IntroductionThis is one of those often debated things, how many passes to use with a deletion utility, what encryption standard to use, etc. For this I like to look at current government standards as a base line. Now if it's not super-sensitive data I consider this baseline to be "good enough". However, if you want to be "paranoid" I go with a double of it, "really paranoid" is, well, anything over that. So to me the first thing to address is why even LOOK at US Gov standards as a baseline?
Data ErasureThe U.S Government has spent massive amounts of money and resources on both securing its own data, and breaking into others. Note the end of that sentence: breaking into others' data. This is important, because if the government knows it can get data off say 5 sweeps with a F0 rewrite, it wouldn't use that as its "standard" when clearing its own sensitive information. This also means when you see a standard go up (for instance it used to be 8 rewrites and the disk could be used in non classified pc or even SOLD) they have figured out a flaw/vulnerability with the previous standard and are capable of getting at least some data theoretically from it. Since most here are looking to secure data are doing it because of the threat of a governments resources being applied to said data it is a good idea to use it as a baseline. One last thing on this, for those not familiar with previous policies degaussing/destruction was NOT always required, this again came about after someone found a way to theoretically still recover data despite even a massive amount of overwrites. how likely/possible this is is UNKNOWN (to the best of my knowledge). That being said, some of what is required is NOT feasible money-wise, like buying your own degausser and destruction apparatus or tech savvy wise, like building your own degausser and disk grinder.
Looking at data erasure we enter a few certain no-nos off the start: putting data that you might want to erase on a SSD is BAD. Do not do this unless you are 100% certain you have a way to get to the hard drive and destroy it. I mean like a way to melt it to slag (blow torch, petroleum jelly, thermite) before it can be taken from your possession. Until a data erasure method is discovered/marketed to wipe, these they are VERY vulnerable. That being said, using a tool like bcwipe on your platter-based HD is useful, so long as you don't do something like a single overwrite of 0s. This is how Bradley Manning got caught. If you see a site telling you "one over write is all you need" don't even bother visiting their site because they have NO clue about securing data. 8 passes using any modern scheme (bcwipe and other programs will have several choices, but I tend to choose DoD cleared methods, as explained above) is VERY secure, but not fullproof. I would say as of now that anything under 12 is far too prone to possible data leaks. This being said, even 200 could potentially leave data, which is why the government has started degaussing and destroying ALL hard drives that contain any confidential or greater information. Since I'm assuming you don't have several grand to throw around for the proper equipment, the next step in securing your data becomes paramount.
CryptographyEncryption is your friend! But how to choose? Well again this is where looking at why the government chose AES is important. It comes down to at the end of the day, their are not any really successful attacks to use against it. it is VERY secure (currently!). If it's secure enough for TS/SCI information to be encoded in it, I'm guessing your library of furry porn is also going to be safe. Remember the US Government is not worried about hackers reading its mail, its worried about places like China reading its mail, you know China, throwing BILLIONS a year at trying to do this. If the government could crack AES, it would assume china could (or would soon) too. So ignore older standards that are either low key length or known to have attacks against it. That being said, this is about PARANOIA man, and Truecrypt delivers protection in spades. it can encrypt your entire hard disk, encrypt data on the fly and has a number of VERY tough standards to choose from. At the end of the day, if you really want secure data, you need a program like Truecrypt. Now this is one of those amazing head up their asses moments, but the government does not currently encrypt its hard disks, it IS looking to start doing this. However as no current "guidelines" are out we have to try to base this on our own. I choose Truecrypt for a number of reasons: good features, free, 3 top end ways to encrypt your data as well as the ability to cascade those encryptions if you're like INSANELY paranoid. Basically, until quantum PCs hit the market in 20 years your data is secure.
Anyway, end of the day remember that erasure and encryption both have flaws. choosing the right level is up to the end user. I hope this helps people, if I missed something glaring let me know I'll make sure to add it. Below are a whole bunch of links for where im pulling all this from.
Glaring Ommision #1: When it comes to cooking a hard drive for destruction remember that heat destroys magnetic bonds. So even if you're using a 20$ torch from Lowe's it will still "destroy" the drive. For best effects oxy-acetylene is best as it burns hot enough to completly melt the platters. Still for those on low budget, or "good enough" a normal blowtorch will work fine.
P.S. I hope you realize that I do not condone keeping a bunch of thermite around to light your PC on fire to melt your hard drives
P.S.S. If you saw petroleum jelly and started thinking of Vaseline, the "slag" everything approach is not for you, and no I won't tell you how to make your own napalm :p.
Lots Of LinksData ErasureDSS Clearing and Sanitization Matrix: This outlines what needs to be done to any HDD/disk.
DoD 5220.22-M: Lots of info on how to handle classified data and its destruction
Bcwipe: The U.S Gov uses this for data erasure, it lists in the program what is "compliant" with federal standards, yes other programs exist that do this with more functionality, but its a good base line program to look at.
Wikipedia article on data remanence: gives some basics on the complications that arise with erasure, which is why the DoD switched to degaussing/erasure/degaussing/destruction for its drives. Again to the best of my knowledge, someone who has done a full say 12-15 passes should be ok, but their are wiggly bits that might be left over, that might be incriminating. NOTE THAT SSDs HAVE MAJOR ISSUES WITH CURRENT ERASURE PROGRAMS!
Cryptography Standards and StuffFIPS PUB 140-2: How the U.S government grades encryption standards and a whole lot more.
FIPS PUB 140-2U.S government replacing DES with AES as its "secure" standardAES standardTruecrypt: AES hard disk encryption
edit:kudos to fur for the reformat
