How To Really And Fully Wipe A Hard Drive?

root_dev_X ventures: "Admittedly, this is a random question, but here goes - Does anyone out there know of any ways to totally erase the data on a drive? Some friends of mine got into a discussion about this not too long ago; one of them told me they had heard from a friend in the military that they hooked up old HDDs to modified stun-guns and zapped them in order to totally erase them - apparently this method scrambled the magnetic field of the disk, leaving the data irrecoverable. Does this work? Are there any other methods for "data-destruction" (keeping the platter intact, that is)?" A nice "obliberate data to the point of senselessness" tool would be nice -- or is keeping the platter intact a senseless question if you want true security?

Re:its easy....

...and ineffective.

Playing off ideas from Bruce Schneier's writings, there are three different people you want to protect yourself against here: casual snooopers, experienced hackers, and dedicated experts.

The casual snooper is someone like, say, my mom, who is baffled by Windows Explorer. You strategy will handle people like this very well, for the most part. If however you're trying to "really" wipe out the hard drive though, that's not enough.

The next person is the moderately adept hacker, who probably has the smarts but doesn't necessarily have the tools to get everything. This kind of person might be able to, for example, mount your hard drive on a Linux system and use various filesystem tools to retreive the contents of the disc. This is easier to do than you might think (anecdote: on my last computer, I went through various partitioning schemes to make room for Win95, BeOS, and Linux. I was surprised to find that one of my reinstalls brought me back to an earlier state of the disc, because the "new" partitioning was one I had used before, and the data was now accessible again. What I thought I had thrown away forever was once again accessible). A quick format might or might not fend off this level of cracker, but don't get your hopes up. A more thorough defense here would be to rewrite the whole drive at least once, if not a handful of times, with something like 1010101010101010101 etc.

The third level of cracker is someone with both the expertise and the tools needed to get whatever they want from your drive. Apparently, the magnetic field on the disc stores an imprint of the last dozen or so writes, thus the above 101010101 strategy only masks the contents of the disc, but it does not remove them. Slightly more clever destruction attacks add more entropy to what you're writing to the disc (add in enough variation to disrupt the magnetic field in various ways: 0000000111111111000000001111111) but even still you're just sweeping over your tracks, not really eliminating them. For this level of attacker, the only sure defence is really to thoroughly destroy the disc -- break it, burn it, scratch it up & cast the remains to the four corners of the world.

So, the short answer to the original question would be something like: "yes, it's possible to *really* erase a disc, but you have to know who you're trying to hide things from and how far you're willing to go to hide it."

separate the pieces

There is at least one military organization that decomissions drives by overwriting them a bunch of times. Then, they cut the drive in half with a saw and take each half to a different facility for disposal (which usually involves melting the drive).

See Peter Gutmann's Usenix paper on secure deletion of data from magnetic and solid state memory [auckland.ac.nz] for some truly impressive data recovery methods.

--

Re:There is no 100% sure way to destroy data.

>Several wiping programs are available that will overwrite data multiple times with binary patterns - checkerboards, solid 0's, solid 1's, random patterns, etc.

You correctly point out that physical destruction of media is the only way to be sure.

One thing to be aware of when overwriting data with patterns is that what you think you write to disk isn't what you write to disk.

A string of "00000000" isn't "all magnetic north poles up", and a string of "11111111" isn't "all magnetic north poles down".

Drive firmware maps these bit streams into encodings that are broken up into patterns of ones and zeroes that the heads can always read - much the same way that your serial port would get very confused if you tried to download a 100K file of "all zeroes" by just holding the ReceiveData line low for 30 seconds with no parity or stop bits.

The actual encoding method by which the bitstream is encoded into alternating magnetic patterns is probably drive-dependent. As a result, the "ideal" pattern of bytes the controller should write to the drive to create patterns of alternating, or mostly-North, or mostly-South, magnetism, will also be drive-dependent.

Practical application: The Apple ]['s "disk ][" floppy controller used to have a feature where you could tell the floppy drive to give you the data as seen by the read/write head. By changing the encoding scheme to a less-redundant, but equally-reliable one, you went from 13 sectors per track to 16 sectors per track. Many copy-protection-breaking programs of the day would give you the bytes as seen by the drive head and use this to determine what encoding (or if a custom encoding) was in use.

In hard drives - MFM and RLL are two encoding schemes. RLL drives were exactly the same hardware inside, but used a different encoding scheme. RLL stood for Run-Length-Limited, where "Run-Length" can be loosely translated into "number of consecutive all-north-poles-in-a-row the drive firmware will tell the head to read/write for any given input bit sequence. As such, the RLL version of a drive typically had 30M of user space, whereas the MFM-encoded drive - same hardware - had 20M of user space.

Today's drives work on the same mechanism at the head/platter level, it's just buried under many more levels (BIOS, C/H/S remapping, LBA, etc. etc. etc.) of abstraction.

Others have posted links to this paper [auckland.ac.nz]. I've merely summarized section 3. It's a damn good paper.

If it's important - whether military or corporate secrets - physically destroy the media and buy a new drive.

Re:its easy....

...and ineffective.

/. needs a new moderation category "didn't get the joke".

Simple

Put it under that gun that shrinks quarters. Give it to a friend. Say "Hey man I compressed my hard drive" :)

its easy....

right click on the drive and choose format, quick format is nice and fast!!!

;)

How to destroy anything...

Give it to a five year old. They can destoy anything .

No Need to!

Here is a fool-proof method to keep people from even wanting to read your data:

For the next week, take all of the Trolls posts on Slashdot and store them in random places on your harddrive where the data needs to be destroyed. Anybody who trys to read that data would get so sick of reading "Frist Post", "wh00p", "pron" & "3133t h4x0r" and seeing lots of nasty goatse.cx links that they would immediatly dispose of the hard drive without getting any sensititve material

I guess that method wouldn't work if you were a troll trying to cover your footsteps, though! :-)

This won't work.

In order to truly erase a drive, for good, you need to wipe it dozens of times. There are data recovery centers that can recover files on drives that have been written to (i believe) 8 or 9 times after a file has been deleted or a disk has been formatted, so if you're not going to damage the surface of the drive, you're going to need to format like crazy, and fill it with junk every time.

- A.P.

--
* CmdrTaco is an idiot.

Now you did it

All of you who said that no matter what, data can't be erased, gave me an idea.

Unlimited storage.

That's right. Every time you need more disk space, simply delete something not used in a while, then overwrite it with a new file. Need that old file back? Great - have the filesystem automagically run a recovery on it. Put it into the kernel, and we've got blackholefs.

The end result is a bottomless pit of unlimited drive space :) Even more interesting is that the files you use the least may eventually become unrecoverable and forgotten over years, lessening the need to clear out your clutter. Files that you haven't used in a while might take a bit of time to come up, but you usually won't mind the wait. Stuff you use all the time will always be available. So how about it, kernel hackers? And my sig's appropriate this time around, too!

(and yes, I am joking, but if someone can think of a way to really do this them I'll REALLY be impressed!)

Other techniques

Lawrance Livermore used to take decommissioned hard drives and Syquest style media in the green area and dump the platters into a vat of acid. Floppy disks went through the three-pass shredders, so you end up with fine magnetic dust.

The original specification for overwriting disks containing classified but not secret data called for 300 overwrite passes, alternating between all-zeros, all-ones, alternating zero-one, alternating one-zero, and "worst case pattern" (for those old MFM drives, the 16-bit pattern 0xDAC3). You needed to know the exact drive geometry, because you want to do all the tracks on a platter individually, using a back-and-forth sweep so as to get into the guard bands as much as possible.

(In other words, wipe from cylinder 0-max on head zero, then from cylinder max-0, then go to the next pattern and wipe. Then you go to the next head.)

Is it worth it? At today's prices, I don't think so.

Use Shred from GNU Fileutils

GNU fileutils has a program called 'shred' that writes over a harddrive ~30 times in a way that makes data recovery ~impossible. I have two drives in my Linux box. What I do is mount the one I want to wipe out as ext2. Then

shred -z /dev/hd[a,b,c or d]

It takes ~6-8 hours to wipe out a 10GB drive.

Data destruction 101

• The naieve way
  
  Delete your files. This will keep a six-year-old from recovering them. If you're running a UNIX which doesn't have a recycling bin, nor a broken file system which still leaves data lingering intact long after "deletion", then you'll be able to keep a seven-year-old from recovering them.
  
  
• The cryptographic way
  
  Follow the following procedure:
  
  1. Overwrite all your data with 0xFF.
  2. Overwrite all your data again with 0x00.
  3. Overwrite all your data with a good random or pseudorandom stream of data.
  4. Repeat this process at least seven times--more if you like.
  
  
  
• The smart way
  
  Follow the cryptographic method outlined above. Then get out a sledgehammer and physically destroy the drive. Drop the platter in a metal wastebasket, douse it in lighter fluid and set the thing on fire. Don't stop until the platter is totally destroyed.

... All this may sound overly paranoid, but if your data really is that important it's the only way to go. A new hard drive is $250 nowadays; the cost of important secrets getting out is easily a few orders of magnitude higher. Physical destruction of media is the only way to be fairly certain that the data is destroyed.

Keep in mind that the cryptographic method may fail, and even a bulk degausser isn't guaranteed. They can do amazing things with electron microscopy today.