticated attacker, you can consider total destruction.

As folks are pointing out (rob), there is an ATA secure erase command. It's probably fine against an unsophisticated attacker.

SSDs are a totally different type of critter, as Hennes has pointed out. If the software the manufacturer provides has some kind of erase capability, use it (or the ATA command, hopefully they provided a custom implementation suited to their device). Overwriting with patterns is going to eat into the life of the device, and who knows what the heck is actually happening at the physical level, the firmware is going to do what it wants (wear leveling, spare cells, write optimization, etc), so no guarantee you've cleared all the cells.

As for implementations, DBAN (see ioSamurai's post) is probably the easiest cross platform solution, depending on how the target device is attached. On Windows, I've used Eraser (heide.ie), but there are many options. Same for OS X. Linux is a bit more limited, but if nothing else you can get the job done with dd and /dev/urandom on the raw device (or, for increased paranoia, use the RNG of your choice, I've used ISAAC, OS X /dev/random uses Yarrow).

Mark Johnson

Posted 2013-02-25T20:27:51.330

Reputation: 2 561

Second that for most spinning hard disks. For a SSD use the 'secure erase' command of the drive. Both because it is more efficient and because non all NAND is exposed the the user. – Hennes – 2013-02-25T20:31:47.117

"An unsophisticated attacker is unlikely to be able to overcome even a single pass of zeroes": I have yet to see a sophisticated attacker recover a single file on an HDD manufactured less than 10 years ago zeroed out. Just a single one. Even with a SEM... I could not find any paper claiming that so far. – None – 2013-09-06T12:56:36.530

@Mark Johnson Just as you said: you are presuming. ;) It is not possible to recover usable data using smaller HDD heads with current drives. This is only a question of physical space: HDD manufacturers are trying to densify on-plate data and shrink IO heads as much as possible. If the information between sectors was usable, this would have already been used by the manufacturers already. As well, contiguous sectors are erase all at once, so there is no gap in between. Also, when I say current drives are zeroed out, they are: there is no deterministic persistence. This is needed to avoid errors – None – 2013-09-09T16:36:59.467

Ok. And depending on how paranoid you are, you can also kill anyone coming close from your computer. Yes, this would be stupid in almost every case. HDDs are like screens. Old ones were CRT and you could exploit them to get back a partial image of what was last on screen. Newer LCD screens can't be exploited that way. Newer tech will bring denser screen. It won't help with current screen exploitation. – None – 2013-09-10T20:07:31.937

NSA guys are no wizards. It's not underestimation. But you are most certainly overestimating the value of your files. – None – 2013-09-10T20:10:52.853

3 comments: 1. If you value your data, chances are pretty high that the NSA wouldn't. And, if all the data you want to hide is your collection of pron, this is just useless. 2. If I was interested in your data, I wouldn't wait for you to discard your old HDD, especially if chances are high that it was encrypted. I would try to install a trojan and trafic going IO your internet wire. Some guys even use VMs on encrypted partitions on encrypted system that they access only through liveCDs. – None – 2013-09-12T06:12:17.120

start="3">

  • Recovery technology can be enhanced all you like : if there is nothing to recover, there is nothing to recover. In current HDD, after a wipe, noise is bigger than data persistence! Even worse, zeroing out a drive does not consist anymore to decrease the magnetic moment of a bunch of molecules under a defined threshold to be considered as 0. Current disks try to nullify this magnetic moment. Sometimes perfectly. Sometimes not enough. Sometimes too much. There is the paranoia which tends to increase your safety. And there is the one which only increase your feeling of safety.
    • < – None – 2013-09-12T06:25:28.620

    I understand your point. This is sensible. My point is that there is no evidence or even the tiniest hint of evidence that zeroing a HDD is not enough. I would add that except in some specific cases, * valuable data == encryption* at least. I'd like to stress that when someone really want to get your data, it is much cheaper and efficient to attack and exploit either your system or you (threats, social engineering). – None – 2013-09-13T17:11:19.987

    3

    Old drives used to have common faults which is why many legacy security HDD erasing programs include options like 'multiple passes', etc. Drives of today are not prone to this issue and a single pass of zero/random bytes should be sufficient.

    Check out boot & nuke: http://www.dban.org/

    MetaGuru

    Posted 2013-02-25T20:27:51.330

    Reputation: 3 589

    0

    To my knowledge there is no "best" algorithm. Simply overwrite with random bytes once should be sufficient for hard drives (not necessarily SSD). Even overwriting it several times has not been proven to be any more useful than doing it once. In particular also check out the Criticism article under Gutmann method.

    The claim that a disk should be overwritten multiple times stems from the times of tape drives. So this may well be applicable to your backup tapes, still.

    You should check out "The Great Zero Challenge" via your favorite search machine. Basically it is true that there is a chance to guess the original contents of a single bit right. But if you are even slightly familiar with probability you know what that means if we're talking about eight bits (i.e. one Byte), let alone Gibibytes of data.

    0xC0000022L

    Posted 2013-02-25T20:27:51.330

    Reputation: 5 091

    0

    The best possible method is "(enhanced) secure erase" it was developed for that purpose. Since it is part of the ATA feature set it works for HDDs aswell as SSDs. If you are paranoid you can run (enhaced) secure erase multiple times.

    The easiest way to use it is to make a Live CD/USB of your favourite Linux distro and then run hdparm. It is quite easy. You can follow this guide: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

    Note:

    Secure erase overwrites all user data areas with binary zeroes. Enhanced secure erase writes predetermined data patterns (set by the manufacturer) to all user data areas, including sectors that are no longer in use due to reallocation.

    kschurig

    Posted 2013-02-25T20:27:51.330

    Reputation: 56

    Sez the manufacturer, who is firmly seated in the pocket of Three Letter Agency. -- Professional Paranoid. – vonbrand – 2013-02-26T01:53:07.670

    If you're that paranoid you can destroy the drive otherwise (enhaced) secure erase is your choice. – kschurig – 2013-02-26T15:49:44.500

    As far as the disk plates are concerned, "(enhanced) secure erase" will just zero out the data. Which is enough unless you can prove me wrong. – None – 2013-09-06T12:59:43.497

    Asked: 2013-02-25T20:27:51.330

    Viewed: 12 276 times

    Active: 2013-02-25T21:00:53.470