APRIL 8 2019,
by LSoft team
Many of our novice or semi-advanced users of our software have asked us about the famous or infamous Gutmann method and whether is it truly required for disks to be overwritten 35x for data to be securely sanitized once and for all? If you have read our blog on how to delete data you already know that US DoD 5220.22-M or any other method that has 3 passes is good enough for data sanitation. However, since our KillDisk does support Gutmann we find that some explanation is necessary, otherwise “why put something there if you are not using it?”.
Guttman method was first introduced in 1996 by Peter Gutmann from Auckland University New Zealand in his paper “Secure Deletion of Data from Magnetic and Solid-State Memory”.
In those days, different types of magnetic media were used for storage than those that we use today, so Professor Gutmann was concerned that Magnetic Force Microscopy (MFM) a higher resolution technique for imaging magnetic patterns can be successfully used in recovering data after the data sanitation methods from those days have been implemented (as he explains in his blog he demonstrated that it was possible).
So, to combat this apparent threat Professor Gutmann proposed a method that will require 35 passes. The Cold War might have been over in those days but armament race in creating a full proof sanitation method had just begun. Every government, starting with the US to UK, Canada, Russia, Germany and even Australia wanted its own standard as well as the vast majority of their own security agencies. So today we have around 24 different sanitation methods that will please just about anyone under the Sun and even if you are not satisfied with that our KillDisk offers users to create their own custom method that can outdo even Gutmann.
But what about the Gutmann method and is it still relevant today? After new technology of storing data came to be the Gutmann method was obsolete but was kept alive as the “ultimate tool for data sanitation”, so professor Gutmann and his method became targets of both of ridicule and admiration. Therefore, Gutmann felt obliged to address both in a blog post from 2001:
“In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now.
Looking at this from the other point of view, with the ever-increasing data density on disk platters and a corresponding reduction in feature size and use of exotic techniques to record data on the medium, it's unlikely that anything can be recovered from any recent drive except perhaps a single level via basic error-cancelling techniques. In particular the drives in use at the time that this paper was originally written are long since extinct, so the methods that applied specifically to the older, lower-density technology don't apply any more. Conversely, with modern high-density drives, even if you've got 10KB of sensitive data on a drive and can't erase it with 100% certainty, the chances of an adversary being able to find the erased traces of that 10KB in 200GB of other erased traces are close to zero.
Another point that a number of readers seem to have missed is that this paper doesn't present a data-recovery solution but a data-deletion solution. In other words it points out in its problem statement that there is a potential risk, and then the body of the paper explores the means of mitigating that risk.”
To conclude, Gutmann method might’ve had use in its time but that no longer is the case. New drives use new encoding technologies that make any data sanitation method above3x passes useless. To preserve the health of your drives we advise that you use either US DoD 5220.22-M or any other method with 3x passes. You will love and your drives too!