On Fri, 21 Oct 2005, Steven M. Bellovin wrote:

> In message <e14f4ca0510201735t4f23cdfeja44d3d8f3bb8993d@mail.gmail.com>, Philip
> Jensen writes:
>> I am wanting to understand the risk outlined in this paper:-
>> http://wipe.sourceforge.net/secure_del.html
>>
>> Is it widely acknowledged that a disk (or file) needs to be
>> overwritten up to 30 times in order to remove any traceable
>> information on the magnetic media for the file?
>
> I don't know of any *public* source that I'd trust on this -- the paper
> you cite is almost 10 years old, and disk technology has changed a lot
> since then.  Have a look at http://dban.sourceforge.net/faq/index.html
> which quotes the author of that paper as saying
>
> 	"in the time since this paper was published, some people
> 	have treated the 35-pass overwrite technique described in
> 	it more as a kind of voodoo incantation to banish evil
> 	spirits than the result of a technical analysis of drive
> 	encoding techniques. As a result, they advocate applying
> 	the voodoo to PRML and EPRML drives even though it will
> 	have no more effect than a simple scrubbing with random
> 	data... For any modern PRML/EPRML drive, a few passes of
> 	random scrubbing is the best you can do".  >
>
>> If so, then does the -P switch for the NetBSD rm command really
>> provide the "security" of data erasure people think they are getting?
>> Or should the man page have an addition of "If you are serious about
>> removing all traces of this file then ......."?
>>
>> Lastly, how long would it take to retrieve the contents of a disk (or
>> file) which has been overwritten with `dd if=/dev/zero of=/dev/rsd0c`?
>>
>
> Who is trying to do the retrieval?  What are they wiling to spend?  How
> good are they?
>
> The free product that purports to do the best job of erasing a disk
> is dban, "Darik's Boot and Nuke" -- see http://dban.sourceforge.net/.
> (Someone, probably me, should put it in pkgsrc.)  But even it has its
> limits.  This is from the FAQ:
>
> 	Q: Does DBAN wipe remapped sectors?
>
> 	A: No.
>
> 	Q: Does DBAN wipe the Host Protected Area ("HPA")?
>
> 	A: No.
>
> 	Most vendors that are using the HPA have a toggle for it
> 	in the BIOS setup program. Future releases of DBAN may
> 	override or dishonor the HPA.
>
> The author also notes that there are some other situations where it
> won't work, including a serious enemy, and says "If you are seriously
> concerned about any of these situations, then consider drilling open your
> hard disk, grinding down the platters, and melting all of the parts in a
> furnace."
>
> A better source for that paper you pointed to is the author's copy, at
> http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html (and you should
> notify the maintainer of that page).  Peter's own version has an Epilogue
> that says "Looking at this from the other point of view, with the
> ever-increasing data density on disk platters and a corresponding
> reduction in feature size and use of exotic techniques to record data on
> the medium, it's unlikely that anything can be recovered from any recent
> drive except perhaps one or two levels via basic error-cancelling
> techniques."
>

I implemented the Gutmann 35-pass method for NetBSD. This is
in pkgsrc-wip as "neb-wipe".

I updated it for 64-bit platforms, but have not committed it yet
(although it worked for me on 32-bit platforms).

Can run 35-pass as well as user-defined number of random passes.

Note that this can wipe disklabel slices as well as whole
disks.

And, like dban, it will not wipe remapped sectors or hpa.

-Florian