In 1996, Peter Gutmann published a research paper that would become one of the most misunderstood documents in data security. His 35-pass overwrite method — designed for drive technologies already becoming obsolete at the time — took on a life of its own, becoming the go-to recommendation for anyone who wanted to be "really sure" their data was gone. Three decades later, the method persists in software tools and advice columns despite one inconvenient fact: Gutmann himself says you should not use it.
Key Takeaways:
- The Gutmann 35-pass method was designed for MFM/RLL drive encoding from the 1980s — technology that has not been manufactured in over 20 years
- Peter Gutmann himself added an epilogue calling the blind application of his method to modern drives "voodoo"
- A single overwrite pass is sufficient for modern HDDs per NIST 800-88 guidelines and peer-reviewed research
- Running 35 passes on a 1TB drive takes approximately 105 hours — over four days — with zero additional security benefit
- The Gutmann method is completely ineffective on SSDs due to wear leveling and over-provisioning
What Is the Gutmann Method?
The Gutmann method is a data sanitization technique that overwrites every sector of a hard drive 35 times using a specific sequence of data patterns. Unlike simpler methods that write all zeros or random data, the Gutmann method uses carefully chosen bit patterns in a specific order. The first four and last four passes write random data. The 27 passes in between write predetermined patterns — each pattern engineered to target a specific magnetic encoding technology.
These patterns were not arbitrary. Gutmann designed each one to exploit the physical characteristics of how specific drive technologies stored data magnetically. The theory was that even after an overwrite, residual magnetic traces from previous data could be read using specialized equipment like a magnetic force microscope (MFM). By overwriting with patterns specifically tuned to the encoding method, those residual traces could be neutralized.
The method was published alongside a companion analysis of how magnetic storage works at the physical level, and it became the academic foundation for concerns about data remanence — the idea that erased data leaves recoverable traces on magnetic media.
For a broader view of how this fits into the landscape of erasure standards, see our data erasure standards overview.
The 1996 Paper Explained
Peter Gutmann and Colin Plumb presented "Secure Deletion of Data from Magnetic and Solid-State Memory" at the Sixth USENIX Security Symposium in July 1996. The paper argued that standard deletion and even simple overwriting were insufficient to prevent data recovery from magnetic media, and proposed the 35-pass method as a countermeasure.
The core argument rested on how hard drives of that era encoded data. In the 1980s and early 1990s, drives used two primary encoding schemes:
- MFM (Modified Frequency Modulation): An encoding method that stored data by modulating the timing of magnetic flux reversals. MFM drives had relatively low data density and left measurable residual magnetism after overwriting.
- RLL (Run-Length Limited): A more efficient encoding that replaced MFM in many drives. RLL packed data more densely but still left predictable residual patterns that varied based on the data previously stored.
Gutmann's overwrite patterns were designed specifically to counteract the residual signatures left by these encoding methods. Different passes targeted different encoding schemes — this is why there are 35 passes rather than some round number. The full set covers MFM, RLL 2,7, and RLL 1,7 encoding variants.
The paper also discussed recovery using scanning tunneling microscopes and magnetic force microscopes — equipment that could theoretically read the faint magnetic traces left after an overwrite on these older drive technologies.
What the paper did not account for — and could not have, given the state of the art in 1996 — was how dramatically drive technology would change in the following decades.
Why It Doesn't Apply to Modern Drives
The fundamental problem with applying the Gutmann method to modern hardware is that the drives it was designed for no longer exist. Every hard drive manufactured since the late 1990s uses PRML (Partial Response, Maximum Likelihood) encoding or similar advanced read channel technologies. PRML changed the game in several ways that make the Gutmann patterns irrelevant:
Data density increased by orders of magnitude. Modern drives pack data so tightly that the physical area storing a single bit is far smaller than on MFM or RLL drives. The residual magnetic traces that Gutmann's method targeted become physically unmeasurable at these densities. A single overwrite on a modern drive leaves residual signals so faint they fall below the noise floor of any known measurement equipment.
Encoding changed entirely. PRML encoding processes the analog signal from the read head using digital signal processing techniques that bear no resemblance to MFM or RLL decoding. The specific bit patterns Gutmann designed to counteract MFM and RLL residuals have no special meaning when applied to PRML-encoded data. Writing these patterns is functionally identical to writing random data — 27 of the 35 passes accomplish nothing beyond what a random overwrite already does.
Track density made microscopy impractical. Even the theoretical microscopy-based recovery that Gutmann described has never been demonstrated on drives manufactured after the late 1990s. The track widths on modern drives are measured in nanometers, making the magnetic force microscope approach described in the 1996 paper impractical with any current or foreseeable technology.
Research confirms single-pass sufficiency. A 2008 study by Craig Wright, Dave Kleiman, and Shyaam Sundhar examined the probability of recovering data from a modern hard drive after a single overwrite. Their findings: the probability of recovering a single bit was only slightly better than a coin flip, and the probability of recovering a meaningful amount of data was effectively zero. NIST reached the same conclusion in SP 800-88, recommending a single overwrite as sufficient for the Clear sanitization level.
Bottom Line: The Gutmann method is a solution to a problem that no longer exists. On any hard drive manufactured in the last 25 years, 34 of the 35 passes are a complete waste of time. A single pass of random data or zeros achieves the same result. And on SSDs, all 35 passes are ineffective because overwriting cannot reach data stored in wear-leveled or over-provisioned areas of the flash memory.
What Gutmann Himself Says
Perhaps the most compelling argument against using the Gutmann method comes from Gutmann himself. After watching his 35-pass technique become a widely recommended security practice — applied indiscriminately to hardware it was never designed for — Gutmann added an epilogue to his paper that is remarkably blunt.
In his own words, Gutmann described the blanket application of his 35-pass method to modern drives as "voodoo." He wrote that the specific overwrite patterns were designed for drives using MFM and RLL encoding and that applying them to a modern PRML drive is pointless. For a current drive, he recommended simply overwriting with random data — not 35 passes of it, just a random overwrite.
This is a striking case of an author telling the world to stop misapplying his own research. Yet the myth persists. Security forums, IT guides, and even some corporate policies continue to recommend or require the Gutmann method, apparently unaware that its creator has explicitly disavowed its use on modern hardware.
The persistence of the 35-pass recommendation is a textbook example of how security practices can become disconnected from the technical reality they were originally based on. A method designed for specific hardware from the 1980s became a generalized "more is better" security ritual — exactly the kind of thinking Gutmann warned against.
How Many Passes Do You Actually Need?
The question of how many overwrite passes are necessary to securely erase a modern hard drive has a straightforward answer: one.
NIST SP 800-88 Rev. 2 (published September 2025) defines Clear-level sanitization as a single overwrite pass using a fixed data pattern, random data, or cryptographic erase, followed by verification. This is sufficient to protect against all software-based data recovery and most hardware-based recovery techniques on modern HDDs.
For Purge-level sanitization — which protects against laboratory-grade recovery — NIST recommends firmware-level commands (ATA Secure Erase, NVMe Sanitize) rather than additional overwrite passes. The distinction is not about how many times you overwrite but about reaching all areas of the drive, including those not accessible through normal write operations.
Here is how the pass counts stack up in practical terms for a 1TB hard drive (assuming roughly three hours per pass):
| Method | Passes | Estimated Time | Security Level |
|---|---|---|---|
| NIST 800-88 Clear | 1 | ~3 hours | Sufficient for modern HDDs |
| DoD 5220.22-M | 3 | ~9 hours | Obsolete — no additional benefit |
| HMG IS5 Enhanced | 3 | ~9 hours | UK government requirement only |
| Gutmann | 35 | ~105 hours (4.4 days) | No additional benefit over 1 pass |
The DoD 5220.22-M three-pass method is itself obsolete — the Department of Defense no longer references it and defers to NIST. If the DoD does not consider three passes necessary, 35 passes are beyond excessive.
For SSDs, the pass count is irrelevant. No amount of overwriting provides reliable sanitization of solid-state storage. The controller manages where data is physically written, and wear leveling means overwrite operations may not touch every flash cell that held data. Firmware-level commands are the only effective approach. See our guide to secure erasing SSDs for the correct procedure.
When (If Ever) to Use the Gutmann Method
There are very few scenarios where using the Gutmann method makes sense:
Legacy hardware. If you are somehow still operating or decommissioning drives that use MFM or RLL encoding — hardware from the 1980s or very early 1990s — the Gutmann method was designed for exactly that situation. In practice, encountering these drives in 2026 would be extraordinary.
Contractual or policy requirements. Some organizations have data destruction policies that specifically name the Gutmann method. If an auditor or contract requires "Gutmann 35-pass" by name and you cannot get the requirement updated, you may need to run it for compliance documentation regardless of its technical merit. In this situation, use a tool like KillDisk or BitRaser that supports the Gutmann method and generates a certificate showing the method was applied.
Psychological reassurance. This is not a technical reason, but it is a real one. Some users will not feel confident that their data is gone unless they run the maximum number of passes available. If spending four extra days on a wipe gives someone peace of mind, that is their choice — but they should understand it does not improve security on modern hardware.
For everyone else, follow current NIST 800-88 guidance and use a verified single-pass overwrite for HDDs or firmware-level sanitization for SSDs. Tools like DBAN and ShredOS can perform a single-pass overwrite for free. If you need erasure certificates for compliance, BitRaser generates them automatically.
For a complete rundown of your options, see our best data erasure software roundup.
Frequently Asked Questions
What is the Gutmann method?
The Gutmann method is a 35-pass data overwrite technique proposed by Peter Gutmann and Colin Plumb in a 1996 research paper. It writes a specific sequence of data patterns designed to defeat magnetic recovery techniques on MFM and RLL encoded hard drives — encoding technologies that have not been manufactured in over two decades.
Is the Gutmann method still necessary?
No. The Gutmann method is unnecessary for any modern storage device. It was designed for MFM and RLL drive encoding technologies from the 1980s and early 1990s. Modern drives use PRML encoding, which renders the specific Gutmann patterns meaningless. Even Peter Gutmann himself has said the 35-pass method is unnecessary for current hardware.
How long does a 35-pass Gutmann wipe take?
A 35-pass Gutmann wipe takes roughly 35 times longer than a single-pass overwrite. For a 1TB hard drive that takes about three hours for one pass, the full Gutmann method would require approximately 105 hours — over four days of continuous operation. For a 4TB drive, expect well over two weeks. This time investment provides no measurable security benefit on modern hardware.
Did Peter Gutmann say his own method is unnecessary?
Yes. In an epilogue added to his original 1996 paper, Gutmann explicitly warned against applying his 35-pass method blindly to modern drives. He described this practice as "voodoo" and stated that for a modern PRML drive, overwriting with random data is sufficient. He acknowledged that his patterns were designed for specific encoding technologies that no longer exist.
Does the Gutmann method work on SSDs?
No. The Gutmann method is entirely ineffective on SSDs. Solid-state drives use flash memory managed by a controller with wear leveling and over-provisioning, meaning overwrite operations cannot reach all stored data. SSDs require firmware-level commands like ATA Secure Erase, NVMe Sanitize, or cryptographic erase for proper sanitization.
How many overwrite passes do I actually need?
For modern hard drives, a single overwrite pass is sufficient according to NIST 800-88 guidelines and peer-reviewed research. Multiple studies have confirmed that data recovery from a modern drive after even one complete overwrite is not feasible with any known technology. For SSDs, overwriting is not the correct approach — firmware-level erase commands are required.
Why do some software tools still offer the Gutmann method?
Many data erasure tools include the Gutmann 35-pass option because it remains a widely recognized name. Some users still believe more passes equals more security, and software vendors include the option to satisfy that demand. However, selecting the Gutmann method wastes significant time without providing any measurable improvement over a single-pass or three-pass overwrite on modern hardware.
What should I use instead of the Gutmann method?
Follow NIST 800-88 Rev. 2 guidelines. For HDDs, a single verified overwrite pass meets the Clear standard. For SSDs and NVMe drives, use firmware-level sanitization commands. Tools like BitRaser, KillDisk, or the free DBAN and ShredOS can perform standards-compliant erasure far more efficiently than the Gutmann method.
Is a single overwrite pass really enough to prevent data recovery?
Yes. Research published by the National Institute of Standards and Technology and independent studies — including a well-known 2008 study by Craig Wright — have confirmed that recovering data from a modern hard drive after a single complete overwrite is not feasible with current or foreseeable technology. The theoretical risk that multi-pass methods address has never been demonstrated in practice on modern drives. For more details, see our article on whether data can be recovered after secure erase.
What encoding technologies was the Gutmann method designed for?
The Gutmann method was specifically designed for MFM (Modified Frequency Modulation) and RLL (Run-Length Limited) encoded drives that were common in the 1980s and early 1990s. These encoding methods stored data in ways that left residual magnetic traces recoverable with specialized equipment. Modern drives use PRML (Partial Response, Maximum Likelihood) encoding, which packs data far more densely and does not exhibit the same residual patterns.
The Bottom Line
The Gutmann 35-pass method is a historically significant piece of data security research that has been misapplied for decades. Its own creator calls the practice "voodoo" on modern drives. Follow NIST 800-88 instead: one verified overwrite pass for HDDs, firmware-level commands for SSDs. Save yourself days of unnecessary processing and read our complete guide to wiping a hard drive for current best practices.
Last updated: February 2026. We regularly review and update our guides to ensure accuracy.
Sources:
- Gutmann, Peter and Colin Plumb. "Secure Deletion of Data from Magnetic and Solid-State Memory," Sixth USENIX Security Symposium Proceedings, 1996. https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
- NIST Special Publication 800-88 Rev. 2, "Guidelines for Media Sanitization," September 2025. https://csrc.nist.gov/publications/detail/sp/800-88/rev-2/final
- Wright, Craig; Kleiman, Dave; Sundhar, Shyaam. "Overwriting Hard Drive Data: The Great Wiping Controversy," ICISS 2008. https://link.springer.com/chapter/10.1007/978-3-540-89862-7_21
- Gutmann, Peter. Epilogue to "Secure Deletion of Data from Magnetic and Solid-State Memory." https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html