Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday April 17 2018, @04:26PM   Printer-friendly
from the nuke-'em-from-orbit dept.

I once read in a news article (can't find it now... sorry) that apparently if you overwrite data with other data on a hard drive that the previous data is unrecoverable. So, would overwriting the entire hard drive with cat videos be just as effective as all these other "professional" security protocols that are used?

janrinok: Data erasure is important when you want to prevent anyone from recovering whatever was written on the storage device in the first instance. But there are many potential problems including just how secure does the erasure have to be, what hardware is controlling the reading and writing to the disk, are you attempting to delete data on a spinning rust device, a more modern SSD , or a thumb drive, and who are you trying to prevent from reading the data? If you are just trying to prevent a regular Joe Soap from reading what you once securely stored on a hard drive then simple overwriting might be enough. However, if you are concerned that law enforcement or a government agency might be interested in the drive's contents then you will have to take more stringent precautions. Ultimately, many of the highest classifications of data can only be securely erased by full degaussing or the physical destruction of the device. The link details the various standards that are deemed as acceptable to securely erase data to meet specific documented requirements.

Presumably, if you are worried that someone might have access to your data then you have already taken the precautions of encrypting it. However, poor encryption is worse than no encryption at all - at least with the latter you know that your data is vulnerable. With a weak encryption you might incorrectly believe that your data is secure when, in truth, it is not. This might result in you taking risks that you wouldn't otherwise take with the physical protection of the drive itself. The military and government agencies often insist that drives are secured in an approved security container when not actually in use to prevent anyone actually getting to the data in the first instance. If at home you simply leave your drive in the computer or lying around in plain view then anyone entering your home can steal it. How much protection you need to give depends upon the value of the data to you and how much you need to ensure that no-one else can get to it.

Many proprietary encryption programs use an 'in-house' encryption scheme in the incorrect belief that it is more secure than the recognised encryption methods that have been rigorously tested and mathematically proven. Other systems might have back-doors or make the decryption algorithms available to LE or government agencies. I personally would strongly recommend against using these encryption systems because they might only be giving you a false sense of security. However, if your data is already encrypted with a recognised encryption system with a strong pass phrase and salt then you are well on your way to preventing anyone from ever getting access to the data even if they have the drive in their possession. Note that encryption that is 'unbreakable' today might not remain so with advances in computing and perhaps the discovery of encryption flaws. Essentially, if it is considered good enough for the military and government agencies then it is probably sufficient for your needs.

It is important to realise that, any time your data is inside your computer and viewable, then any encryption is already defeated. If you have valuable data that is protected by nothing more than a computer in hibernation then anyone who can awaken the computer has full access to the data.

So now we finally get to the question that the submitter asked. How secure is overwriting as a method of data deletion? If the data is already securely encrypted then perhaps no further action is required, or simply overwriting it with cat videos will probably be enough to prevent anyone but the most determined attacker from ever reading the data. It will certainly be enough to stop the vast majority of people from getting anything useful from the disk drive. If you believe that the data on the drive must never be recovered by anyone else then the physical destruction of the drive might be warranted. The actual requirement probably lies between those 2 extremes. Only you know the value of the data on the disk drive and how important it is that it is not disclosed.

I now invite everyone to contribute their own experiences, tips and advice regarding data erasure....


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by Thexalon on Tuesday April 17 2018, @05:08PM (10 children)

    by Thexalon (636) on Tuesday April 17 2018, @05:08PM (#668184)

    When you really really need to destroy a hard drive, remember that hard drives make good targets for firearms training purposes.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 3, Informative) by draconx on Tuesday April 17 2018, @05:29PM (3 children)

    by draconx (4649) on Tuesday April 17 2018, @05:29PM (#668192)

    When you really really need to destroy a hard drive, remember that hard drives make good targets for firearms training purposes.

    Also with magnetic media, you can disassemble the drive and you will find one or more powerful permanent magnets, which can be useful in their own right.

    Then shoot it up :)

    • (Score: 2) by Freeman on Tuesday April 17 2018, @05:35PM

      by Freeman (732) on Tuesday April 17 2018, @05:35PM (#668194) Journal

      Nothing like a bit of recycling. Especially when it's a cool magnet.

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
    • (Score: 2) by The Mighty Buzzard on Tuesday April 17 2018, @06:29PM (1 child)

      Or just give the platters to a pre-teen relative who will think they're nifty and ensure the unrecoverability of your data within a few minutes.

      --
      My rights don't end where your fear begins.
      • (Score: 5, Interesting) by draconx on Tuesday April 17 2018, @06:38PM

        by draconx (4649) on Tuesday April 17 2018, @06:38PM (#668230)

        Or just give the platters to a pre-teen relative who will think they're nifty and ensure the unrecoverability of your data within a few minutes.

        They are very nifty.

        The drive platters are incredibly smooth and manufactured to such tight tolerances that (at least until you grime them up with fingerprints...) you can actually form a rather strong vacuum between them just by touching the platters together. They will stick tightly just from air pressure and it is very hard to get them apart again!

  • (Score: 2) by insanumingenium on Tuesday April 17 2018, @06:11PM (2 children)

    by insanumingenium (4824) on Tuesday April 17 2018, @06:11PM (#668215) Journal

    Belt and braces is the way to go, zero out the drive 57 times, drill a hole through the platters and then spin them up until horrible noises are heard, pour acid in the hole and give that time to stew, place the drive in an electromagnetic can crusher, go for target practice and don't neglect the tannerite, thermite the remains, finally shred the whole mess. Most importantly, ensure this whole process is billable by the hour.

    • (Score: 2) by Thexalon on Tuesday April 17 2018, @06:25PM (1 child)

      by Thexalon (636) on Tuesday April 17 2018, @06:25PM (#668224)

      The "shooting it" solution was something I picked up from one of the sysadmins I worked with, who was also really into target shooting. So he used this as an excuse to mix work and play.

      --
      The only thing that stops a bad guy with a compiler is a good guy with a compiler.
  • (Score: 5, Funny) by turgid on Tuesday April 17 2018, @06:35PM (2 children)

    by turgid (4318) Subscriber Badge on Tuesday April 17 2018, @06:35PM (#668227) Journal

    Nah, the NSA has quantum computers which they can use to work backwards from the sound waves and air currents produced when shooting a hard drive to recreate the patterns of zeros and ones on the platters to 98% accuracy. I have friend who told me. He held the ladder for Neil Armstrong too.

    • (Score: 4, Funny) by Thexalon on Tuesday April 17 2018, @07:12PM (1 child)

      by Thexalon (636) on Tuesday April 17 2018, @07:12PM (#668253)

      I have friend who told me. He held the ladder for Neil Armstrong too.

      You're friends with Buzz Aldrin? That's amazingly cool!

      --
      The only thing that stops a bad guy with a compiler is a good guy with a compiler.