Secure Erasing is actually harder than that...

Trei, Peter ptrei at rsasecurity.com
Tue Feb 20 07:30:18 PST 2001 

> David Honig[SMTP:honig at sprynet.com] wrote:
> At 11:38 AM 2/19/01 -0800, Ray Dillinger wrote:
> >The problem is that data that's been written over once, or even 
> >twice or ten times, can often still be read if someone actually 
> >takes the platters out and uses electromagnetic microscopy on 
> >them. 
> >
> 
> Really?  You think the fed specs on secure wiping are disinfo?
> 
I don't think they're disinfo, but I suspect they are dated. Also, 
for highly sensitive data, the secure wiping standards generally
involve liberal use of thermite.

The problem lies in the gap between what disk 
manufacturers are willing to spend on disk r/w 
mechanisms,  and what an attacker is able to spend.

If your threat model does not include seizure (or a secret 
swap-out) of the hard drive, then yes, a single overwrite 
with random data will protect you pretty well. If something 
could  be done to use the existing head mechanisms to 
reliably recover over-written data, then the HD manufacturers 
would be  using it to boost capacity.

It's when your opponent can pull out the platters, and either
put them in a drive with better heads, or into an AFM rig, that
the remanent data becomes interesting. 

How many overwrites it takes to securly delete varies according
to several factors, including:

* How many random writes it takes to make the analog flux
levels irrecoverable.

* How much jitter there is in the drive - the likely hood that 
a given write of a sector will be a little closer or further from the
center of the track, measured radially (I suspect that this is
affected by termperature and the most recent head movement)

* How accurate the drive is in speed and time - ie, if a given bit
is written slightly earlier or later along the track than it was the
previous time. Again, temperature may be an important factor.

I would expect that as disks become denser, the head mechanisms
also become more precise, and the recover problem gets harder.

It's my vague recollection that some of the newer storage technologies
(CD-RWs, MOs, etc) use preformatted pits to store the data bits. Its
possible that for these technologies, the number of overwrites 
required to make data irrecoverable is considerably lower, but that's
outside my area of expertise.

Peter Trei

More information about the cypherpunks-legacy mailing list