| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 May 2010 16:08:45 -0400
From: Valdis.Kletnieks@...edu
To: Bipin Gautam <bipin.gautam@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Stealthier Internet access
On Wed, 26 May 2010 01:25:25 +0545, Bipin Gautam said:
Rest of article actually looks good at first glance, but this jumped out at me:
> > -Software disk Wiping:
> > Wipe KEY, header of your encrypted storage volume (first few mb, ref
> > specific manual) Ref using Peter Gutmann standard of data wipeing (35
> > wipes)
> > And wipe entire storage using U.S. DoD 5200.28-STD (7 wipes)
There is zero evidence that anybody is able to recover data after even a
single overwrite of /dev/zero on a disk drive made this century. Even in
the MFM days, Gutmann's recovery technique was difficult - today's densities
render it essentially impossible. Even if it's possible, if your threat model
includes the sort of organizations that could theoretically do it, maybe you
should be considering thermite rather than software wipes. Especially if
they're pounding on your door. ;)
I'm more than open to hear of any *confirmed* cases of data recovered after
even a single overwrite anytime after 1995. To date, I have not seen one.
Prove me wrong, guys. ;)
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists