On 07/25/2012 12:14 PM, Ted Unangst wrote:
On Wed, Jul 25, 2012 at 17:38, Paul de Weerd wrote:
Please read
http://www.vidarholen.net/~vidar/overwriting_hard_drive_data.pdf
I think it's time to stop propagating the Guttman lies. Overwriting
more than once does not help.
In fairness to Guttman, he's not the liar. The paper, linked below,
is still an interesting read. But as he notes in the epilogue, "In
the time since this paper was published, some people have treated the
35-pass overwrite technique described in it more as a kind of voodoo
incantation to banish evil spirits than the result of a technical
analysis of drive encoding techniques. As a result, they advocate
applying the voodoo to PRML and EPRML drives even though it will have
no more effect than a simple scrubbing with random data. In fact
performing the full 35-pass overwrite is pointless for any drive since
it targets a blend of scenarios involving all types of (normally-used)
encoding technology, which covers everything back to 30+-year-old MFM
methods (if you don't understand that statement, re-read the paper)."
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
[I think naddy's suggestion to use arc4random is reasonable will
update for that soon.]
Both authors say that multi-gigabyte disks are very hard problems for
reconstructing data - IMnsHO impossible in practice because of the
huge time required to search the platters.
It's reasonable to think of someone reducing the search time
using software to find areas possibly containing interesting
data for scrutiny.
Blocks of zeroes on a used disk are somewhat conspicuous.
Filling "erased" blocks with random bits would make attempts to find
using software where files had been just a little bit harder.
Blocks of Facebook postings, fragments of badly written web pages,
etc. might also serve.
More seriously, scrambling indirect blocks when deleting a file
removes one more clue. I've used indirect blocks to find deleted file\
fragments. That's something better left to the kernel.
Geoff Steckel
