Last pass data wiping security

[sucrey]

Hello,

Which methods is more secure for data wiping matter?

Last pass fills the device with zeros

or

Last pass fills the device with a random stream (Likely OPS 2)

Thank you.

 

[Jared]

It doesn't matter. A single zero-fill pass(properly executed) is all that's ever needed to ensure a drive is permanently unrecoverable. Anyone who tells you otherwise doesn't understand the technology. Standards such as DoD and Gutmann were cooked up by people with little knowledge of the tech and adopted by people with even less understanding.

 

[sucrey]

Hello,

Thank you for your reply.

 

[krass]

It doesn't matter. A single zero-fill pass(properly executed) is all that's ever needed to ensure a drive is permanently unrecoverable. Anyone who tells you otherwise doesn't understand the technology. Standards such as DoD and Gutmann were cooked up by people with little knowledge of the tech and adopted by people with even less understanding.

Can you explain the reason why a single zero-fill pass is enough to ensure a hard drive is permanently unrecoverable, and why standards such as DoD and Gutmann are not necessary?

 

[ChristianMorris]

Both methods of data wiping (filling the device with zeros or a random stream) are considered secure for data wiping. However, filling a device with a random stream (also known as "random data overwrite") is generally considered to be a more secure method as it makes it more difficult for data recovery tools to recover the erased data. This is because filling a device with zeros can leave patterns in the data that can be used to recover it, while a random stream of data does not leave any patterns.

 

[Jared]

random stream (also known as "random data overwrite") is generally considered to be a more secure method

Only by people who don't know what they are talking about.

because filling a device with zeros can leave patterns in the data that can be used to recover it

No, it doesn't. That's just a story some paranoid people keep throwing around on the internet.

 

[Jared]

why standards such as DoD and Gutmann are not necessary?

DoD standards exist because data containing government secrets must be protected against hypothetical future threats of being breached (even if said hypothesis are defunkt).

Gutmann's standard exists because Peter Gutmann didn't understand HDD technology and based his theory on a massively oversimplified concept of how he assumed a hard drive worked. It turns out, he didn't know how a HDD worked, and his paper was immediately met with a fierce rebuttal by actual experts. Regardless, the damage was done, people had read his paper and software devs had already started writing software to waste gigawatts of electricity wiping HDDs for days on end unnecessarily.

Those who've attempted to use MFM to read such hypothetical "trace patterns" found that a simple coin toss had better odds of guessing the correct data compared to their MFM readings. Zero-fill is more than enough.