Wednesday, March 02, 2005

Incinerate your old hard drives

Cory at BoingBoing points to unsurprising research finding that lots of sensitive personal information can be recovered from used hard drives. Unfortunately, he includes a link to a software utility which purports to do secure file deletion, probably giving readers the impression that using such a tool will protect you adequately from people who want to harvest your data. Actually, that's not true.

Peter Gutmann wrote the definitive analysis on this some years ago, and if you read the whole paper then you learn that, basically, it's impossible for any software to erase data beyond all hope of recovery. If you don't want to read the paper, consider that you can pay high-end data recovery services (for example...) big bucks to recover data from hard drives that have been damaged by flood, fire, and vandalism, to say nothing of mere overwriting of the blocks. The magnetic record on a disk block is surprisingly robust, and remains detectable by sufficiently sensitive tools even after significant damage or overwriting. The best you can hope to do is to force the attacker to pay these exotic services rather than just running some off-the-shelf software. This will deter casual attackers, but not determined ones. If you really care about secure deletion, then toss your old hard drive into an incinerator and make sure it burns down to a pile of ash.

UPDATE: In comments at Bruce Schneier's blog, theorbtwo suggests using a belt sander, which I suppose will also work well. The important thing is to reduce the magnetic platters to dust.

No comments:

Post a Comment