A Detailed Layman’s Guide To Understanding The Underrated Document Shredder
Understanding The Document Shredder
If you have read our previous article where we introduced you to our favourite document shredders, you should understand the necessity of using document shredders in deleting sensitive information. However, you might be wondering about the 4 algorithms we mentioned in our previous article, so we’re here to break it down and introduce the basic Science behind it.
The workings of document shredders
Document shredders operate by overwriting the documents that you want to delete. A “data erasure standard” specifies the steps to be taken to ensure that the data is not recoverable. A shredding algorithm is the implementation of a data erasure standard, where the algorithm makes the data irrecoverable. Passes are a series of specific instructions the document shredder takes to securely delete your files. The number of passes specified in a shredding algorithm refers to how many times the data will be overwritten by the document shredder. The data that is used to overwrite the deleted files in each pass are defined by the algorithm. The difference between the many algorithms out there is just the time taken for each algorithm to do the same task. Typically, the higher the number of passes an algorithm has, the longer it takes for the shredder to finish doing its task.
A common misconception is that the more passes an algorithm has, the more secure it is. Recent studies have shown that for modern hard disks, one pass alone would suffice for most cases. Therefore, multiple passes doesn’t necessarily provide any additional benefits to the erasure of data. The impact of irrecoverability of the data itself using different algorithms is minimal, and so it’s not necessary to choose an algorithm with many passes to ensure irrecoverability.
For the layman, using tools like Recuva to verify that your files have been securely deleted should be more than enough to ensure that your data has been securely removed.
The limitations of software-based methods of data removal
There are no reliable software-based methods to erase data securely from flash-based storage devices (such as SSDs and thumbdrives). Algorithms and document shredders described in the previous article are developed for hard disks and do not take into account flash-based storage devices. A recommended method to mitigate this risk is to use full drive encryption, such as BitLocker for Windows users, FileVault for Mac users and VeraCrypt for Linux users. This encrypts your data to prevent people from recovering it.
Simplified guide to the 4 common shredding algorithms
Most algorithms out there aren't related to each other, even though some steps they take might be similar, with the exception of the US DOD 5220.22M algorithms. While there are many shredding algorithms out there, here’s just a simplified guide to 4 of the more common ones, namely Gutmann algorithm, US DOD 5220.22M(E) algorithm, US DOD 5220.22M(ECE) algorithm, and random data algorithm.
1. Gutmann algorithm
Firstly, we have the Gutmann algorithm, a well-known shredding algorithm with a whopping 35 passes, developed by Peter Gutmann in 1996 as a one-size-fits-all shredding algorithm for older magnetic disk storage devices.
The reason it has 35 passes is because certain passes were meant for different storage technologies in the past. Gutmann explained in his paper that not all passes in his algorithm needs to be done, only those specific to the storage device technology. However, many implementations of his algorithm combine all the passes into one algorithm as a one-size-fits-all algorithm. Deleting files using this algorithm would most likely take the longest out of all the other algorithms out there due to the sheer amount of passes.
2. US Department of Defense 5220.22-M(E) algorithm
The US DoD 5220.22-M standard is a famous data erasure standard by the US Department of Defense. There are two algorithm variants of this standard. The US DOD 5220.22M(E) algorithm is one variant, developed in 1995, which has 3 passes.
The first pass overwrites data with binary zeros, while the second pass overwrites the first pass with binary ones, and the third pass overwrites the second pass with random data. Binary is a numerical system that consists of only 0 and 1, but multiple binary numbers can be used to represent all sorts of digital data, such as characters, large numbers, including all the text you are reading now.
This variant takes a lesser amount of time to shred the same amount of data as its counterpart—the US DoD 5220.22M(ECE)—due to a smaller number of passes.
3. US Department of Defense 5220.22-M(ECE) algorithm
The other variant is the US DOD 5220.22M(ECE) algorithm, a 7 pass algorithm developed in 2001 that is an extended version of the DOD 5220.22M(E) algorithm. The 7 passes consist of the previous US DOD 5220.22M(E) algorithm passes, which is repeated two times with a random data overwrite pass sandwiched in between.
Although this DoD technique is not recommended for US governmental agencies now, it is still highly regarded by some organisations' internal policies and information security teams. Therefore, they might still use it.
4. Random algorithm
Last but not least, there is the Random algorithm. Like what its name suggests, the random algorithm uses random data obtained from a random data generator to overwrite data. This algorithm is typically the fastest amongst the four algorithms listed here as many document shredders have a default number of one pass for this algorithm. However, if you decide to go with similar or more passes than the other algorithms listed here, then it would take equally as long as those algorithms or even longer to securely delete your files.
An Amateur’s Guide To Document Shredders
Hopefully, this article has made you understand better document shredders and the 4 common algorithms covered here. The choice of your algorithm only affects the time taken to shred your files, not its irrecoverability if you are using a modern hard disk, which is probably what most of us would be using.
Cover image: Source