On Thu, Jan 09, 2020 at 10:11:15AM +0000, Andy Smith wrote:
Hello,
On Thu, Jan 09, 2020 at 12:11:54PM +1300, Ben Caradoc-Davies wrote:
If you need to protect against an attacker willing to examine your HDD with
magnetic force microscopy, there is no substitute for physical destruction
of the media.
Even then it's unnecessary! No has ever recovered usable data from a
modern (less than 15 years old) used HDD after a single pass of
writes.
[...]
So, for the main data areas of the HDD, one pass of writes is always
enough and anything more is just a meaningless ritual.
Some will argue that a better-funded attacker may somehow have
better microscopes even to the point that they have technological
breakthroughs not known to the wider world. However, the paper also
makes clear that the limit is not the sensitivity of the microscope,
but the fact that any drive that has been in use for a while has too
much noise for the data immediately prior to the wipe to be
distinguishable from that.
Physical destruction is recommended in three cases:
1) the drive is broken. overwriting a broken drive is hard.
3) the data is high value and needs to be protected "forever". this
probably doesn't apply to you, but if it does it would be irresponsible
to not destroy the drive. the liklihood of future advances making it
possible to recover overwritten data may be low, but if the cost of
destroying the drive is basically the value of an EOL drive (near zero)
and the potential cost of the data being compromised is high, it makes
no sense to not simply destroy the drive.
3) you need to wipe and verify that the data has been wiped on a large
number of EOL hard drives. in many cases it is sufficient to sample hard
drives after a wiping process, but for high value data if 100% wiping
and verification is warranted it's probably more cost effective to shred
the drives than pay for the labor to overwrite and verify the
overwriting.
