PaulNM on 24 Oct 2017 16:09:52 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Securely destroy and responsibly recycling hardware

On 10/22/2017 12:50 PM, Paul Walker wrote:
Here's a gif of Elliot wiping all his gear - looks like he puts sd / ssd / memory in the microwave (I'm obviously not going to do that) and hits the hard disk platters with a cordless drill.

So, I have a couple questions:

1. Will microwaving memory or solid state storage actually render ALL data entirely irretrievable? 2. Same question for the spinny drives - will passing a drill bit through a hard drive actually render ALL data entirely irretrievable? 3. What is the non-Hollywood way to do this (render ALL data an physical media irretrievable)?

The key part of these scenarios is time. These methods are effective when you're in a rush (5 minutes or less) and do a good job of either tremendously slowing down whoever is after you.

Microwaves will definitely fry the electronic, and I suspect actually damage the data store. Not sure if it'll be readable after moving it to a new control board, but there'll still need to be a lot of reconstructive work done to figure out how the data fits together even if it is readable. This would be days, more likely weeks of work.

A drill will likely shatter platters, but data recovery companies deal with those all the time. Again, that would take time though.

The truth is, for any modern (~20 year old) drive a single overwrite with 0s (or some other pattern) is plenty. The data is gone, no electron microscope is going to find it again. The so called "Gutmann method" is a misreading of his actual paper, which itself is a now 21 year old paper describing issues with drive technologies that are now 26 years old and more.

Now if you have actual serious concerns on the level of national security secrets, there are 2 caveats. It's possible that some sectors on your sinning drive got remapped because they're no longer writable, but are still readable. Another entity could get a hold of the drive, override the firmware, and read that. Doesn't mean there'll be any usable info, though.

The second is ssd drives that have a very large amount of extra capacity devoted to wear leveling. You might need to do a random pattern instead of zeros, and write out the equivalent of 1.5x or 2x the drive's supposed capacity to make sure you get it all.

Destroying perfectly good hardware instead of donating it is a massive waste due to paranoia. This is something that groups like NTR have been struggling with for a long time. Sure, there are occasionally articles and news stories of people buying used stuff and "recovering" personal info. In all of those cases, the data had never been overwritten. In some cases it had been deleted, but I've trash picked lots of stuff where even that hadn't been done.

4. Once this is done, how do people recycle old electronics in the philly region?

If the stuff is too old/damaged to donate to organizations, take it to a recycling center. As long as you're a Philly resident you can use any of them. A big time for this is January. You'll see huge piles of old flatscreens, crts, tvs, computers, and so on after Christmas.

- PaulNM

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --