petepalmer
asked on
Wiping hard disks
Hi,
One of my clients has a handful of PCs that they want to give to a local school / college. The problem is, these PCs have all had confidential information on them. To erase a disk how effective is the following Linux command :
cat /dev/zero > /dev/hda
This writes zero's across the whole disk, but is this effective in permanently erasing all the data and to prevent recovery? would /dev/random be any better?
Thanks in advance!
One of my clients has a handful of PCs that they want to give to a local school / college. The problem is, these PCs have all had confidential information on them. To erase a disk how effective is the following Linux command :
cat /dev/zero > /dev/hda
This writes zero's across the whole disk, but is this effective in permanently erasing all the data and to prevent recovery? would /dev/random be any better?
Thanks in advance!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
And relating to your question - yes, it should overwrite all
the data with zeros, the question whether it's enough is a good one, given the well-known paper by Peter Gutmann of 1996 that proved one overwrite leaves the traces of data behind. But as I've heard from more knowledgeable people in this field times have changed and harddisks of today are produced using improved technologies and harddisk heads are more powerful and indeed erase the data in 1 overwrite, but you can never be sure.
Of course all the above suggests that the opposing party has
necessary equipment to do so (I doubt students have)
Another thought - sometimes harddisk sectors containing data get marked as 'bad' and 'cat' won't erase them , but there are tools to look at those bad sectors.
Practical tip : overwriting with cat and zeros is much,much faster then with random data and/or 'shred'.
more info :
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
After all it all boils down to question - how worthy the data is. If it's 'cashable' (credit numbers, bank requisites etc) , then I'd say sorry folks (students) and just physically destroyed them.
the data with zeros, the question whether it's enough is a good one, given the well-known paper by Peter Gutmann of 1996 that proved one overwrite leaves the traces of data behind. But as I've heard from more knowledgeable people in this field times have changed and harddisks of today are produced using improved technologies and harddisk heads are more powerful and indeed erase the data in 1 overwrite, but you can never be sure.
Of course all the above suggests that the opposing party has
necessary equipment to do so (I doubt students have)
Another thought - sometimes harddisk sectors containing data get marked as 'bad' and 'cat' won't erase them , but there are tools to look at those bad sectors.
Practical tip : overwriting with cat and zeros is much,much faster then with random data and/or 'shred'.
more info :
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
After all it all boils down to question - how worthy the data is. If it's 'cashable' (credit numbers, bank requisites etc) , then I'd say sorry folks (students) and just physically destroyed them.
Here I found the statistics:
using cat /dev/zero took 35 mins for 40 Gb disk
using cat /dev/urandom took 532 minutes (almost 9 hours) for 40GB IDE
So do the math :) (have you a spare week to erase a disk?)
source:
http://nst.sourceforge.net/nst/docs/faq/ch12s02.html
HTH.
using cat /dev/zero took 35 mins for 40 Gb disk
using cat /dev/urandom took 532 minutes (almost 9 hours) for 40GB IDE
So do the math :) (have you a spare week to erase a disk?)
source:
http://nst.sourceforge.net/nst/docs/faq/ch12s02.html
HTH.
Some American data destruction standards:
- DoD 5220.22-M
- DoD 5220.28-M
- NAVSO P-5239-26 (RLL)
- NAVSO P-5239-26 (MFM)
- And German: VSITR
- And Russian: Russian Standard, GOST P50739-95
Algorithms propsed by security experts:
- Peter Gutmann's: wipes 35 times(!)
- Bruce Schneier's: wipe 7 times
They all propose to wipe serveral times (at least 3, up to 35), using different data combinations (zero's, (pseudo-)random, specific patterns ...). Which one to use depends on how secure you wan't to be, where you live (for standards) and how much time you want to spend related to how secure it must be.
For basic peace of mind with a reasonable use of time I would say at least three times using a combination of 0's and random. For being really secure the experts seem to agree on 7 times. But if you are in a specific industry or in a high secure environment then you should follow the industry's standards or use DoD or Bruce S or even Peter G.
You can find a good article about this topic here: http://www.smartcomputing.com/editorial/article.asp?article=articles/2004/s1503/10s03/10s03.asp
They also describe some tools or you can find some free ones here http://www.thefreecountry.com/security/securedelete.shtml
Or indeed you can follow the algorithms manually as you suggested.
Regards, J.