Jump to content

Secure erasing is probably not on all devices secure

Recommended Posts

Years ago (and retested with the current version of CDBurnerXP) I noticed that using the secure erase option on specific burner/media combinations makes the data track on the disc only a tiny bit more transparent (the last sample is an unformatted DVD-RW). Since the data track is still very good visible I'm wondering if and how reliable data could be recovered especially with better equipment from advanced forensic institutions.


On talking about this with another developer of burning software he told me he uses for his application the BLANK command (code A1h) to blank the disc. But he also told me he doesn't know exactly what the drive writes in this mode. I guess CDBurnerXP uses the same command. If so, it is probably not secure for some reasons:


- On trying to find some (vendor-specific) documentations the command seems to be described with varying detail. From what I have found some actions performed are described sometimes as optional or some media types can refuse to blank on media which the device thinks is already blank.

- To the user blanking reflects a potential undefined behavior while requesting actual data to securely overwrite the disc reflects a defined behavior. To make it clear what this means: Data burning casually on a disc proofs to any user that this action works as expected as the user sees that the data could be written succesfully (besides being a probably more used and well-tested command as blanking) while it is hard to actually verify for a user that full blanking worked successfully leaving more room for drive-specific errorneous/unsecure implementations.



If those concerns are more or less true it might make sense to improve the secure erase option to make it more secure. Alternatively options could be provided to choose between different variants like:

- Relying on the drives implementation of blanking

- Zeroing the disc by explicitly requesting the data to be written from the start to the end

- Randomizing the disc by explicitly requesting the randomly generated data to be written from the start to the end

Link to post
Share on other sites
On 2/17/2019 at 9:40 PM, floele said:

If I had to "secure" erase a disc, I would actually destroy it physically.

This is probably less secure than overwriting-only the disc as several fragments are going likely to be big enough to make a forensically extraction possible. In that case I would overwrite the disc first and then destroy it to be more secure. However, this will be more reliable as more secure the overwriting is being performed of course.

Link to post
Share on other sites
On 2/27/2019 at 1:00 AM, judas_iscariote said:

No such thing as secure erase for a well funded adversary

The conclusion based on this would be:

- Why one of the erasing options is exposed as being secure (for sensitive data) as it would give the user wrong expectations.

- If the secure full erasing should be still enhanced as solving the issues mentioned in the startpost might still make things better.

Link to post
Share on other sites

Well, you could call it "full erase" alternatively. Or "potentially secure erase". It's hard to simplify a complex matter using just a few words...

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.