SoylentNews is people
SoylentNews
I once read in a news article (can't find it now... sorry) that apparently if you overwrite data with other data on a hard drive that the previous data is unrecoverable. So, would overwriting the entire hard drive with cat videos be just as effective as all these other "professional" security protocols that are used?
janrinok: Data erasure is important when you want to prevent anyone from recovering whatever was written on the storage device in the first instance. But there are many potential problems including just how secure does the erasure have to be, what hardware is controlling the reading and writing to the disk, are you attempting to delete data on a spinning rust device, a more modern SSD , or a thumb drive, and who are you trying to prevent from reading the data? If you are just trying to prevent a regular Joe Soap from reading what you once securely stored on a hard drive then simple overwriting might be enough. However, if you are concerned that law enforcement or a government agency might be interested in the drive's contents then you will have to take more stringent precautions. Ultimately, many of the highest classifications of data can only be securely erased by full degaussing or the physical destruction of the device. The link details the various standards that are deemed as acceptable to securely erase data to meet specific documented requirements.
Presumably, if you are worried that someone might have access to your data then you have already taken the precautions of encrypting it. However, poor encryption is worse than no encryption at all - at least with the latter you know that your data is vulnerable. With a weak encryption you might incorrectly believe that your data is secure when, in truth, it is not. This might result in you taking risks that you wouldn't otherwise take with the physical protection of the drive itself. The military and government agencies often insist that drives are secured in an approved security container when not actually in use to prevent anyone actually getting to the data in the first instance. If at home you simply leave your drive in the computer or lying around in plain view then anyone entering your home can steal it. How much protection you need to give depends upon the value of the data to you and how much you need to ensure that no-one else can get to it.
Many proprietary encryption programs use an 'in-house' encryption scheme in the incorrect belief that it is more secure than the recognised encryption methods that have been rigorously tested and mathematically proven. Other systems might have back-doors or make the decryption algorithms available to LE or government agencies. I personally would strongly recommend against using these encryption systems because they might only be giving you a false sense of security. However, if your data is already encrypted with a recognised encryption system with a strong pass phrase and salt then you are well on your way to preventing anyone from ever getting access to the data even if they have the drive in their possession. Note that encryption that is 'unbreakable' today might not remain so with advances in computing and perhaps the discovery of encryption flaws. Essentially, if it is considered good enough for the military and government agencies then it is probably sufficient for your needs.
It is important to realise that, any time your data is inside your computer and viewable, then any encryption is already defeated. If you have valuable data that is protected by nothing more than a computer in hibernation then anyone who can awaken the computer has full access to the data.
So now we finally get to the question that the submitter asked. How secure is overwriting as a method of data deletion? If the data is already securely encrypted then perhaps no further action is required, or simply overwriting it with cat videos will probably be enough to prevent anyone but the most determined attacker from ever reading the data. It will certainly be enough to stop the vast majority of people from getting anything useful from the disk drive. If you believe that the data on the drive must never be recovered by anyone else then the physical destruction of the drive might be warranted. The actual requirement probably lies between those 2 extremes. Only you know the value of the data on the disk drive and how important it is that it is not disclosed.
I now invite everyone to contribute their own experiences, tips and advice regarding data erasure....
(Score: 3, Interesting) by TheRaven on Wednesday April 18 2018, @08:06AM
The problem is not so much using a STEM to read the data (I've seen that done in the lab, but it was so laborious and had such high error rates that I doubt that you'd be able to do it usefully at a commercial scale), it's the remapped sectors. Old hard disks would report failed sectors to the OS and rely on the OS avoiding writing data there. That still happens with disks sold for RAID use, where you want to avoid the same sector on all drives to avoid performance problems, but for most consumer drives the controller handles this for you. The disk contains more sectors than are reported to the OS and when one fails it will switch the mappings to use one of the reserved ones. With high-density disks, this can be quite a large proportion of the total size. When you erase, you will overwrite the sectors that are part of the current mapping, but you won't erase any of the re-mapped one. These will still contain whatever data was stored in them, though typically with some errors. If you either load custom firmware onto the controller board, or remove the controller board and drive the motor and head directly, you can read them and attempt to reconstruct something.
This problem is even worse for SSDs, where the controller performs wear levelling. If you overwrite with zeroes, a lot of controllers will turn this into the equivalent of a TRIM operation and not actually write anything - just mark the cells as unused and wait for a background task to erase them. Worse, a lot of controllers also do block-level deduplication. If you write the same block multiple times, then they'll just update the remapping tables - they're typically doing copy-on-write internally anyway, because it's faster (and safer) to read the contents of a flash cell and write the unmodified blocks to a new cell along with the new blocks than to do an in-place erase and rewrite, and just incrementing the refcount for a cell is a lot cheaper than writing the same data again. This has bitten a few people using ZFS's copies= property, where it keeps multiple copies of the same data on a single disk to protect against block failures: the disk reports that the block is written, but when one copy fails checksum then the other copies mysteriously fail checksums in exactly the same way. Again, if you have custom firmware for the SSD, or you attach the flash chips directly to something else, then you can access a lot of 'erased' blocks.
The difficulty with these approaches is that you typically can't get useful inter-block information, so you have to try to reassembly files one block at a time. If your threat model is anything less than a nation-state attacker then it's probably too expensive.
Generally the best way of securely erasing a disk is to encrypt it with block-level encryption, never write the keys to the disk (store them either on a separate USB drive or in the TPM or equivalent) and then either erase the TPM or physically destroy the USB drive. Even if someone can read all of the current blocks and an arbitrary set of erased blocks, they won't be able to reconstruct any of your data (unless your encryption is buggy / broken).
sudo mod me up