Monday, November 9, 2015

hard drive - What's the best algorithm to secure erase HDD?



There are a lot of secure erasing algorithms in erasing softwares. What's the best of these algorithms?


Answer



Disclaimer: Most of this advice applies to spinning metal (conventional HDDs) with unencrypted data.


How paranoid do you want to be? An unsophisticated attacker is unlikely to be able to overcome even a single pass of zeroes. A three-letter-agency might have the capability to recover some data even after overwrites with patterns or random data. Or not. Who knows, they don't talk about their capabilities that I know of.


Even if you made dozens of passes with a mix of various patterns and random data, you might have some data fragments sitting on reassigned bad sectors. You probably won't be able to wipe those without being able to talk to the drive firmware and help from the manufacturer / custom tools. If sensitive data has ever been on the drive unencrypted, the only way to guarantee it's gone is total drive destruction (mechanical shredding, etc). Outfits that deal with classified data usually have special warranty arrangements with drive manufacturers such that they only have to return the top cover of the drive.


IMHO, the best you can do nowadays for spinning metal is to overwrite with at least one pass of random bits. If full drive encryption has been used, that's probably more than good enough. If sensitive data was on the drive unencrypted and you're worried about a sophisticated attacker, you can consider total destruction.


As folks are pointing out (rob), there is an ATA secure erase command. It's probably fine against an unsophisticated attacker.


SSDs are a totally different type of critter, as Hennes has pointed out. If the software the manufacturer provides has some kind of erase capability, use it (or the ATA command, hopefully they provided a custom implementation suited to their device). Overwriting with patterns is going to eat into the life of the device, and who knows what the heck is actually happening at the physical level, the firmware is going to do what it wants (wear leveling, spare cells, write optimization, etc), so no guarantee you've cleared all the cells.


As for implementations, DBAN (see ioSamurai's post) is probably the easiest cross platform solution, depending on how the target device is attached. On Windows, I've used Eraser (heide.ie), but there are many options. Same for OS X. Linux is a bit more limited, but if nothing else you can get the job done with dd and /dev/urandom on the raw device (or, for increased paranoia, use the RNG of your choice, I've used ISAAC, OS X /dev/random uses Yarrow).


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...