Re: Wiping Out Data

Tony Arnold wrote:

Matthew Flaschen wrote:
Felipe Figueiredo wrote:
On Tuesday 27 March 2007 07:10:35 Matthew Flaschen wrote:


That will rewrite the entire drive with gibberish 7 times (this can be
adjusted). That should mostly obliterate all data, then reformat the
Is it really different from

dd if=/dev/zero of=/dev/sdb

? I don't get it, why is it necessary to use random bits, instead of zeroing
all bytes (including the FATs)?

Simply overwriting the data once does not mean it can't be recovered.
The Department of Defense recommends overwriting 7 times with random
data. It is my understanding that shred can do this. Someone said
before that even:

This i true of magnetic media, because there is always residual
magnetism that can be read by sophisticated equipment. I'm not sure it's
true of USB and flash memory, but then I'm not sure how it works, so who
knows?

The problem is even worse for flash media, but for different reasons.

When you write a bit to magnetic media you're not actually writing a
"perfect" 1. At that level the media as analog in nature so you can
think of it as writing a value of something like .981. When you
"overwrite" that 1 bit with a 0 bit it's doesn't reset to a perfect 0.
Think of it as a .059 or so.

If you have a 1 and a 0 existing on a fresh drive their actual
values can be thought of as .981 and .004 (there's no such thing a
"perfectly neutral" media. Overwrite both with a 1 and you end up
with roughly .994 and .982. Then overwrite both with a 0 and you end up
with .063 and .060... just to grab some numbers out of thin air. ;)

The point is, the more you overwrite with a known pattern the closer
actual bit values will become, but they'll never actually meet, so the
pattern of 101110 or whatever will still exist. There's not a *lot*
of difference betwen .063 and .060, but there's some. If it's enough
difference for current technology to measure the pattern of bits could
be discovered.

Large numbers of passes with truly random bits can actually reverse the
relationship of some (random) bits, and without knowing what data was
used to preform each overwrite it's theoretically impossible to
reconstruct the original patterns. By measureing this sort of "residual
magnetism" anyway, there's other methods that might still succeed.

Flash media, on the other hand, is somewhat more digital in nature
and easier to overwrite to levels that can't be detected with current
technology, but that property itself is part of what makes them less
durable than magnetic media. Because flash media wears out relatively
quickly, media manufacturers have devised wear leveling schemes which
essentially mean that if you try to write a 1 over a 0, the 1 goes in
a different physical location, and the original bit still exists in
it's original physical location, untouched.

It should also be noted that utilities like shred and dd can be utterly
useless on file systems like ext3 because data is "cached" rather than
committed to disk after every write operation. IOW, you could overwrite
bits randomly 100 times, but it all happens in "RAM" so when the
housekeeping is done you've only *physically* overwritten the bits once,
with the last pattern your software used. Typically this is straight
zeros, so you've really spent a lot of time accomplishing nothing much
at all. :(

--
_?_ Outside of a dog, a book is a man's best friend.
(o o) Inside of a dog, it's too dark to read.
-oOO-(_)--OOo------------------------------[ Groucho Marx ]---
http://wrench.homelinux.net/~jeff/

Attachment: signature.asc
Description: PGP signature

--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Relevant Pages

  • Re: cannot eject cdrom after burning dvd (2nd time)
    ... format and a simple overwrite is sufficient. ... If you want to nullify the media, ... new data session to the DVD+RW media (can do the same with DVD-RW media ... Notice I used the actual device in the growisofs command ...
    (linux.redhat)
  • Re: cannot eject cdrom after burning dvd (2nd time)
    ... format and a simple overwrite is sufficient. ... data session to the DVD+RW media (can do the same with DVD-RW media but I ... Notice I used the actual device in the growisofs command instead ...
    (linux.redhat)
  • Re: back up exec 9.0 event id 58061
    ... Please note that depending on the current Media Overwrite Protection ... Consult the online help for more information on overwritable media. ... Respond Cancel to cancel the operation. ...
    (microsoft.public.windows.server.general)
  • RE: Interesting One
    ... upon one frequency signal overwriting the previously written pattern. ... typically overwrite values kept below ... A pattern of F2 now written at higher freq and on same track over old ...
    (Security-Basics)
  • Re: regarding secure data wipes on flash drives
    ... ...i know for magnetic media there is a residual charge left behind on the media leaving a ghost image of the old data when it is overwritten... ... aka. jump drives or flash drives) has a similar residual charge left behind ... this is less likely to work with mgnetic media (with a raw representation, it would simply offset then inverse offset the signal, leaving in its place a much weaker version). ...
    (alt.lang.asm)