lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Jul 2005 20:31:08 -0400 (EDT)
From: Dana Hudes <dhudes@...-ip.info>
To: Jared Johnson <jaredsjazz@...oo.com>
Cc: focus-ms@...urityfocus.com, bugtraq@...urityfocus.com
Subject: Re: Peter Gutmann data deletion theaory?


The NSA disagree and have conducted laboratory tests.
I work for NYC as a unix admin (Solaris). We use the sun format purge to 
erase disks (that can be written to; drives that won't spin up or can't be 
written are another problem).

I guarantee that a sufficiently strong degausser will erase your 
data...along with the timing tracks and possibly burning out micromotors 
and ball bearings. Its a question of how many oersteds you need for the 
drive so that the magnetic field penetrates the housing (take out the 
platters and you have another situation entirely).

I don't have the site bookmarked at home but NIST or NSA have a site which 
reviews the degaussing equipment and other data erasure techniques.





On Wed, 20 Jul 2005, Jared Johnson wrote:

> All,
> 
> Do you all agree with Peter Gutman's conclusion on his theory that data can
> never really be erased, as noted in his quote below:
> 
> "Data overwritten once or twice may be recovered by subtracting what is
> expected to be read from a storage location from what is actually read. Data
> which is overwritten an arbitrarily large number of times can still be
> recovered provided that the new data isn't written to the same location as
> the original data (for magnetic media), or that the recovery attempt is
> carried out fairly soon after the new data was written (for RAM). For this
> reason it is effectively impossible to sanitise storage locations by simple
> overwriting them, no matter how many overwrite passes are made or what data
> patterns are written. However by using the relatively simple methods
> presented in this paper the task of an attacker can be made significantly
> more difficult, if not prohibitively expensive."
> 
> It seems that the perhaps the only real way to rid your Hard Drives of data
> is to burn them. 
> 
> I'd love to hear some thoughts on this from security and data experts out
> there.
> 
> 
> 
> 


Powered by blists - more mailing lists