| 1 |
On Sun, Jul 12, 2015 at 12:32 PM, Volker Armin Hemmann |
| 2 |
<volkerarmin@××××××××××.com> wrote: |
| 3 |
> |
| 4 |
> actually 1 time is enough. With zeros. Or ones. Does not matter at all. |
| 5 |
> |
| 6 |
|
| 7 |
That depends on your threat model. |
| 8 |
|
| 9 |
If you're concerned about somebody reading the contents of the drive |
| 10 |
using the standard ATA commands, then once with zeros is just fine. |
| 11 |
Secure erase is probably easier/faster. |
| 12 |
|
| 13 |
If you're concerned about somebody removing the disks from the drive |
| 14 |
and reading them with specialized equipment then you really want |
| 15 |
multiple rounds of complete overwrites with random data. Even then |
| 16 |
you run the risk of relocation blocks and all that stuff, so the |
| 17 |
secure erase at the end is still a wise move but it may or may not |
| 18 |
completely do the job. |
| 19 |
|
| 20 |
If you're concerned about somebody leaving the disks in the drive but |
| 21 |
having access to directly manipulate the drive heads to possibly |
| 22 |
access data not accessible using the standard ATA commands then one |
| 23 |
pass is probably good enough, but I'd still use random data instead of |
| 24 |
zeros. The reason is that a clever firmware (especially on an SSD) |
| 25 |
might not actually record zeros to the regular disk space, but instead |
| 26 |
just mark the block range as containing zeros, leaving the actual data |
| 27 |
intact. For random data the drive has to actually store the contents |
| 28 |
as it cannot be represented in any more concise way. |
| 29 |
|
| 30 |
If I'm not in a rush I prefer to just do the multiple passes. Why |
| 31 |
take a chance? |
| 32 |
|
| 33 |
And of course full-disk encryption is the solution to all of the |
| 34 |
above, as it defeats any kind of attack at the level of the drive and |
| 35 |
is proactive in nature. |
| 36 |
|
| 37 |
-- |
| 38 |
Rich |
Archives