Nature of Gutmann Lite

randomdata

New Member
Hello!

I just grabbed the latest Eraser and noticed the 'Gutmann Lite' listed as a new erasure method... but I can't find any information as to what lite entails.

Is this the Gutmann concepts only applied to modern harddrive types?

I remember reading about Gutmann saying that 35 is overkill on modern drives since they only use like 5 encoding methods these days.

Any information appreciated!
 

DavidHB

Active Member
I moved the post into this forum, because there is a great deal of relevant information here, produced by people who know a lot more about the subject than I do.

Curiously, neither Gutmann nor Gutmann Lite are described in the Eraser manual, perhaps because they are not formally recognised standards. The difference, AFAIK, is that the original method makes 35 passes, whereas the Lite method makes only 10.

Even 10 passes may be overkill. You will find on this forum links to documents that state that, with more modern (high density) disk technology at least, a single pass is sufficient to put data beyond practicable recovery. For my purposes, I am happy to use the 3pass HMG method for erasing files and folders and the default single pass for erasing free space (anything else takes too long).

David
 

forensics

New Member
GOST P50739-95

Hi!

Your software allows users to overwrite data using "GOST P50739-95" method, but GOST R 50739-95 (correct name of the document) does not have any requirements on number of passes and types of data to use for wiping (in other words, GOST R 50739-95 wiping method does not exist, it's a myth).

A method consisting of two passes with random data is defined by GTK Management Directive, not by the state standart.

See also:
http://www.forensicswiki.org/wiki/Talk: ... _Standards
 

DavidHB

Active Member
Re: GOST P50739-95

I'll leave Joel to comment on the substance of this message, but I'm moving the topic to Eraser Programming, as this is not a support query.

David
 

Joel

Active Member
Re: GOST P50739-95

Thanks for the input. Let me check.
 

jackjack

Member
DavidHB said:
Curiously, neither Gutmann nor Gutmann Lite are described in the Eraser manual, perhaps because they are not formally recognised standards. The difference, AFAIK, is that the original method makes 35 passes, whereas the Lite method makes only 10.
I'd be very interested in finding out more about the so called Gutmann Lite method. As far as I can see is is not a method that Gutmann him self came up with it just looks like someone is piggybacking on the name.

Typically there are two ways of implementing the Gutmann method, the 35 pass we all know and *love* ( :p ) and then the rarely if ever used method, sans random passes.

As was pointed out back in May, there is nothing documented and this does not appear to have changed. Can we get details of the wipe pattern for each of these 10 passes and why they were chosen?
 

DavidHB

Active Member
At an (educated) guess, the full Gutmann method will be that described his 1996 paper, discussed in this Wikipedia entry. That is certainly true of Eraser 5.

The 10-pass 'Lite' method will presumably use a representative subset of the methods uses in the full 35 pass method. Both are, for reasons given by Gutmann himself, almost certainly overkill. Gutmann makes it clear that the reasons often given for favouring the method he described are, pretty much, spurious. In those circumstances he would not wish the method to become a formal standard.

David
 

jackjack

Member
DavidHB said:
At an (educated) guess, the full Gutmann method will be that described his 1996 paper, discussed in this Wikipedia entry. That is certainly true of Eraser 5.

The 10-pass 'Lite' method will presumably use a representative subset of the methods uses in the full 35 pass method. Both are, for reasons given by Gutmann himself, almost certainly overkill. Gutmann makes it clear that the reasons often given for favouring the method he described are, pretty much, spurious. In those circumstances he would not wish the method to become a formal standard.
David, you could have just said you don't know instead of linking to the exact same page I did... ;) I am well aware of the ins and outs of the Gutmann 35 pass method and whether it is or isn't worthwhile (read my post history if needs be).

Unless I am missing something, the paper makes no mention of it, only 35 (22 leaving of random and dup passes) version. From a lackadaisical search of the interwebs the only other place that mentions it is in this sample Shredder.cs, of which the last two passes differing to the one implemented in Eraser.

I was really hoping for something explaining where this supposed 10 pass Gutmann method came from and why it was chosen to be included, not the age old "Gutmann is overkill" answer that gets given these days (and which I have said many times in the past).
 

DavidHB

Active Member
jackjack said:
David, you could have just said you don't know instead of linking to the exact same page I did... ;)
Oops, sorry. Another senior moment ... :oops:

jackjack said:
I was really hoping for something explaining where this supposed 10 pass Gutmann method came from and why it was chosen to be included
When Joel gets back from his busy life to post on the forum, he will be able to explain. What he has said is that Gutmann is the default method of file erasing because he feels that is what many users expect, and the overhead for file erasing on modern machines is not that great. Actually, I disagree with the latter point, because it its clear from support queries on the forum that some people do try to erase very large amounts of file/folder data at one go, and in that case the erasing method chosen will make a big difference. I don't know where the Gutmann Lite idea came from; the point I was making was that, as it has no formal status, I am not all that bothered.

Underlying all this (and I suppose more important than the 'overkill' point) is the fact that recent research, such as it is, indicates that the erasing method chosen is considerably less important than we once thought. If the best information we have suggests that a single pass is as effective as anything else, I might use, say, a three pass method (to allow for some element of doubt), but feel that ten passes is too much. In those circumstances, I respect but do not altogether share your interest in where particular methods came from.

David
 

Joel

Active Member
I believe that Gutmann Lite came from a submission somewhere (which I can no longer remember -- this was quite a while back during Overwriter's time) and I do agree with your analysis that there are few references, if any, to that scheme. Perhaps it would be more beneficial to remove it as there are no official documents to support that as an erasure method (granted: I should have done my homework instead of implementing blindly!)
 

DavidHB

Active Member
Joel said:
Perhaps it would be more beneficial to remove it as there are no official documents to support that as an erasure method
If it was in Eraser 5, I think users would expect it to be in Eraser 6. Perhaps what is needed, as jackjack is sensibly suggesting, is appropriate references to both Gutmann and Gutmann Lite in the Appendix to the manual, so that users know the origins and contents of these methods, and can make up their own minds.

David
 

jackjack

Member
joel said:
Perhaps it would be more beneficial to remove it as there are no official documents to support that as an erasure method (granted: I should have done my homework instead of implementing blindly!)
I would be inclined to suggest dumping Gutmann Lite altogether or at the very least renaming it as its name is a bit of a misnomer.

There is no evidence what so ever that Gutmann him self came up with it, that I can see. The only thing I can find that ties it to the 35pass Gutmann method is it happens to share a couple of the same patterns. I'll also mention what I said above, of the two implementations that called them selves "Gutmann Lite" they both differed on the last two passes.

As it is there's probably more than enough choices for the average user

DavidHB said:
If it was in Eraser 5, I think users would expect it to be in Eraser 6. Perhaps what is needed, as jackjack is sensibly suggesting, is appropriate references to both Gutmann and Gutmann Lite in the Appendix to the manual, so that users know the origins and contents of these methods, and can make up their own minds.
Gutmann Lite was not, to the best of my knowledge (two weeks is a long time), in Eraser 5 last time I used it. I was not suggesting anything really, I was asking a question.

If you want a suggestion, if more methods are going to be added, I would be inclined to focus on those that are documented as required by various agencies* such as the various British, Russian, German, US ones already included in Eraser. This way you give such agencies a valid reason to use the software.

Saying that, I'd not spend too much time what is already there is perfectly adequate (well maybe a null pass option by default in eraser would be handy, it really helps with compression of disk images).

DavidHB said:
Underlying all this (and I suppose more important than the 'overkill' point) is the fact that recent research, such as it is, indicates that the erasing method chosen is considerably less important than we once thought. If the best information we have suggests that a single pass is as effective as anything else, I might use, say, a three pass method (to allow for some element of doubt), but feel that ten passes is too much. In those circumstances, I respect but do not altogether share your interest in where particular methods came from.
David
I appreciate what you say, and as I've said I'm very much a proponent of a 1 pass is enough. The problem is I asked a question about the who, what, why, when, where of a particular method and you just went into auto pilot, ignored the question for all intents and purposes and regurgitate the old "one pass is enough line". If we can't ask mildly technical question or discuss an intrinsic part of eraser on the forum what is the point of having it, you may as well just dump all but the support section :)

* I have it in the back of my mind that I posted a list of various Govt required methods to the forum a while back so I'll can see if I find it.
 

DavidHB

Active Member
jackjack said:
I would be inclined to suggest dumping Gutmann Lite altogether or at the very least renaming it as its name is a bit of a misnomer ... There is no evidence what so ever that Gutmann him self came up with it, that I can see.
Fair point.

jackjack said:
DavidHB said:
Underlying all this (and I suppose more important than the 'overkill' point) is the fact that recent research, such as it is, indicates that the erasing method chosen is considerably less important than we once thought. If the best information we have suggests that a single pass is as effective as anything else, I might use, say, a three pass method (to allow for some element of doubt), but feel that ten passes is too much. In those circumstances, I respect but do not altogether share your interest in where particular methods came from.
David
I appreciate what you say, and as I've said I'm very much a proponent of a 1 pass is enough. The problem is I asked a question about the who, what, why, when, where of a particular method and you just went into auto pilot, ignored the question for all intents and purposes and regurgitate the old "one pass is enough line". If we can't ask mildly technical question or discuss an intrinsic part of eraser on the forum what is the point of having it, you may as well just dump all but the support section :)
No, not autopilot, but an honest recognition, for the benefit of all users of the forum, that people more expert than I have reported research results which come to a particular conclusion, and that (so far as I have been able to discover) no one has as yet reported any contrary conclusion. The words 'such as it is' were meant to refer to the facts that:
  • there is not a lot of published research;
  • there is always a possibility that there are people out there who know how to defeat erasures, but do not wish to advertise the fact.
Of course I do not mean to rubbish your query; that would be foolish as well as discourteous. At the same time, it is surely legitimate to seek to put a particular issue in context; the shadow of the Gutmann method (despite Gutmann's own forthrightly expressed views) still seems to be quite long.

David
 

Joel

Active Member
Alright, please do create a ticket in Trac to remind me (I see jackjack's been busy submitting tickets) as I will be tied up for... quite a while. Things have been getting rather out of hand lately.
 

Joel

Active Member
I've merged a similar post on another erasure method. I will remove both predefined ones at the same time.
 
Top