lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: seth at fogieonline.com (Seth Fogie)
Subject: erase with magnet

Glad you mentioned the Gutman note.

The subject is Magnetic Force Scanning Tunneling Microscopy and deals 
with very low level extraction of data. I looked into this a few months 
ago and asked Peter Gutman about it and this was his response:
 
"...with newer PRML/EPRML drives it's unlikely you can still recover 
much, and the
drives in use at the time I (Peter Gutman) wrote the article 
(early-mid'90s) have mostly
fallen out of use."

This is actually stated at the bottom of his article online at 
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html where he states:

" In the time since this paper was published, some people have treated 
the 35-pass overwrite technique described in it more as a kind of voodoo 
incantation to banish evil spirits than the result of a technical 
analysis of drive encoding techniques. As a result, they advocate 
applying the voodoo to PRML and EPRML drives even though it will have no 
more effect than a simple scrubbing with random data. In fact performing 
the full 35-pass overwrite is pointless for any drive since it targets a 
blend of scenarios involving all types of (normally-used) encoding 
technology, which covers everything back to 30+-year-old MFM methods (if 
you don't understand that statement, re-read the paper). If you're using 
a drive which uses encoding technology X, you only need to perform the 
passes specific to X, and you never need to perform all 35 passes. For 
any modern PRML/EPRML drive, a few passes of random scrubbing is the 
best you can do. As the paper says, "A good scrubbing with random data 
will do about as well as can be expected". This was true in 1996, and is 
still true now."

His article is a very interesting read :)

Seth


Valdis.Kletnieks@...edu wrote:

>On Sat, 03 Apr 2004 11:09:34 CST, Michael Cecil <macecil@...cast.net>  said:
>
>  
>
>>If you want to sanitize a drive and then reuse it, use a overwriting tool 
>>such as Autoclave <http://staff.washington.edu/jdlarios/autoclave/> or 
>>Eraser <http://www.heidi.ie/eraser/> and use the overwriting setting 
>>recommended by Gutmann 
>><http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html>.
>>    
>>
>
>Two notes:
>
>1) Gutmann's 35 passes were devised to stress the recording methodologies
>of the day.  Many of them are for encoding schemes not used anymore.
>
>2) Canadian RCMP TSSIT OPS-II says: "Must first be checked for correct functioning
>and then have all storage areas overwritten once with the binary digit ONE,
>once with the binary digit ZERO and once with a single numeric, alphabetic or
>special character, " (http://jya.com/rcmp2.htm)
>
>American DoD 5220-22.M says: "Overwriting all addressable locations with a
>character, its complement, then a random character and verify."  This is
>permitted for classifications up to SECRET.  It is not acceptable for
>TOP SECRET and higher.
>
>I have to conclude that *our* spooks are of the opinion that even 3 passes
>are sufficient to wipe out data thoroughly enough so that it's not worth it
>for the *other* spooks to try recovering 'Secret'...
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ