Securely delete files...

[David Shaw]

On Aug 21, 2008, at 12:10 AM, Robert J. Hansen wrote:

> I can only speak for myself here, but I strongly suspect Werner,  
> David,
> Mark and everyone else who's been chiming in will agree -- we are not
> talking about total destruction of hard drives as something you should
> want to do.
>
> We're talking about total destruction of hard drives as the _only
> realistic way to scrub data._

I more or less agree with this, except I'd add the qualifier that it's  
the only realistic way to completely scrub data with a perfect (or  
close enough to perfect such that any difference is irrelevant)  
guarantee of success.  Basically I'm adding a "perfect" and a  
"guarantee".  There are other ways to scrub data, and whether they are  
effective in practice depends on who the adversary is.   An adversary  
who can merely download and run an undelete program is very different  
from an adversary with an entire computer forensics laboratory (and  
budget to match), and there are more people with undelete programs out  
there then there are forensics labs.

I can't speak for the dozen or more shred programs that can be  
downloaded from the net.  (I'm sure many of them are garbage - the  
trick is knowing which ones).  For many adversaries, a good shred  
program is effective.  Just because it isn't effective against all  
adversaries, doesn't mean that it isn't effective against some.

All that said, I don't really use disk or file shredding software.   
When I buy a drive, I use it until it dies and then I destroy it.   
Disks are cheap and last for years.  Plus, shredding a multi-hundred- 
gigabyte disk can take days and hitting a drive with a hammer takes  
minutes.  Plus again, given that I use the drive until it dies, it may  
not even be possible to shred.

David