Gutmann method
From Wikipedia, the free encyclopedia
The Gutmann method is an algorithm that is used to totally erase the contents of a given section, such as a file on a computer drive, for security. Devised by Peter Gutmann, it does this by writing a series of 35 patterns to the drive.
The selection of patterns assumes that the user doesn't know the encoding mechanism used by the drive, and so includes patterns designed specifically for several different types of drive. A user who does know can select only those patterns intended for their drive.
Contents |
[edit] Method
An overwrite session consists of a lead-in of four random write patterns, followed by patterns 5-31, executed in a random order, and a lead-out of four more random patterns.
Each of patterns 5-31 was designed with a specific magnetic media encoding scheme in mind, which each pattern targets. The end result is a sufficient garbling of the data on the drive that even the most advanced physical scanning of the drive is unlikely to be able to recover any data.
The series of patterns is as follows:
| Pass Number | Data Written | Encoding Scheme Targeted | |||
|---|---|---|---|---|---|
| In Binary notation | In Hexadecimal notation | ||||
| 1 | (Random) | (Random) | |||
| 2 | (Random) | (Random) | |||
| 3 | (Random) | (Random) | |||
| 4 | (Random) | (Random) | |||
| 5 | 01010101 01010101 01010101 | 55 55 55 | (1,7) RLL | MFM | |
| 6 | 10101010 10101010 10101010 | AA AA AA | (1,7) RLL | MFM | |
| 7 | 10010010 01001001 00100100 | 92 49 24 | (2,7) RLL | MFM | |
| 8 | 01001001 00100100 10010010 | 49 24 92 | (2,7) RLL | MFM | |
| 9 | 00100100 10010010 01001001 | 24 92 49 | (2,7) RLL | MFM | |
| 10 | 00000000 00000000 00000000 | 00 00 00 | (1,7) RLL | (2,7) RLL | |
| 11 | 00010001 00010001 00010001 | 11 11 11 | (1,7) RLL | ||
| 12 | 00100010 00100010 00100010 | 22 22 22 | (1,7) RLL | ||
| 13 | 00110011 00110011 00110011 | 33 33 33 | (1,7) RLL | (2,7) RLL | |
| 14 | 01000100 01000100 01000100 | 44 44 44 | (1,7) RLL | ||
| 15 | 01010101 01010101 01010101 | 55 55 55 | (1,7) RLL | MFM | |
| 16 | 01100110 01100110 01100110 | 66 66 66 | (1,7) RLL | (2,7) RLL | |
| 17 | 01110111 01110111 01110111 | 77 77 77 | (1,7) RLL | ||
| 18 | 10001000 10001000 10001000 | 88 88 88 | (1,7) RLL | ||
| 19 | 10011001 10011001 10011001 | 99 99 99 | (1,7) RLL | (2,7) RLL | |
| 20 | 10101010 10101010 10101010 | AA AA AA | (1,7) RLL | MFM | |
| 21 | 10111011 10111011 10111011 | BB BB BB | (1,7) RLL | ||
| 22 | 11001100 11001100 11001100 | CC CC CC | (1,7) RLL | (2,7) RLL | |
| 23 | 11011101 11011101 11011101 | DD DD DD | (1,7) RLL | ||
| 24 | 11101110 11101110 11101110 | EE EE EE | (1,7) RLL | ||
| 25 | 11111111 11111111 11111111 | FF FF FF | (1,7) RLL | (2,7) RLL | |
| 26 | 10010010 01001001 00100100 | 92 49 24 | (2,7) RLL | MFM | |
| 27 | 01001001 00100100 10010010 | 49 24 92 | (2,7) RLL | MFM | |
| 28 | 00100100 10010010 01001001 | 24 92 49 | (2,7) RLL | MFM | |
| 29 | 01101101 10110110 11011011 | 6D B6 DB | (2,7) RLL | ||
| 30 | 10110110 11011011 01101101 | B6 DB 6D | (2,7) RLL | ||
| 31 | 11011011 01101101 10110110 | DB 6D B6 | (2,7) RLL | ||
| 32 | (Random) | (Random) | |||
| 33 | (Random) | (Random) | |||
| 34 | (Random) | (Random) | |||
| 35 | (Random) | (Random) | |||
[edit] Criticism
Some have criticized Gutmann for claiming that intelligence agencies are likely to be able to read overwritten data.[1]
The delete function in most operating systems simply marks the space occupied by the file as reusable (removes the pointer to the file, without immediately removing any of its contents). At this point the file can be fairly easily recovered by numerous recovery applications. However, once the space is overwritten with other data, there is no known easy way to recover it. It cannot be done with software alone since the storage device only returns its current contents via its normal interface. Gutmann claims that intelligence agencies have sophisticated tools, among these electron microscopes, that, together with image analysis, can detect the previous values of bits on the affected area of the media (for example hard disk). This has not been proven one way or the other, and there is no published evidence as to intelligence agencies' current ability to recover files whose sectors have been overwritten.
Companies specializing in recovery from damaged media (for example Ibas) cannot recover completely overwritten files. These companies specialize in the recovery of information from media that has been damaged by fire, water or otherwise. No private data recovery company claims that it can reconstruct completely overwritten data.
Gutmann himself has responded to some of these criticisms and also criticized how his algorithm has been abused in an epilogue to his original paper, in which he states:
| In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now. |
[edit] Software implementations
- Eraser - Free open-source software that uses the Gutmann method
- Disk Utility - Software provided with Mac OS X that can securely erase a disk with the Gutmann algorithm
[edit] See also
[edit] External links
- Gutmann's original paper: "Secure Deletion of Data from Magnetic and Solid-State Memory"
- Can Intelligence Agencies Read Overwritten Data?, a refutation of Gutmann's claims.
