Is BleachBit's one pass overwrite good enough?


Further to the earlier discussion about BleachBit's one pass overwrite
functions and whether BleachBit should use more than one pass for it's over wrting pattern:

"Studies have shown that most of today’s
media can be effectively cleared by
one overwrite." ?

Some possibly useful resources on the issues being raised, though most cover complete disk erasing rather than selective file erasing or free space erasing from a disk or removable media.

I think most peoples everyday use of erasing programs is concerned with the erasing of individual or multiple files they choose, rather than wiping a disk or free space, so some caution is needed, because many computer systems like Windows use things like Volume Shadow Copy functions which automatically retain copies of files, including those thought to have been securely erased.

Forensic Data Recovery from Flash Memory

Guidelines for Media Sanitization Recommendations of the National Institute of Standards and Technology

"Studies have shown that most of today’s media can be effectively cleared by one overwrite."

Table A-1. Media Sanitization Decision Matrix

ATA Hard Drives:
- - - - - - - -
Overwrite media by using
agency-approved and
validated overwriting
- - - - - - - -

USB Removable
Media (Pen Drives,
Thumb Drives,
Flash Drives,
Memory Sticks)
with Hard Drives
- - - - - - - -
Overwrite media by using
agency-approved and
validated overwriting
- - - - - - - -

Glossary of terms
Writing patterns of data on top of the data stored on a magnetic medium.
NSA has researched that one overwrite is good enough to sanitize most drives.

Above doc refers to:
Center for Magnetic Recording Research (CMRR)

Which lists:

Secure Erase Q & A

"The CMRR minimum requirement for Enhanced secure erase is a two pass
random overwrite performed with the write heads slightly offset to the sides
of the data tracks during each writing pass, by 5-10% of the track width.

CMRR testing shows that multiple pass block overwrite utilities which attempt
to meet DoD 5220 can take days to execute, in a drive that can internally
Secure Erase itself in 30 minutes."

Data Destruction: Is One Pass Overwriting Enough?

I skimmed the "Forensic Data Recovery from Flash Memory" PDF, and I didn't see any weakness in the flash hardware. The weakness is in the flash memory file system, so this is similar to the kinds of problems you see on hard drives. When wiping an individual file, the number of passes doesn't matter if there was previous a copy (an old version) in some other location on the file system. To get rid of that other copy, the first thing you can do is wipe free space, but you are better off wiping the whole drive if you are worried about tiny portions (4K or less) being leaked through slack space.

By the way, the last link forwards to "Saying Goodbye to an Old (36″) Friend…" which seems unrelated

Andrew, lead developer

More issues on eraing files.

""Data on platter-based hard disks can be deleted by overwriting it. This ensures that the data is not recoverable by data recovery tools. This method is not working on SSDs as it is not possible to specify the location to overwrite.

Not sure on the significance of this article and how BleachBit manages these issues, as I am not sure if every time BLeachBit is run, one has to overwrite free space and whether free space erasing is adequate on SSDs.

I understand that SDD are common on Linux computers.

The issue with overwriting individual files on SSDs is not dramatically different than with HDDs. In either case, there are issues that prevent the individual file from being overwritten as the user hopes, and multiple passes won't help. In the case of HDDs, similar things happen not because of the hardware, but because of the file system, operating system, or application (and these issues also exist with SDDs). In either case (HDD or SDD), most of the old versions of any file can be cleared by using the "free disk space" option, but that option is very slow.

Then, there are some limitations to that method. If you need the security of the Department of Defense, you should physically destroy the drive.

Lately Solid State Disks are popular on netbooks.

Andrew, lead developer

A interesting article. I would agree for a personal computer this seems like a useful alternative to trashing your hard drive I'm not sure that I would risk it on important company data. While I'm not an expert I do know that the company I work for gets all its data destruction done by and we have our hard drives shredded. Something we've had done since we had a data leak from a supposedly wiped computer was used to access customer data.