0

I just got a program that can "shred" files so they cannot be recovered. It offers 4 erasing methods:

  • Random Data Method (1 pass)
  • US DoD 5200.22M-STD (3 passes)
  • US DoD 5200.28-STD (7 passes)
  • Peter Gutmann Method (35 passes)

The program claims that the Gutman algorithm is the most secure, however I've read that that method is not necessary now with modern hard drives (not SSDs) and only a few passes or random scrubbing should be enough.

Which is the most secure method (with out actually having to physically destroy the drive)?

diego
  • 19
  • 2
    LMGTFY: http://en.wikipedia.org/wiki/Data_erasure – dg99 Nov 15 '13 at 20:50
  • @dg99: Superuser is trying to be a destination of web searches, not a source of them. – LawrenceC Nov 15 '13 at 21:37
  • What are you, CIA? – tumchaaditya Nov 15 '13 at 21:41
  • My vague memory is that 35 passes didn't make sense even way back then but was a combined worst case. Guess I should re-read the Gutmann paper.

    Also individual file shredding is not the same as disk erasing or even free space erasing (i.e., has different issues such as file names in directory, tips, ...). The question needs to be refined and then is probably answered several times over. Disk type and vintage (therefore technology)? File v. disk v. free space?

    Security is not absolute but relative to the risk.

     – BillR Nov 15 '13 at 22:38

1 Answers1

1

The Gutmann method is in fact the most secure, and IIRC was developed based on principals of electo-magnetics in his academic paper 'Secure Deletion from Magnetic and Solid State Media', so its a theoretically secure solution. per a cryptographic definition of "perfect secrecy" he is correct, because when you overwrite a disk, it is possible to make assumptions about the files that were on it, and it can be proven that a given known file has been present on a disk, even if you can't read it now, per his findings. his algorithm is designed to defeat that potential.

In the Practical realm, it is almost impossible to recover data that has been overwritten once unless the attacker knows something about the data they are attempting to recover. This has been proven a number of times. Note that this has nothing to do with the moderness of the disk.

https://raufakram.wordpress.com/2013/05/23/why-you-only-have-to-wipe-a-disk-once-to-erase-it/

ultimately , if you are facing an adversary with unlimited capability (FBI) use Guttman. if you are worried about wiping a PC before you put it up for sale, single pass is fine. http://blogs.computerworld.com/node/5687

Frank Thomas
  • 36,135
  • You don't address the SSD verses the disks Gutmann wrote about, which were MFM and RLL drives, so several of the patterns are useless on SSD. Most modern drives have Secure Erase implemented directly . . . – ernie Nov 15 '13 at 21:30
  • Oops, comment for OP, not Frank – BillR Nov 15 '13 at 22:32
  • @ernie, yeah, the OP seemed uninterested about ssds, though the linked documents do cover the topic. – Frank Thomas Nov 16 '13 at 00:39
  • @FrankThomas Ah, I misread the question . . . I thought they were asking about SSDs specifically . . . sorry for the confusion – ernie Nov 18 '13 at 18:09
  • There is good reason to think that, even for the drives that were current at the time he wrote that paper, Gutmann was wildly overstating the case. (Note that he never claimed to have recovered even a single sector.) See my answer here: http://superuser.com/a/977824/348119 – Jamie Hanrahan Jun 14 '16 at 07:26