rMBP and 3-pass Secure Erasing 1TB HDD takes ~32hrs

[sevimli]

Hi,

I've just RMA'ed my 1TB external drive. It is full of our family information. Therefore I picked 3-pass Secure erasing before shipping it out.

DiskUtility on my rMBP is working on it since last night and it has 24 hrs to go.

Is this an OK estimated time? Seems too long to me. I cannot imagine how long it would be on 7-pass or 35-pass secure erase.

Thank you!

 

[thespazz]

Hi,

I've just RMA'ed my 1TB external drive. It is full of our family information. Therefore I picked 3-pass Secure erasing before shipping it out.

DiskUtility on my rMBP is working on it since last night and it has 24 hrs to go.

Is this an OK estimated time? Seems too long to me. I cannot imagine how long it would be on 7-pass or 35-pass secure erase.

Thank you!

Sounds right to me.

 

[0dev]

Three pass is a bit pointless.

First of all, if the information on the drive was encrypted, recovering it would be pretty much impossible anyway.

Second, there's no real reason why three passes is any more of a secure wipe than one pass. They're just as effective for all intents and purposes.

But yes, three passes on 1TB drive will take that long because the computer has to overwrite every single bit on that drive with a 0 three times.

 

[charlieegan3]

Yeah that is going always going to take a long time.

 

[Mr. Retrofire]

Three pass is a bit pointless. First of all, if the information on the drive was encrypted, recovering it would be pretty much impossible anyway.

No. Combine usually short passwords with tools (commercial & open source) which can recover such FV1 & FV2 passwords, and your data is no longer secure.

Second, there's no real reason why three passes is any more of a secure wipe than one pass. They're just as effective for all intents and purposes.

No.
Current cases (Mannings MBP) tell us that one pass of zeroes is not enough:
http://www.wired.com/threatlevel/2011/12/manning-assange-laptop/

Johnson testified that he found two attempts to delete data on Manning’s laptop. Sometime in January 2010, the computer’s OS was re-installed, deleting information prior to that time. Then, on or around Jan. 31, someone attempted to erase the drive by doing what’s called a “zerofill” — a process of overwriting data with zeroes. Whoever initiated the process chose an option for overwriting the data 35 times — a high-security option that results in thorough deletion — but that operation was canceled. Later, the operation was initiated again, but the person chose the option to overwrite the information only once — a much less secure and less thorough option.

All the data that Johnson was able to retrieve from un-allocated space came after that overwrite, he said.

 

[bogatyr]

No. Combine usually short passwords with tools (commercial & open source) which can recover such FV1 & FV2 passwords, and your data is no longer secure.

Well that goes for anything using a password. Use long passwords and if you use dictionary words, use a character split in them.

i.e.
the.quick.brown.fox.jumped.blah
t-he q-uick b-rown f-ox j-umped b-lah
etc.

p.s. using random, unrelated words is better than my examples.

 

[robvas]

Current cases (Mannings MBP) tell us that one pass of zeroes is not enough:
http://www.wired.com/threatlevel/2011/12/manning-assange-laptop/

If you take Wired as a serious publication...

One-pass is all you need.

 

[bogatyr]

Also how is the drive connected? That will also affect the speed if the bus is slower than the drive.

 

[0dev]

No. Combine usually short passwords with tools (commercial & open source) which can recover such FV1 & FV2 passwords, and your data is no longer secure.

Those tools only work if your computer is in sleep mode and they work by pulling the key from the RAM. Not the same thing.

Good encryption is indistinguishable from random data, so as long as the encryption keys were strong recovering the encrypted data should be impossible.

No.
Current cases (Mannings MBP) tell us that one pass of zeroes is not enough:
http://www.wired.com/threatlevel/2011/12/manning-assange-laptop/

Well, yeah, if the FBI try and crack your drive after one wipe they can do it, because they'll use physical recovery methods. But you can't exactly just run a recovery program and pull all the data easily, you'd literally have to pay experts thousands of dollars to disassemble the drive and physically recover that data.

 

[drambuie]

With 3 erase passes you're actually erasing 3TB. If it takes 36 hours it equates to about 23MB/sec. It may seem slow, but a secure erase is a much slower process than normal sequential writing to the drive.

One pass is sufficient. With modern hard drives, data erased by a single pass secure erase cannot be recovered. Even magnetic microscopy is not able to recover erased data. Of course, the ultimate secure erase is the destruction of the disk platters.

SSDs are a different matter. The erase procedures for hard drives are not effective on SSDs, even with multiple passes.

 

[bogatyr]

SSDs are a different matter. The erase procedures for hard drives are not effective on SSDs, even with multiple passes.

Best bet with an SSD is full disk encryption.

 

[sevimli]

Also how is the drive connected? That will also affect the speed if the bus is slower than the drive.

It is a USB3.0 drive but new MacBook line won't power it up, that is the reason I RMA'ed the drive. These specific drives are drawing more than the 5 watts that the spec allows. And, the new MacBook line appears to promptly shut the device down because of this.

Therefore I used an USB2.0 cable to connect it.

It works fine on my PC's USB3.0 though, but I don't have a free secure erasing software on it.

 

[Hammie]

It is a USB3.0 drive but new MacBook line won't power it up, that is the reason I RMA'ed the drive. These specific drives are drawing more than the 5 watts that the spec allows. And, the new MacBook line appears to promptly shut the device down because of this.

Therefore I used an USB2.0 cable to connect it.

It works fine on my PC's USB3.0 though, but I don't have a free secure erasing software on it.

I thought most, if not all, USB3.0 drives included a cable with the extra dongle to get the additional power from a second USB port.

 

[sevimli]

I thought most, if not all, USB3.0 drives included a cable with the extra dongle to get the additional power from a second USB port.

I've never seen with one (I own one seagete, one WD and 2 Toshiba USB3.0 portable hdds).

 

[Hammie]

I've never seen with one (I own one seagete, one WD and 2 Toshiba USB3.0 portable hdds).

A cable like this:

My Rocketfish enclosure came with one and I thought another one that I was considering also had one (I can't remember right now). However, as a note, the Rocketfish enclosures are not compatible with ML any longer since Apple removed a driver that it uses.

 

[sharkman]

Three pass is a bit pointless.
...
Second, there's no real reason why three passes is any more of a secure wipe than one pass. They're just as effective for all intents and purposes.

US DOD would disagree. Heck, I disagree mainly because every hard drive we salvage has to be wiped to DOD standards.

 

[sevimli]

US DOD would disagree. Heck, I disagree mainly because every hard drive we salvage has to be wiped to DOD standards.

How long does it take to do that?

 

[drambuie]

US DOD would disagree. Heck, I disagree mainly because every hard drive we salvage has to be wiped to DOD standards.

As of June 28, 2007 the DSS (Defence Security Service) Sanitization and Clearing Matrix, used by DOD, specifies that hard disks containing non classified material can be cleared by overwriting all addressable locations with a single character. Disks containing classified material must be sanitized by degaussing, or physical destruction which is the preferred method for highly classified material. The problem with overwriting is that it cannot be guaranteed that all sectors have been erased, due to inaccessability caused by the routine locking out of failing sectors by the disk controller during the life of the disk.

What is interesting is that RAM also has to be overwritten, or destroyed. Each RAM bit will hold a trace of the logic level it held before power removal. This applies to both static and dynamic RAM.

 

[Seven-Guitars]

Is this an OK estimated time? Seems too long to me. I cannot imagine how long it would be on 7-pass or 35-pass secure erase.
[/QUOTE]

I just did a 3 pass erase on a 500 GB USB 2 drive. It took about 14-1/2 hours.

 

[snaky69]

I remember reading an article that basically said anything more than single pass is pointless as even the most advances data recovery software couldn't find much, if anything left there.

Regardless, honestly, you're wasting your time. No offense, but you're likely neither important nor interesting enough for anyone to bother snooping through and RMA'd hard drive that'll likely simply get tossed in the bin.