[lug] drive free space "wiper" recommendation

Nate Duehr nate at natetech.com
Tue Oct 12 16:55:37 MDT 2010 

  On 10/12/2010 11:49 AM, Glenn Murray wrote:
> This seems overly cautious to me.
>
> 1.  I don't know how much "Academic" papers really affect the people
> writing drive erasure software.

Someone asked how any of us know that a particular wipe 
algorythm/process is sound.  The only people who appear to care enough 
and have enough money to test the algorythms are government entities, 
via the vector of paying Academics (mathematicians) to make educated 
(very very educated) guesses.  Then we all use those "certification 
tests" as our trust vector.

Not sure that plan is logical, if you think about who might want your 
data.  But I don't see any privately funded mathematicians doing work in 
this field pro bono for the general public, who aren't on a government 
payroll somehow.  (Similar to not seeing too many DSP engineers outside 
of large companies, or CODEC engineers, or open-source high-compression 
algorithms.)

> 2.  It's not clear to me what a "large number" means here.

I was purposefully vague, since I've only hunted down a few. :-)

> 3.  I have a hard time believing that the "Government" really cares
> about what's on my hard drive.

Not today.  Maybe tomorrow.

> 4.  Needlessly destroying hardware doesn't sit well with my green sensibilities.

I have a small pile of 20G IDE drives. Useless.  Most recycling places 
won't take them for fear they'll be named in a data-loss lawsuit.  
They'll take the rest of the PC, but you must remove the drives and deal 
with them yourself.

(My current method... DBAN and then something a friend recommended... a 
drill press.  Punch a few holes through the platter and the whole drive 
case... takes about 60 seconds for that part... DBAN just runs 
overnight.  Firearms are also fun, if you have access to a range or open 
space that allows shooting at hard drives... heh heh.  The drives aren't 
exactly shredded, but they're messed up enough either way plus the DBAN 
that I certainly don't worry about anything of interest being recovered 
from them.  Bonus: Target practice.  A hard drive at 80 yards is 
difficult to hit with a handgun.)

At some point all drive tech's usefulness is degraded to the point 
they're not worth keeping online... this is where most folks are "at" 
when they first become interested in drive wiping technology.  ;-)

> If there is data on my hard drive worth tens of thousands of dollars I
> wish someone would point it out to me.

Heh heh... while I understand your joke, but as others have pointed 
out... how much money passes through your accounts in a month?  Do you 
have a retirement account that's part of your net cash flow?  Etc.  Not 
saying everyone does, just saying that most people underestimate their 
digital "worth" unless they're "into" tracking their Net Worth, doing 
consistent budgeting and planning, etc.

Maybe more importantly, how much is your annoyance level worth?  If you 
had to start over tomorrow with getting a new SSN, and fighting off 
"creditors" who think you took out loans under your old SSN, close all 
your accounts, re-open them, etc...

THAT's the real problem with identity theft.

And... in many people's cases, the information that's sensitive may not 
even be their own.  I've sat on the Board of Directors for two or three 
volunteer organizations over the years.

While I doubt their paper money worth is high enough to be targeted by 
anyone, I'd hate to drop off a hard drive somewhere with their data on 
it, without doing the due-dilligence as a Corporate Officer to wipe that 
data clean!  Talk about a liability lawsuit...!

Nate

More information about the LUG mailing list