So you seem to think that hard drive lifetime on consumer products coincides pretty closely with computer lifetime, that is; How long someone will have the computer?
Typical cheap consumer drives have a much shorter lifespan than the remainder of the system, assuming there's no physical abuse or extremes involved (e.g. exposure to vibration or extremes of temperature and humidity). The solid state electronics are often mostly capable of lasting for decades as long as they don't experience a catastrophic event (such as cooling failure), unless they were either junk quality or had a design / manufacturing defect. A traditional hard drive which is built cheaply will die in around 3–5 years, typically. The big capacitors in the power supply will probably die at around 6–10 years. With good thermal conditions and a kind environment, the low voltage electronics will outlast everything else. Frequent power cycling, and/or constant thermal cycling will shorten the life of everything.
So, yes, the cheap consumer hard drives will pretty much be towards the end of their expected service life in many consumer systems at the point where the system is replaced.
A good electronics repair shop can replace the big capacitors relatively cheaply when they die.
I am thinking this command is similar to dd
and that things of this nature are referred to in the documents pointed out earlier. What they mentioned in that document was that you cannot actually get at the entire drive, through what I think you called Pattern Wiping and they seem to refer to as Cryptographic Erase. Which I hadn't realized. I think this is where something like dd
would come in, or in the case of Solaris format?
Crypto erase in the NIST document is for cases where the magnetic bits are actually encrypted, and is a case of resetting or destroying the crypto keys to render the data unrecoverable without breaking the encryption.
Pattern wiping is an old technique to scrub the residual magnetic signature from unencrypted magnetic media. It involves repeatedly filling the media with some specific bit patterns which are designed to flip the magnetic bits back and forth in a way that makes the residual magnetic signature unrecoverable even for a state of the art forensics lab. Just zeroing the drive in a single pass (or a single pass of random data) makes it very hard to recover data, but is not necessarily sufficient to prevent a state of the art lab from recovering something.
Here is the actual text about overwriting from the NSA/NCSC book (NCSC-TG-025, version 2, 1991):
5.1.1 OVERWRITING
Overwriting is a process whereby unclassified data are written to storage locations that previously held sensitive data. To satisfy the DoD clearing requirement, it is sufficient to write any character to all data locations in question. To purge the AIS storage media, the DoD requires overwriting with a pattern, then its complement, and finally with another pattern; e.g., overwrite first with 0011 0101, followed by 1100 1010, then 1001 0111. The number of times an overwrite must be accomplished depends on the storage media, sometimes on its sensitivity, and sometimes on differing DoD component requirements. In any case, a purge is not complete until a final overwrite is made using unclassified data.
Here are the actual patterns used to implement the above by
Solaris 10 / Illumos format(1M):
Code:
/*
* These are the data patterns from the SunFed requirements document.
*/
static unsigned int purge_patterns[] = { /* patterns to be written */
0xaaaaaaaa, /* 10101010... */
0x55555555, /* 01010101... == UUUU... */
0xaaaaaaaa, /* 10101010... */
0xaaaaaaaa, /* 10101010... */
};
static unsigned int alpha_pattern = 0x40404040; /* 10000000... == @@@@... */
You might find something similar somewhere in OS X / Darwin source, as Apple's Disk Utility offers the following:
Writing over the data three times meets the U.S. Department of Energy standard for securely erasing magnetic media. Writing over the data seven times meets the U.S. Department of Defense 5220-22-M standard.
FreeBSD
dd(1) can't do that type of pattern wipe on its own. It can, however, be used to zero a drive, e.g.
dd if=/dev/zero of=/dev/ada0 bs=1m
.
Yes, all of the above only wipes the currently addressable blocks of a drive, so the bad blocks and spare blocks are untouched. For many non-NSA/DoD purposes, sanitising the currently addressable blocks is sufficient. The spare blocks should not be a problem on a traditional spinning drive, as they will never have been used for user data, but the bad blocks which went bad after leaving the factory will contain some tiny remnants of user data.
On drives that correctly implement the options, FreeBSD's
camcontrol(8) has a variety of drive erase options.