[clug] Secure Erase of disks/drives

Alex Satrapa grail at goldweb.com.au
Mon May 7 00:38:41 GMT 2007 

On 03/05/2007, at 11:05 , steve jenkin wrote:

> I was sure there'd been a thread on this in the last few months, but
> couldn't find it...
>
> For any of you needing to zap drives before disposal ...

This has been discussed on this list before in the last couple of  
months, and is a recurring theme amongst the nihilistic subscribers  
to the CLUG mailing list. Ask Google about articles from the CLUG  
list with the word "thermite". It always comes up in these  
discussions eg: http://lists.samba.org/archive/linux/2007-March/ 
017400.html - within two posts someone mentions thermite (if not by  
name).

Please read the paper at: http://www.cs.auckland.ac.nz/~pgut001/pubs/ 
secure_del.html

Most interesting quote from the paper:
    "A good scrubbing with random data will do about as well as can be
    expected". This was true in 1996, and is still true now.

Though possibly as interesting:
    In the time since this paper was published, some people have
    treated the 35-pass overwrite technique described in it more as a
    kind of voodoo incantation to banish evil spirits than the result
    of a technical analysis of drive encoding techniques. As a result,
    they advocate applying the voodoo to PRML and EPRML drives even
    though it will have no more effect than a simple scrubbing with
    random data.

Of course, if you're running a facility where you have to deal with  
the decommissioning of decades-old computer systems and have no idea  
what encoding mechanism is used, the 35-pass-voodoo might apply -  
after all, the people doing the actual "sanitising" of your equipment  
are likely to be "trained monkeys" - people from CentreLink's work  
for the dole service or some such who have no expertise in sensitive  
equipment disposal.

If writing random junk (cat /dev/random > /dev/hda) to the drive  
isn't enough to address your security concerns, then you need to go  
directly to the one-way Brownian encryption option (ie: grind the  
disks to dust, then burn them with Thermite or smelt them) or safe- 
storage.

Alex

More information about the linux mailing list