[H-GEN] dd or shred for secure deletes.

Jason Parker-Burlingham jasonp at panix.com
Wed Nov 30 11:11:42 EST 2005 

On Tue, Nov 29, 2005 at 02:49:40PM +1000, Clinton Roy wrote:
> >  So I was wondering if anyone knows the difference between the dd and shred
> > methods of deleting files and hard drives and what the best way is.
> 
> shred does the dd 25 times over :)

I assume you mean that it writes with different bit-patterns on each
pass.  There was a good paper about this presented, I think, at LISA or
something a few years ago, in which the author investigated how various
different kinds of drives work, and came up with a slightly different
set of bit-patterns for each.

The trick was knowing which kind of drive you had, which was difficult
then, and now the technology can be assumed to have moved on, making it
more or less impossible, just as you describe.

In any event, here's the paper, but I'll make explicit what I've only
implied above:  it doesn't really apply to modern drives, and after
nearly ten years, is of historical interest only.
http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/

Really, the first question to ask, is if the data is sensitive, what was
it doing sitting unencrypted on a drive in the first place?

My advice is that while I might use tools like wipe to *try* to obscure
personal data when my laptop has to pass into the hands of others, I
also realize that that merely increases the chance of raising the bar
somewhat.  If I ever find myself in the position of, say, having to get
rid of sensitive financial data or evidence of my own wrongdoing,
physical destruction is the only way to go.

Besides, it's fun!  You get to find out answers to questions like:
 * does iron oxide burn very well?
 * how does it feel to whack the drive with a hammer until it breaks
   open?
 * how many platters can you eat before a trip to the hospital?

(I once sketched out a system which boots with all filesystems read-only
and mounts ramdisks as necessary to provide the appearance of writable
filesystems; erasing something from RAM is much, much easier!)

Cheers,
-- 
Jason Parker-Burlingham
<jasonp at panix.com>
(Watch this space)

More information about the General mailing list