lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: lcamtuf at ghettot.org (Michal Zalewski)
Subject: erase with magnet

On Sat, 3 Apr 2004, Tim wrote:

> I prefer using the free "wipe" utility, since it was written with
> advanced recovery techniques in mind.  (To install in debian, just run
> `apt-get install wipe'.)

I think you are all getting off-topic. The original poster asked about a
"hardware" method of removing the data without causing a permanent damage
to the disk, and is probably well aware of software alternatives - but
they simply do not fit certain applications:

  1) Multi-pass software wipe is incredibly slow; if you plan to zap a
     large number of disks (say, you are about to decommission an array),
     you would probably appreciate a method that does not take days.

  2) Software wipe has a number of problems; new research suggests that
     that established standards (or Gutmann's proposal) may be simply
     not sufficient, for example because of head positioning inaccuracies
     that may make some data simply nearly impossible to wipe entirely.

  3) Software wipe can be easily defeated by transparent smart
     mechanisms of modern drives (access optimization, write caching,
     bad sector relocation or inability to access damaged regions,
     etc).

So far, noone addressed his concerns - for some reason, he does not want
to go software, and he specifically asked for a method that makes it
possible to reuse the disk - so whacking it with a hammer, driving a nail
through, melting it and so forth is probably a silly suggestion.

Some folks made quite brave claims about inability to degauss a disk, one
guy even claiming the field needed to accomplish this could possibly kill
the operator, but this seems to be quite silly considering there is a
number of hardware degaussers for hard drives readily available on the
market, some of them certified and used by fairly reputable organizations:

http://www.periphman.com/degaussing/degaussers/v92.shtml

-- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2004-04-03 23:04 --

   http://lcamtuf.coredump.cx/photo/current/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ