Gutmann method
The Gutmann method , named after its inventor Peter Gutmann , who first published it in 1996, is a method for the complete deletion of data stored on magnetic storage media , e.g. B. hard drives are stored.
The data is overwritten up to 35 times with certain values according to a special pattern. This method is very time-consuming, but applies to hard disks that do not yet use PRML or EPRML as the most secure method of software- controlled, residue-free data erasure. As a rule, these are hard disks manufactured no later than 2001 or up to a maximum of 15 GB capacity. If the exact coding method of the hard disk is known, it is possible to restrict yourself to part of the Gutmann method. Newer hard drives are also reliably overwritten by the eight runs with random data included in the process, the other 27 runs are unnecessary.
With today's data densities of magnetic media, a random pass or even a pass with zeros is sufficient.
background
The background to the multiple overwriting is that the data supplied to the hard disk are recoded and written to the magnetic medium for reliable storage. In order to have a multiple, i.e. H. To achieve at least two or better three times the magnetization reversal, which is necessary to prevent inferences about the original value by means of technically complex measurements, a higher number of data samples must be sent to the hard disk for each possible coding method.
When a file is deleted normally, only the memory is marked as free. The data itself is still there. No program can read the data until this free memory space is overwritten. In theory, however, it is possible to determine these data by laboriously measuring the residual magnetism . In practice, however, no data could be read out after being overwritten once.
In a 2003 publication by Daniel Feenberg, Gutmann's document is criticized. Following up on the references cited in the document, Feenberg found that none of the data recovery claims were ever practically successful. Some of the people quoted have worked on very different problems than those described by Gutmann.
Procedure
The Gutmann Method uses the following passages, 27 of which are aimed at certain line codes that are now out of date :
Passage | Data pattern | Destination line code | |||
---|---|---|---|---|---|
binary | hexadecimal | (1,7) RLL | (2.7) RLL | MFM | |
1 | (Coincidence) | (Coincidence) | |||
2 | (Coincidence) | (Coincidence) | |||
3 | (Coincidence) | (Coincidence) | |||
4th | (Coincidence) | (Coincidence) | |||
5 | 01010101 01010101 01010101 | 55 55 55 | 100 ... | 000 1000 ... | |
6th | 10101010 10101010 10101010 | AA AA AA | 00 100 ... | 0 1000 ... | |
7th | 10010010 01001001 00100100 | 92 49 24 | 00 100000 ... | 0 100 ... | |
8th | 01001001 00100100 10010010 | 49 24 92 | 0000 100000 ... | 100 100 ... | |
9 | 00100100 10010010 01001001 | 24 92 49 | 100,000 ... | 00 100 ... | |
10 | 00000000 00000000 00000000 | 00 00 00 | 101000 ... | 1000 ... | |
11 | 00010001 00010001 00010001 | 11 11 11 | 0 100000 ... | ||
12 | 00100010 00100010 00100010 | 22 22 22 | 00000 100000 ... | ||
13 | 00110011 00110011 00110011 | 33 33 33 | 10 ... | 1000000 ... | |
14th | 01000100 01000100 01000100 | 44 44 44 | 000 100000 ... | ||
15th | 01010101 01010101 01010101 | 55 55 55 | 100 ... | 000 1000 ... | |
16 | 01100110 01100110 01100110 | 66 66 66 | 0000 100000 ... | 000000 10000000 ... | |
17th | 01110111 01110111 01110111 | 77 77 77 | 100010 ... | ||
18th | 10001000 10001000 10001000 | 88 88 88 | 00 100000 ... | ||
19th | 10011001 10011001 10011001 | 99 99 99 | 0 100000 ... | 00 10000000 ... | |
20th | 10101010 10101010 10101010 | AA AA AA | 00 100 ... | 0 1000 ... | |
21st | 10111011 10111011 10111011 | BB BB BB | 00 101000 ... | ||
22nd | 11001100 11001100 11001100 | CC CC CC | 0 10… | 0000 10000000 ... | |
23 | 11011101 11011101 11011101 | DD DD DD | 0 101000 ... | ||
24 | 11101110 11101110 11101110 | EE EE EE | 0 100010 ... | ||
25th | 11111111 11111111 11111111 | FF FF FF | 0 100 ... | 000 100000 ... | |
26th | 10010010 01001001 00100100 | 92 49 24 | 00 100000 ... | 0 100 ... | |
27 | 01001001 00100100 10010010 | 49 24 92 | 0000 100000 ... | 100 100 ... | |
28 | 00100100 10010010 01001001 | 24 92 49 | 100,000 ... | 00 100 ... | |
29 | 01101101 10110110 11011011 | 6D B6 DB | 0 100 ... | ||
30th | 10110110 11011011 01101101 | B6 DB 6D | 100 ... | ||
31 | 11011011 01101101 10110110 | DB 6D B6 | 00 100 ... | ||
32 | (Coincidence) | (Coincidence) | |||
33 | (Coincidence) | (Coincidence) | |||
34 | (Coincidence) | (Coincidence) | |||
35 | (Coincidence) | (Coincidence) |
restrictions
IDE and SCSI hard drives now have their own logic, e. B. defective sectors can be tacitly marked as defective and no longer used. Old data could perhaps still be reconstructed on these.
In view of the development in writing methods for magnetic data carriers, the method in its entirety is only of historical importance today, since its development was aimed at coding methods that are no longer used, such as Modified Frequency Modulation (MFM) and Run Length Limited (RLL). With current writing and coding methods, due to the enormous increase in data density since 1996, it is assumed that significantly fewer overwrites are sufficient to prevent physical processing (with special hardware). In addition, the data blocks partially influence each other, which makes the evaluation difficult or even impossible.
Furthermore, modern file systems use so-called journaling , whereby a user cannot know where his data is written, so that a guaranteed overwriting of all data blocks of a file (without further kernel extensions) is impossible. This problem only occurs when files on a mounted file system are to be deleted. Deleting a (unmounted) partition or hard drive is, however, possible.
Web links
- Peter Gutmann: Secure Deletion of Data from Magnetic and Solid-State Memory. University of Auckland , July 22, 1996 (English).
- Peter Gutmann: cryptlib Encryption Toolkit. University of Auckland , June 16, 2004 (English).
- Harald Bögeholz: Secure deletion: overwrite once is enough. In: Heise online . January 16, 2009 .
Individual evidence
- ^ Peter Gutmann: Secure Deletion of Data from Magnetic and Solid-State Memory. University of Auckland , July 22, 1996, accessed April 14, 2020 .
- ↑ a b Craig Wright, Dave Kleiman, Shyaam Sundhar: Overwriting Hard Drive Data: The Great Wiping Controversy. (pdf; 487 kB) In: Information Systems Security. 4th International Conference, ICISS 2008. Ed. By R. Sekar, AK Pujari, October 21, 2008, pp. 243-257 , accessed on April 14, 2020 (English, ISBN 978-3-540-89861-0 ; doi : 10.1007 / 978-3-540-89862-7_21 ).
- ^ Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine: SP800-88 Rev. 1 Guidelines for Media Sanitization. (pdf; 532 kB) National Institute of Standards and Technology , December 15, 2014, accessed on April 14, 2020 (English).
- ^ A b Daniel Feenberg: Can Intelligence Agencies Read Overwritten Data? A response to Gutmann. National Bureau of Economic Research , July 21, 2003, accessed April 14, 2020 (English, German ).