[wellylug] Darik's Boot and Nuke ("DBAN") HDD eraser

Atom Smasher atom at smasher.org
Wed Jun 2 20:19:40 NZST 2010 

On Wed, 2 Jun 2010, James Sullivan wrote:

> My understanding is that if you wipe with just ones or zeros it's 
> actually fairly easy to recover what was there as you can easily filter 
> out the zero or one wipe. But wiping with random noise means there's no 
> way to easily filter it out.
=============

if you fill a modern drive with zeros there is NO WAY to recover any data 
previously stored on the drive... unless the drive is taken apart and 
subject to VERY expensive, time consuming and unreliable data recovery 
techniques. so unless you've pissed off the CIA, zeros are fine. this 
assumes that you're using a drive that was made within the last 10-20 
years... older drives, yeah, you'd want to go through several random 
passes, although even with older drives a single pass of zeros is still 
sufficient to defeat any software based attack; one would still need fancy 
hardware beyond just a computer and recovery software to get any data from 
the drive.

the thing is that modern drives use encoding techniques that (for the 
purpose of data recovery) effectively turn a stream of zeros into a random 
stream before recording it onto the platter. that's why so much of the 
"classical" advice about wiping a drive is insanely overkill for modern 
drives.

http://en.wikipedia.org/wiki/Gutmann_method


-- 
         ...atom

  ________________________
  http://atom.smasher.org/
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"I have presented factual data, statistical data, and
 	 projected data. Form your own conclusions. Perhaps the
 	 NSA has found a polynomial-time (read: fast) factoring
 	 algorithm. But we cannot dismiss an otherwise secure
 	 cryptosystem due to paranoia. Of course, on the same
 	 token, we cannot trust cryptosystems on hearsay or
 	 assumptions of security. Bottom line is this: in the
 	 field of computer security, it pays to be cautious. But
 	 it doesn't pay to be un-informed or needlessly paranoid.
 	 Know the facts."
 		-- infiNity, The PGP Attack FAQ

More information about the wellylug mailing list