I need to implement Gutmann's algorithm for secure erasing some data in a database table. First of all, is it effective in a database?
I'm not sure about the 35 steps. For 1-4 and 32-35, it's clear, generate some random data. But the steps 5-31 I'm not sure. In the Wikipedia table there are given 3 bytes for a given step, these steps are run randomly, some of them are the same some differ. See the 8th step, in HEX: 49 24 92. Now let's say I have a column I want to erase whose length is 25 bytes. How do I go, in a 3 byte basis? What about the 25th byte?
Unfortunately, the problem is that the only way to securely erase data that resides on a disk is to "wipe" any unused sectors on the drive. This works okay for file-based solutions, as when you delete a file, the OS marks the sectors as being available (ie: unused) and consequently, you can wipe them.
The problem with a database, is that you do not have control over the actual file structure; the DB abstracts all that for you. So for instance, you might delete data from a column or a row in a db, but the depending on how the DB handles deletes, the sectors on which the data originally resided may still be marked in use by the DB. Since all data for the table remains as part of the same file (ie: the DB's persisted file state), there is no way to determine where that data originally lay on the disk, and furthermore, no way to ensure that the DB hasn't already reclaimed that space for something else.
Even if you were to securely write/erase/rewrite the same field in the DB there is no guarantee (and actually fairly unlikely) that the data would be written to the same sector on the drive.
All this being said, there have been several studies made which indicate that recovering deleted/overwritten data (as opposed to just freed sector space) from magnetic media is, although theoretically possible, highly problematic and unlikely to be successful.
Keep in mind that the principal of secure wiping of data change significantly when dealing with SSD (as the sectors in use can change to ensure even distribution of data writes) and even in some RAID devices.
Unfortunately, with SSDs, I do not know if there is any solution to ensure that all sectors have been completely cleaned. With RAID, you need to break the RAID and then secure wipe each drive independently to be sure.