Gutmann - The Default Method
Previous  Top  Next



This method is based on Peter Gutmann's paper ôSecure Deletion of Data from Magnetic and Solid-State Memoryö. In chapter ôErasure of Data from Magnetic Mediaö he represents 27 deterministic passes that should overwrite the data despite drive encoding.

Pass   Pattern (binary, hex)   
1   01010101 01010101 01010101, 0x55    
2   10101010 10101010 10101010, 0xAA    
3   10010010 01001001 00100100, 0x92 0x49 0x24   
4   01001001 00100100 10010010, 0x49 0x24 0x92   
5   00100100 10010010 01001001, 0x24 0x92 0x49   
6   00000000 00000000 00000000, 0x00    
7   00010001 00010001 00010001, 0x11    
8   00100010 00100010 00100010, 0x22    
9   00110011 00110011 00110011, 0x33    
10   01000100 01000100 01000100, 0x44    
11   01010101 01010101 01010101, 0x55    
12   01100110 01100110 01100110, 0x66    
13   01110111 01110111 01110111, 0x77    
14   10001000 10001000 10001000, 0x88    
15   10011001 10011001 10011001, 0x99    
16   10101010 10101010 10101010, 0xAA    
17   10111011 10111011 10111011, 0xBB    
18   11001100 11001100 11001100, 0xCC    
19   11011101 11011101 11011101, 0xDD    
20   11101110 11101110 11101110, 0xEE    
21   11111111 11111111 11111111, 0xFF    
22   10010010 01001001 00100100, 0x92 0x49 0x24   
23   01001001 00100100 10010010, 0x49 0x24 0x92   
24   00100100 10010010 01001001, 0x24 0x92 0x49   
25   01101101 10110110 11011011, 0x6D 0xB6 0xDB   
26   10110110 11011011 01101101, 0xB6 0xDB 0x6D   
27   11011011 01101101 10110110, 0xDB 0x6D 0xB6   

These deterministic passes should be committed in random order to make it more difficult for an opponent to recover the data. Permutation should be done with cryptographically strong random number generator.
 
Eraser shuffles the pass array using its own cryptographically strong random number generator based on the one described in Dr. Gutmann's paper "Software Generation of Practically Strong Random Numbers". Tiger hash function by Ross Anderson and Eli Biham is used for mixing the entropy pool.  

It is also stated that the overwriting sequence can be slightly improved by performing random passes before and after the deterministic passes above.
 
Eraser writes four passes containing random data before and after writing the deterministic passes in random order, therefore ending up with total 35 passes. The data used in the random passes is created using the ISAAC pseudorandom number generator.  

This method is not suitable for erasing data on compressed drives, because some of the passes contain highly compressible data.


References:
Peter Gutmann, Secure Deletion of Data from Magnetic and Solid-State Memory
Tiger: A Fast New Hash Function

[