Compared to Gutmann-35

BleachBit's secure erase method is a single pass with zeros, so why doesn't BleachBit use the Gutmann-35 method? The Guttman secure deletion method gives some people a false sense of security. A long time ago (in the technology timeline) the 35-pass Gutmann method was designed for MFM/RLL hard disk drives. My last computer to include a MFM hard drive was purchased in 1989. Time has passed and technology has changed. Today's PATA/IDE and SATA hard drives are much more dense, and NIST, the NSA, and other experts now agree that a single pass to overwrite data is sufficient.
However, there are two exceptions. First, erasure of individual files (by any erasure method) is not effective in some situations such as using ext3 with the non-default option data=journal. Also, modern hard drives sometimes move data transparently to the operating system. In such cases, it is necessary to either securely wipe the entire disk (in the case of the former) or physically destroy it (in case of the latter).
That said, BleachBit's method is much quicker than Guttman-35 and generally equally effective for everyday use.

How to securely delete data

Contents

-- How to securely delete data: history, misconceptions, controversy
My take on this -- A prescription for your data wiping
(This is the current version of the topic)

-- Archive (a previous version)
When you delete a file, you do not delete the file
How to Wipe Data: Logic behind a zero-fill
Note the section titled
See for yourself. A Deleted File is Not Deleted
(An experiment: dd if=/dev/sdc1 bs=16065b | hexdump -C | grep 'Zmy Zfacts')

How to securely delete data, history, misconceptions, controversy.

How many "overwrites" are needed to safely wipe your data?
Can you recover overwritten data?
How should you overwrite your data?
How about the government DoD 7-pass standard?
and, finally,
-> My take on this -- A prescription for your data wiping

Answers:
One.
No.
Any way you wish.
Where did THAT come from?
My take on this? See below.

Here's the scoop, my logic, and I'm going to be brief because we have better things to do in this how-to.
The references are the key.

In 1996, Peter Gutmann Department of Computer Science, University of Auckland, wrote his now (in)famous, Secure Deletion of Data from Magnetic and Solid-State Memory. THAT is the document that is widely misquoted and misused to promote/preach all sorts of extreme overwriting strategies and rules ("voodoo incantations") for how to overwrite data to prevent recovery. You'll see them all over the Internet, secure data deletion programs that perform up to 35 passes over the data, each time overwriting the data using zeros, ones, other numbers, random numbers, and pseudo random numbers.

Even Gutman takes issue with the mis-use, misinterpretation, of his paper. Sometime between 1996 and 2002, he wrote his Epilogue:

"In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical
analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, 'A good scrubbing with random data will do about as well as can be expected'. This was true in 1996, and is still true now." [Emphasis added]

In July 2003, Daniel Feenberg, National Bureau of Economic Research, Cambridge MA, published a cogent rebuttal to the Gutman paper, "Can Intelligence Agencies Read Overwritten Data? A response to Gutmann." After working through several logical points, as well as points of evidence, Feenburg concludes, "... that Gutmann's claim belongs in the category of urban legend. Or it may be in the category of marketing hype ..." and " ... Of course it has been several years since Gutmann published. Perhaps microscopes have gotten better? Yes, but data densities have gotten higher too. An hour on the web this month looking at STM sites failed to come up with a single laboratory claiming it had an ability to read overwritten data ... Recently I was sent a fascinating piece by Wright, Kleiman and Sundhar (2008) who show actual data on the accuracy of recovered image data. While the images include some information about underlying bits, the error rate is so high that it is difficult to imagine any use for the result. While the occasional word might be recovered out of thousands, the vast majority of apparently recovered words would be spurious ... Charles Sobey has posted an informative paper "Recovering Unrecoverable Data" with some quantitative information on this point. He suggests that it would take more than a year to scan a single platter with recent MFM technology, and tens of terabytes of image data would have to be processed."

Charles H. Sobey, in his white paper, "Recovering Unrecoverable Data - The Need for Drive-Independent Data Recovery," (see Section 4.2.2 Magnetic Force Microscopes (MFM)), after rather technical analysis, concludes, " ... Although such exotic methods of data recovery are theoretically possible ... I have found no evidence of commercially viable recoveries being performed. Furthermore, I have seen no public demonstrations of any of these methods that show the recovery of files or even user data--only images or raw encoded data." And like other sources, Sobey points out that the error rates inherent in the technology of trying to read any data off disks are very high.

Starman--Daniel B. Sedory--having researched the topic to its outer limits, concludes that for most of us and almost all home or personal privacy needs, "... we believe simply 'zeroing-out' a drive AND checking that it has actually been done is more than adequate." And, further, "...NOW IN THE YEAR 2008, after 15 years of people warning others and passing along their fears of possible scenarios involving elecron (sic) microscopes, WE STILL have NEVER heard of a single case from any lab actually using a microscope to discover any useful bit patterns [emphasis added]!" And, "Personally, I'm not at all concerned about anything I 'zero-out' on a hard disk ever being seen by someone else again. If you think that any local law enforcement or government agency is going to attempt to find data on a drive with ALL zeros by taking a very long time and spending more money than they can really afford with no assurance whatsoever of finding anything(!), then you're living in a dream world that's already beyond all the fictional elements in TV shows like CSI and other such scientific forensic evidence dramas. It's much easier ... to obtain data about you using many other means!"

Finally, you will see MANY Internet references to the US government 7-pass DoD wipe standard (as per DoD 5220.22-M). After another extensive research effort, Starman is unable to fully trace where this came from. Although it can mean many things, most references to the government 7-step wipe consider it to be " ... three cycles of alternating patterns of 0x00 and 0xFF, followed by an 0xF6 byte pattern for a total of seven passes. But as the DSS and other security organizations have pointed out, they rarely include a verification pass!" (See Starman, "DoD 5220.22-M and its relation to the so-called DoD Wipe Standard")

-> My take on this -- A prescription for your data wiping

For most of us, it suffices to do a simple one-pass zero-fill (zero-out) of your files/partition/drive to ensure that no one will be able to retrieve your data. That includes users who keep on their PCs personal correspondence/emails, documents, normal business, finance, and medical records, family/personal photos, and personal items downloaded from the Internet (including legal adult materials).

Other things you can do: Now, if you wish to do a pass with random or pseudo random numbers instead of zeros, that's fine, too; or do multiple passes. Another thing some folks believe in is doing a zero-fill followed by a fill with truly random numbers; the random numbers making it less obvious that a file was wiped, and maybe making it technically more difficult to detect meaningful information from the wiped bits. Or, do a zero-fill of a file, then before deleting the file change it's name to some random characters or a nonsense name, again making the job of data recovery folks more difficult. Some sources do a wipe using random numbers, then a final wipe with zeros (the opposite of what has been said above).

If your data is extremely sensitive for whatever reasons, my sense is that you will be able to decide what to do based on what is said here and the links (which I'm sure you will read in great detail). Having said that, (1) the evidence suggests that one zero-fill will likely do the trick; (2) some folks would probably feel better doing two or three passes, perhaps with zeros and random numbers; and (3) most folks in the category will want to secure their data and PC physically, and when done with a drive will want to physically destroy it (using standard means of physical shredding, burning, hammering it into small pieces, using a blow torch on it, etc.).

References

Peter Gutmann, Secure Deletion of Data from Magnetic and Solid-State Memory
http://www.cs.auckland.ac.nz/~pgut00...ecure_del.html

Peter Gutmann, Epilogue
http://mirror.href.com/thestarman/as...nnEpilogue.txt
(Credit goes to thestarman.)

RE: Peter Gutmann data deletion theaory (sic) ?
http://seclists.org/bugtraq/2005/Jul/464

Daniel Feenberg, "Can Intelligence Agencies Read Overwritten Data? A response to Gutmann."
http://www.nber.org/sys-admin/overwr...a-gutmann.html

Charles H. Sobey, "Recovering Unrecoverable Data - The Need for Drive-Independent Data Recovery,"
527KB PDF. Published April 14, 2004.
http://www.actionfront.com/ts_whitepaper.aspx

Daniel B. Sedory (starman), "How To Permanently Erase Data from a Hard Disk"
Copyright©2003-2008 by Daniel B. Sedory (starman)
http://mirror.href.com/thestarman/asm/mbr/WIPE.html

Daniel B. Sedory (starman), "An overwriting standard: there was some truth to it in the past"
http://en.wikipedia.org/wiki/Talk:Na...ting_standard:
_there_was_some_truth_to_it_in_the_past

Daniel B. Sedory (starman), "DoD 5220.22-M and its relation to the so-called DoD Wipe Standard"
http://mirror.href.com/thestarman/asm/5220/index.html
Compiled by Daniel B. Sedory
All Original Research is Copyright©2008 by Daniel B. Sedory
(re Where did the so-called 7-pass DoD 5220.22-M Wipe Standard originate?)

jglen490: I do understand the probabilistic nature of writing to a moving magnetic platter with a mechanical write arm.